Search code examples
pythonshopee

Shopee affiliate open API return "Invalid Signature"

I have this code to get a list of items from shopee affiliate program. The code is quite straight forward.

import requests
import time
import hashlib

appID = APP_ID
secret = SECRET

# Set the API endpoint URL
url = "https://open-api.affiliate.shopee.com.my/graphql"

# Set the GraphQL query
body = """
{
  productOfferV2(
    listType:0
    sortType:5
  ) {
    nodes {
      commissionRate
      commission
      price
      productLink
      offerLink
    }
  }
}
"""
payload = {"query": body}

timestamp = str(int(time.time()))
factor = f'{appID}{timestamp}{payload}{secret}'
signature = hashlib.sha256(factor.encode()).hexdigest()


print(factor)

# Set the request headers
headers = {
    'Content-type':'application/json',
    'Authorization':f'SHA256 Credential={appID},Timestamp={timestamp},Signature={signature}'
}

# Send the POST request
response = requests.post(url, json=payload, headers=headers)

# Print the response
print(response.json())

after run I get this error

{'errors': [{'message': 'error [10020]: Invalid Signature', 'extensions': {'code': 10020, 'message': 'Invalid Signature'}}]}

I follow this:

https://ibb.co/q9JRB7h https://ibb.co/th99m4F

I already check the credential and timestamp is correct. The only thing left is the signature part.

Solution

  • I figured it out. The documentation might be lack of info but this is how i construct my payload

    payload = """
  {
  "query": "query Fetch($page:Int){
    productOfferV2(
      listType: 0, 
      sortType: 2,
      page: $page,
      limit: 50
    ) {
      nodes {
        commissionRate
        commission
        price
        productLink
        offerLink
      }
    }
  }",
  "operationName": null,
  "variables":{
    "page":0
    } 
  }
  """
  payload = payload.replace('\n','').replace(':0',f':{page}')
  timestamp = int(time.time())
  factor = appID+str(timestamp)+payload+secret
  signature = hashlib.sha256(factor.encode()).hexdigest()

  # Set the request headers
  headers = {
      'Content-type':'application/json',
      'Authorization':f'SHA256 Credential={appID},Timestamp={timestamp},Signature={signature}'
  }

  # Send the POST request
  response = requests.post(url,payload,headers=headers)

  data = response.json()
  return data['data']['productOfferV2']['nodes']

    I hope this answer will help someone that facing the same issue