Authenticating to Amazon Product API in ruby

So, the Amazon Product Advertising API (formerly known as Amazon E-Commerce API, formerly known as just Amazon Web Services back when it was the only one) will require a cryptographic signature on all requests in order to use it, after August 15th.

Here’s some ruby code to do that for you. Requires the ruby hmac gem.

It’s actually fairly simple code, you can view it in the Umlaut svn. And, turning over a new leaf in my shameful history of not writing unit tests, it’s actually got some unit tests.

Not really very much code, but does anyone think I should turn it into a free-standing gem?  If so, anyone want to tell me how to do that?  And, for non-Rails-specific gems, what’s the current best practice as far as what framework to use for included unit tests?

Oh, and even though it’s not very much code, it would have been a pain to figure out if I hadn’t just copied it from Chris Roos, thanks Chris!  The only issue with Chris’s code is it didn’t properly escape input before generating a signature according to Amazon’s specs; perhaps this wasn’t an issue with the sort of input you’d generally have with whatever other (not Product Advertising API) services Chris actually wrote his code for (or maybe those other Amazon services actually had a different escaping spec).

This entry was posted in General. Bookmark the permalink.

5 Responses to Authenticating to Amazon Product API in ruby

  1. Pingback: Alternatives to Amazon API « Bibliographic Wilderness

  2. jay says:

    Have you confirmed that this works? I get an error about passing an incorrect signature.

  3. Yep, I’ve been using it for months. (Even before August 15, you could optionally sign your requests, and I confirmed that if you signed them with the above code it worked, and if you signed them with a made up known bad signature, you got an error).

    Hmm, weird. I am actually currently on leave, I wonder if my production code is actually currently not working. Guess I’ll find out when I return.

    But no, here’s an example of my production app that’s still using the amazon product api:

    http://findit.library.jhu.edu/go/83777

    And that really is using exactly the code in the Umlaut svn I pointed to above. You sure you’re using a valid access_key/secret_key pair? Could you have the access key and secret key reversed?

    If you do debug it and figure out what wasn’t working for you, please do let me know.

  4. Mike says:

    Dubug has worked for me. Good luck

  5. zyc says:

    I get an error about signature

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s