I have a simple site that generates covers for CDs I burn from iTunes purchases and so on (it pre-dates widespread use of JS libraries, and is in much need of prettifying). The site uses Amazon Product Advertising API calls to search and retrieve album cover art and track listings. Since earlier this month, such API calls have to be cryptographically signed.
This is somewhat annoying — the site’s original design has it communicating independently with Amazon (using Amazon’s XSLT API feature to transform their XML data into JSON), and that’s no longer possible with the use of a private key. But it’s not unfixable. The site now sends its API call first to my server, which returns a signed version, and then forwards the signed call on to Amazon.
I found most of what I needed for this on Chris Roos’ blog, but his version still wasn’t quite working for me (the two problems I recall are that Ruby’s CGI.escape doesn’t quite follow Amazon’s requirements, and that times need converting to GMT).
Anyway, in case you’re looking to do the same, here’s what I ended up with:
You can test this locally by feeding key/value parameters to CGI, followed by Ctrl-D. These, for example:
amazon_endpoint=ecs.amazonaws.com amazon_path=/onca/xml js_callback=do_stuff Service=AWSECommerceService Version=2009-03-31 Operation=ItemSearch SearchIndex=Books Keywords=george+monbiot