CustomError: Client authentication failed - on every operation about amazon-sp-api HOT 23 CLOSED

Brilliant! It turns out our client did give us the refresh token from a different app. Thank you for all of your help!

from amazon-sp-api.

Hi @cs-pellsoftware,

the first error is definetly an issue with the client id or client secret being incorrect. You are right that you have to use the complete client id, including the "amzn1.application-oa2-client." part.

The second error is a step forward, it means that your configuration seems to be correct. This rather seems like an issue with the operation you are calling. Have you tried the getMarketplaceParticipations operation? That would be the easiest to test:

let res = await sellingPartner.callAPI({
  operation:'getMarketplaceParticipations'
});

Is that call working or do you receive the same error?

from amazon-sp-api.

@amz-tools Hey again - we started over because I realized we entered the User ARN instead of the Role ARN in the app settings. We have now created a second App using the Role ARN. We kept the same User and Role, but have new LWA credentials and Refresh token.

We're now receiving this error:

CustomError: Not authorized for requested operation at SellingPartner.refreshAccessToken (E:\Web Development Repos\sp-api\node_modules\amazon-sp-api\lib\SellingPartner.js:378:13) at processTicksAndRejections (internal/process/task_queues.js:93:5) at async SellingPartner._validateAccessTokenAndRoleCredentials (E:\Web Development Repos\sp-api\node_modules\amazon-sp-api\lib\SellingPartner.js:242:9) at async SellingPartner.callAPI (E:\Web Development Repos\sp-api\node_modules\amazon-sp-api\lib\SellingPartner.js:453:5) at async E:\Web Development Repos\sp-api\index.js:24:17 { code: 'unauthorized_client', type: 'error' }

This is a different error than what we received before. Let me know if you have any ideas

from amazon-sp-api.

Hi @cs-pellsoftware,

the error happens when the client tries to receive an access_token via https://api.amazon.com/auth/o2/token inside the refreshAccessToken function by using the LWA credentials and the refresh_token. The error unauthorized_client here probably means that the refresh_token isn't valid in combination with the LWA credentials. Are you sure you are using the correct refresh_token for the credentials or maybe still the old one?

from amazon-sp-api.

When i add the amzn1.application-oa2-client. to the front of the client_id...
I instead get

CustomError: Access to requested resource is denied. at SellingPartner.callAPI (E:\Web Development Repos\sp-api\node_modules\amazon-sp-api\lib\SellingPartner.js:503:13) at processTicksAndRejections (internal/process/task_queues.js:93:5) at async E:\Web Development Repos\sp-api\index.js:12:17 { code: 'Unauthorized', details: '', type: 'error' }

from amazon-sp-api.

Hey @amz-tools thanks for getting back to me. Good to know that the new error is 1 step further.

Yes, the operation that I'm calling is the getMarketplaceParticipations exactly as you have it written there. I followed the amazon directions step by step so I'm not sure what else it might be...

from amazon-sp-api.

Another guess: What region are you using? Because this is also the exact error that is returned if using a region that is not registered for the use with the app.

from amazon-sp-api.

@amz-tools interesting. I'm using "na", but I just tried the others to be sure.

Do you happen to know anything about Assuming Roles? That's the only other lead I have as to what could be happening here.

from amazon-sp-api.

Hm, if something would be wrong with that you should usually receive a different error like "... is not authorized to perform: sts:AssumeRole ...".

Are you using a self authorized refresh token?

from amazon-sp-api.

@amz-tools ahh interesting ok. That's good to know.

I believe so - I got the refresh token by doing Edit > Authorize in the developer central page and generating the refresh token. Do you suggest a different method for this?

from amazon-sp-api.

Nope, thats what I would have suggested. Then I guess I'm running out of ideas for the moment...

from amazon-sp-api.

@cs-pellsoftware, one more idea: Is your account a vendor account? Then you only have a subset of operations available, please see the last two answers for this closed issue.

from amazon-sp-api.

@amz-tools No i don't believe it's a vendor account. I tried just about every operation and get that same response for each.

Do you know if not having the App be published could be causing any issues? When I was attempting to work with the API directly, people suggested setting a version=beta parameter. not sure if that's relevant at all

from amazon-sp-api.

I had the same problem when my application wasn't configured correctly. The problem was in incorrect ARN used to create an application - https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md#step-6-register-your-application

from amazon-sp-api.

@cs-pellsoftware I know it works just fine in draft mode, at least if you are using your own self authorized refresh token. I don't think that Amazon has changed that.
Have you tried using the sandbox by setting use_sandox:true inside the constructor config options? Is it working?

from amazon-sp-api.

I had the same problem when my application wasn't configured correctly. The problem was in incorrect ARN used to create an application - https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md#step-6-register-your-application

@DeLaGuardo Thanks for your help. Can you explain what you mean here? Are you saying the user ARN wasn't correct?

from amazon-sp-api.

@amz-tools unfortunately that's not working either.

I guess my next step is just to start from the beginning with a new App and triple check everything.

from amazon-sp-api.

@amz-tools @DeLaGuardo

Do either of you know if the OAuth Login URI when creating the app can be causing issues? I wasn't sure if I needed to create that, so I did it. Maybe that's throwing off the authentication somehow?

from amazon-sp-api.

@cs-pellsoftware As far as I remember when we first started playing around with the SP-API we also didn't fill in any OAuth URIs, so its probably also not the issue.

from amazon-sp-api.

Hi @cs-pellsoftware
I have the same problem as yours, requests are denied.
By checking your response, did you change your sellercentral application by using Role ARN ?

from amazon-sp-api.

Hi @cs-pellsoftware
I have the same problem as yours, requests are denied.
By checking your response, did you change your sellercentral application by using Role ARN ?

Hey there - sorry for the slow reply.

My issue was ultimately using the wrong ARN. Once I switched to Role ARN (instead of user ARN) it worked. Let me know if you're still having issues and I can try to help.

from amazon-sp-api.

Thanks for your suggestion.
I switched to Role ARN and it works for a while, but suddenly the API response "unauthorized_client"
does anyone have same problem?

from amazon-sp-api.

Thanks for your suggestion. I switched to Role ARN and it works for a while, but suddenly the API response "unauthorized_client" does anyone have same problem?

@ytcitsupport-jlin you probably missed to update your session-token and the corresponding accessKeyId and secretKey

from amazon-sp-api.