请求亚马逊API用delphi：GOT HTTP / 1.1 403禁止 [英] Request to Amazon API with delphi : Got HTTP/1.1 403 Forbidden

问题描述

我不知道我的code是对还是错。 当我尝试运行出现程序错误403 ..

 单元1单元;
接口
用途
  Windows的消息，sysutils的，变体，类图形，控件，窗体，
  对话框，ssbase64，StdCtrls中，secutils，OmniXMLUtils，OmniXML，XMLDOM，
  XMLIntf，msxmldom，xmlDoc中，IdBaseComponent，IdComponent，IdTCPConnection，
  IdTCPClient，IdHTTP，IdURI;

类型
  TForm1 =类（TForm的）
    Button1的：TButton的;
    Memo1：TMemo控件;
    XMLDocument1：TXMLDocument的;
    IdHTTP1：TIdHTTP;
    Memo2：TMemo控件;
    Memo3：TMemo控件;
    过程Button1Click（发件人：TObject的）;
  私人
    {个人}声明
  上市
    {公开声明}
  结束;

变种
  Form1中：TForm1;
履行
{$ R * .DFM}
功能MyEn $ C $卷曲（来源：字符串）：字符串;
 变种我：整数;
 开始
   结果：='';
   对于i：= 1到长度（源）办
       如果不是（来​​源[I]中的['A'..'Z'，'A'..'Z'，'0'，'1'..'9'，' - '，'_'，'〜 '，'']），那么结果：=结果+'％'+ INTTOHEX（ORD（来源[I]），2）其他结果：=结果+源[I]
 结束;

程序TForm1.Button1Click（发件人：TObject的）;
变种
  uhost，URI，PUBLIC_KEY，PRIVATE_KEY，签名，时间戳，string_to_sign：字符串;
  要求：字符串;
开始
uhost：='ecs.amazonaws.com';
URI：='onca / xml的';
PUBLIC_KEY：='1ETPTJHQ37P671HNXXX';
PRIVATE_KEY：='j4JtMHQwL6wR39fy2CJgNfHibLjK9GsC5Z6XXXX';
时间戳：= MyEn $ C $卷曲（XMLDateTimeToStr（现在））;
string_to_sign：='AWSAccessKeyId = 1ETPTJHQ37P671HN9282';
string_to_sign：= string_to_sign + '&AssociateTag=moc-20&ItemPage=1&Keywords=kitchen%20aid&Operation=ItemSearch&ResponseGroup=Large&SearchIndex=Kitchen&';
string_to_sign：= string_to_sign +'服务= AWSECommerceService和放大器;时间戳='+时间戳;
string_to_sign：= string_to_sign +'和​​;版本= 2009-03-31';

Memo1.Clear;
Memo1.Lines.Append（'GET'）;
Memo1.Lines.Append（'ecs.amazonaws.com'）;
Memo1.Lines.Append（'/ onca / XML'）;
Memo1.Lines.Append（string_to_sign）;

签名：= StrToMime64（HMACString（haSHA256，PRIVATE_KEY，32，Memo1.Text））;
要求：='http://ecs.amazonaws.com/onca/xml?AWSAccessKeyId=1ETPTJHQ37P671HN9282';
请求：=请求+ '&AssociateTag=moc-20&ItemPage=1&Keywords=kitchen%20aid&Operation=ItemSearch&ResponseGroup=Large&SearchIndex=Kitchen&';
请求：=请求+'服务= AWSECommerceService和放大器;时间戳='+时间戳;
请求：=请求+'和;版本= 2009-03-31';
请求：=请求+'和，签名='+签名;

Memo1.Text：= IdHTTP1.Get（要求）;
结束;
结束。
 

任何机构可以跟踪我的错误？

  FYI ::
 德尔福7建立在印第安纳波利斯;
 使用OmniXML生成时间戳
 使用OpenStrSecII生成签名
 

解决方案

亚马逊居然发回一个XML文档precisely介绍为什么你得到了403错误。看到该消息的最简单的方法是使用小提琴手并设置您的印地HTTP使用 127.0.0.1 作为代理。这样，所有的流量经过提琴手，你会看到你送两个什么以及亚马逊回来了。

当我实现了我的REST API与亚马逊S3服务，我有一些问题搞清楚了典型头需要签署工作。令人高兴的是亚马逊的API向您发送回他们签约，以测试你的签名文本，这样你就可以比较逐字节，并找出如果你这样做是错误的。未能prepare那些正规头，正是因为他们是preparing这些标题显然会导致 403 。例如行分隔符亚马逊使用的换行符（＃10 ）。既然你把你的头在 TMemo控件，你会得到Windows风格CRLF分隔符。这仅仅是足以让你的code失败。

