我正在尝试与亚马逊销售合作伙伴 API (SP-API) 进行交互,以使用以下 Flask 应用程序发送招标请求。访问令牌已成功检索,但在向请求端点发出请求时,我收到一条未经授权的错误,并显示以下消息:
{
"error": {
"errors": [
{
"code": "Unauthorized",
"details": "The access token you provided is revoked, malformed or invalid.",
"message": "Access to requested resource is denied."
}
]
}
}
import boto3
import botocore
from botocore.auth import SigV4Auth
from botocore.awsrequest import AWSRequest
from botocore.credentials import Credentials
from flask import Flask, redirect, request, session, url_for, jsonify
import requests
app = Flask(__name__)
app.secret_key = 'test'
# OAuth credentials
CLIENT_ID = 'amzn1.application-oa2-client.XXXX'
CLIENT_SECRET = 'amzn1.oa2-cs.v1.XXXX'
REDIRECT_URI = 'https://example.com/callback'
AUTHORIZATION_URL = 'https://www.amazon.com/ap/oa'
TOKEN_URL = 'https://api.amazon.com/auth/o2/token'
SOLICITATIONS_URL = 'https://sellingpartnerapi-na.amazon.com/solicitations/v1/orders'
AWS_ACCESS_KEY_ID = "XXXX"
AWS_SECRET_ACCESS_KEY = "XXXX"
AWS_REGION = 'us-east-1'
def get_aws_credentials():
return Credentials(
access_key=AWS_ACCESS_KEY_ID,
secret_key=AWS_SECRET_ACCESS_KEY
)
@app.route('/')
def home():
return '<a href="/login">Login with Amazon</a>'
@app.route('/login')
def login():
scope = 'sellingpartnerapi::notifications'
auth_url = f'{AUTHORIZATION_URL}?client_id={CLIENT_ID}&scope={scope}&response_type=code&redirect_uri={REDIRECT_URI}'
return redirect(auth_url)
@app.route('/callback')
def callback():
code = request.args.get('code')
token_data = {
'grant_type': 'authorization_code',
'code': code,
'client_id': CLIENT_ID,
'client_secret': CLIENT_SECRET,
'redirect_uri': REDIRECT_URI,
}
token_response = requests.post(TOKEN_URL, data=token_data)
token_json = token_response.json()
session['access_token'] = token_json['access_token']
session['refresh_token'] = token_json['refresh_token']
return redirect(url_for('solicitations'))
def get_spapi_access_token():
refresh_token = session.get('refresh_token')
token_data = {
'grant_type': 'refresh_token',
'refresh_token': refresh_token,
'client_id': CLIENT_ID,
'client_secret': CLIENT_SECRET,
}
token_response = requests.post(TOKEN_URL, data=token_data)
token_json = token_response.json()
return token_json['access_token']
@app.route('/solicitations')
def solicitations():
access_token = get_spapi_access_token()
amazon_order_id = 'ORDER ID' # I put a real one
marketplace_id = 'ATVPDKIKX0DER'
solicitations_url = f'{SOLICITATIONS_URL}/{amazon_order_id}/solicitations/productReviewAndSellerFeedback?marketplaceIds={marketplace_id}'
headers = {'x-amz-access-token': access_token, 'content-type': 'application/json'}
request_obj = AWSRequest(method='POST', url=solicitations_url, headers=headers)
credentials = get_aws_credentials()
SigV4Auth(credentials, 'execute-api', AWS_REGION).add_auth(request_obj)
prepared_request = requests.Request(
method=request_obj.method,
url=request_obj.url,
headers=dict(request_obj.headers),
data=request_obj.body
).prepare()
response = requests.Session().send(prepared_request)
return jsonify(response.json()), response.status_code
即使成功检索到访问令牌,为什么我仍收到“未经授权”错误?
这可能是如何使用或签署招标请求的令牌的问题吗?
我已检查我在卖家中心的开发者资料是否已获得招标范围的批准。任何帮助解决此问题将不胜感激!
我尝试过的:
相反,我收到了未经授权 (403) 错误,并显示访问令牌“已撤销、格式错误或无效”的消息。
你想出来了吗?我有同样的问题