Search code examples
amazon-web-servicesapirestdelphi

Request to Amazon API with delphi : Got HTTP/1.1 403 Forbidden


I do not know my code is right or wrong. when i try to run a program error occurs 403..

unit Unit1;
interface
uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs,ssbase64, StdCtrls,secutils,OmniXMLUtils,OmniXML, xmldom,
  XMLIntf, msxmldom, XMLDoc, IdBaseComponent, IdComponent, IdTCPConnection,
  IdTCPClient, IdHTTP,IdURI;

type
  TForm1 = class(TForm)
    Button1: TButton;
    Memo1: TMemo;
    XMLDocument1: TXMLDocument;
    IdHTTP1: TIdHTTP;
    Memo2: TMemo;
    Memo3: TMemo;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;
implementation
{$R *.dfm}
function MyEncodeUrl(source:string):string;
 var i:integer;
 begin
   result := '';
   for i := 1 to length(source) do
       if not (source[i] in ['A'..'Z','a'..'z','0','1'..'9','-','_','~','.']) then result := result + '%'+inttohex(ord(source[i]),2) else result := result + source[i];
 end;

procedure TForm1.Button1Click(Sender: TObject);
var
  uhost,uri,public_key, private_key,signature,timestamp,string_to_sign : string;
  request : String;
begin
uhost  := 'ecs.amazonaws.com';
uri   := 'onca/xml';
public_key    := '1ETPTJHQ37P671HNXXX';
private_key     := 'j4JtMHQwL6wR39fy2CJgNfHibLjK9GsC5Z6XXXX';
timestamp     := MyEncodeUrl(XMLDateTimeToStr(now));
string_to_sign := 'AWSAccessKeyId=1ETPTJHQ37P671HN9282';
string_to_sign := string_to_sign+ '&AssociateTag=moc-20&ItemPage=1&Keywords=kitchen%20aid&Operation=ItemSearch&ResponseGroup=Large&SearchIndex=Kitchen&';
string_to_sign := string_to_sign+'service=AWSECommerceService&Timestamp='+timestamp;
string_to_sign := string_to_sign+'&Version=2009-03-31';

Memo1.Clear;
Memo1.Lines.Append('GET');
Memo1.Lines.Append('ecs.amazonaws.com');
Memo1.Lines.Append('/onca/xml');
Memo1.Lines.Append(string_to_sign);

signature := StrToMime64(HMACString(haSHA256, private_key, 32, Memo1.Text));
request := 'http://ecs.amazonaws.com/onca/xml?AWSAccessKeyId=1ETPTJHQ37P671HN9282';
request := request+ '&AssociateTag=moc-20&ItemPage=1&Keywords=kitchen%20aid&Operation=ItemSearch&ResponseGroup=Large&SearchIndex=Kitchen&';
request := request+'service=AWSECommerceService&Timestamp='+timestamp;
request := request+'&Version=2009-03-31';
request := request+'&Signature='+signature;

Memo1.Text := IdHTTP1.Get(request);
end;
end.

can any body trace my error??

FYI ::
 Delphi 7 with build in Indy;
 use OmniXML to generate timestamp
 use OpenStrSecII to generate signature

Solution

  • Amazon actually sends back a XML document that precisely describes why you got the 403 error. The easiest way to see the message would be to use Fiddler and set up your Indy HTTP to use 127.0.0.1 as a proxy. That way all your traffic goes through Fiddler and you'll see both what you sent and what Amazon returned.

    When I implemented my REST API to work with the Amazon S3 service I had some problems figuring out the "Canonical Headers" that need to be signed. Happily the Amazon API sends you back the text they're signing to test your signature, so you can compare that byte-by-byte and figure out if you're doing it wrong. Failure to prepare those "canonical headers" exactly as they're preparing those headers will obviously result in an 403. For example the line separator Amazon is using is LINEFEED (#10). Since you're putting your headers in a TMemo, you're going to get the Windows-style CRLF separator. That alone is enough for your code to fail.

    An other thing I had problems with was sending the extra headers with my Indy requests. I was following the on-line API samples, looking at what I'm supposed to send and what Amazon is supposed to answer. Fiddler was the only way to actually test and see what I'm sending, as opposed to what I thought I was sending. For example I mistakenly used TIdHttp.Request.RawHeaders to write my custom headers, but those headers get flushed while the Request is prepared. I was supposed to write my headers to TIdHttp.Request.CustomHeaders - but without Fiddler's help I wouldn't know I'm not actually sending my headers. My code looked just fine.