From a bulk email I received from Amazon. Note well, if you use the Amazon products API, you may need to change your code in the next few months to have it keep working.
In actually a fairly annoying way. Every request must be cryptographically signed: “Calculate an RFC 2104-compliant HMAC with the SHA256 hash algorithm using the string above… For more information about this step, see documentation and code samples for your programming language.”
I’m not even sure what that means? It’s a pain. (Although fortunately there seems to be an existing ruby gem to do it). Amazon is apparently trying to lock down access to their API much more, and is fine making it significantly harder to use in the process (they’re probably right that most of us will jump through the hoops). Also, it looks like registration for an API key may require a credit card, which makes things trickier for folks like us — I’m not putting my personal credit card number in a library account, to find a giant bill for services ten years after I leave my employer!
Through our Associates Program, we pay out hundreds of millions of dollars per year to websites that advertise our products. Effective immediately, we are renaming the Amazon Associates Web Service as the “Product Advertising API.” This new name more accurately reflects the purpose of the API, which is to enable developers to advertise products offered on the Amazon sites and thereby receive advertising fees from us.
In addition to the new name, signatures will be necessary to authenticate each call to the Product Advertising API. This requirement will be phased in starting May 11, 2009, and by August 15, 2009, all calls to the Product Advertising API must be authenticated or they will not be processed. For pointers on how you can easily authenticate requests to the Product Advertising API, please refer to the developer guide, available here.
Finally, the terms and conditions governing your use of the service have been migrated to a separate Product Advertising API License Agreement, available here.
Except for the requirement that all requests be authenticated, the terms are substantially the same. If you obtain content through a data feed, your access to that data feed and use of that content will also be subject to the Product Advertising API License Agreement. By using the Product Advertising API or data feed, or content obtained through them, you are agreeing to the terms and conditions of the Product Advertising API License Agreement, and all uses of the API, data feed, or content must comply with that agreement.
The API agreement makes it more clear that Amazon evaluates ‘applications’ to use the API, and that:
Unsuitable applications include those that:
(a) do not have as their principal purpose advertising and marketing the Amazon Site and driving sales of products and services on the Amazon Site;
Note that the old agreement made that same “principal purpose” requirement. Hopefully they don’t plan on taking it any more seriously than they did before.