这是其他的事情，我有问题，与我的印地请求发送额外的头。我是继上线API的样品，看什么我应该送什么亚马逊应该回答的问题。提琴手是实际测试，看看我送，而不是什么我还以为是送的唯一途径。例如，我错误地使用 TIdHttp.Request.RawHeaders 来写我的自定义页眉，但这些标题得到刷新请求时，prepared。我应该写我的头以 TIdHttp.Request.CustomHeaders - 但没有小提琴手的帮助，我不知道我是不是实际发送我的头。我的code看着就好了。

I do not know my code is right or wrong. when i try to run a program error occurs 403..

unit Unit1;
interface
uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs,ssbase64, StdCtrls,secutils,OmniXMLUtils,OmniXML, xmldom,
  XMLIntf, msxmldom, XMLDoc, IdBaseComponent, IdComponent, IdTCPConnection,
  IdTCPClient, IdHTTP,IdURI;

type
  TForm1 = class(TForm)
    Button1: TButton;
    Memo1: TMemo;
    XMLDocument1: TXMLDocument;
    IdHTTP1: TIdHTTP;
    Memo2: TMemo;
    Memo3: TMemo;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;
implementation
{$R *.dfm}
function MyEncodeUrl(source:string):string;
 var i:integer;
 begin
   result := '';
   for i := 1 to length(source) do
       if not (source[i] in ['A'..'Z','a'..'z','0','1'..'9','-','_','~','.']) then result := result + '%'+inttohex(ord(source[i]),2) else result := result + source[i];
 end;

procedure TForm1.Button1Click(Sender: TObject);
var
  uhost,uri,public_key, private_key,signature,timestamp,string_to_sign : string;
  request : String;
begin
uhost  := 'ecs.amazonaws.com';
uri   := 'onca/xml';
public_key    := '1ETPTJHQ37P671HNXXX';
private_key     := 'j4JtMHQwL6wR39fy2CJgNfHibLjK9GsC5Z6XXXX';
timestamp     := MyEncodeUrl(XMLDateTimeToStr(now));
string_to_sign := 'AWSAccessKeyId=1ETPTJHQ37P671HN9282';
string_to_sign := string_to_sign+ '&AssociateTag=moc-20&ItemPage=1&Keywords=kitchen%20aid&Operation=ItemSearch&ResponseGroup=Large&SearchIndex=Kitchen&';
string_to_sign := string_to_sign+'service=AWSECommerceService&Timestamp='+timestamp;
string_to_sign := string_to_sign+'&Version=2009-03-31';

Memo1.Clear;
Memo1.Lines.Append('GET');
Memo1.Lines.Append('ecs.amazonaws.com');
Memo1.Lines.Append('/onca/xml');
Memo1.Lines.Append(string_to_sign);

signature := StrToMime64(HMACString(haSHA256, private_key, 32, Memo1.Text));
request := 'http://ecs.amazonaws.com/onca/xml?AWSAccessKeyId=1ETPTJHQ37P671HN9282';
request := request+ '&AssociateTag=moc-20&ItemPage=1&Keywords=kitchen%20aid&Operation=ItemSearch&ResponseGroup=Large&SearchIndex=Kitchen&';
request := request+'service=AWSECommerceService&Timestamp='+timestamp;
request := request+'&Version=2009-03-31';
request := request+'&Signature='+signature;

Memo1.Text := IdHTTP1.Get(request);
end;
end.

can any body trace my error??

FYI ::
 Delphi 7 with build in Indy;
 use OmniXML to generate timestamp
 use OpenStrSecII to generate signature

解决方案

Amazon actually sends back a XML document that precisely describes why you got the 403 error. The easiest way to see the message would be to use Fiddler and set up your Indy HTTP to use 127.0.0.1 as a proxy. That way all your traffic goes through Fiddler and you'll see both what you sent and what Amazon returned.

When I implemented my REST API to work with the Amazon S3 service I had some problems figuring out the "Canonical Headers" that need to be signed. Happily the Amazon API sends you back the text they're signing to test your signature, so you can compare that byte-by-byte and figure out if you're doing it wrong. Failure to prepare those "canonical headers" exactly as they're preparing those headers will obviously result in an 403. For example the line separator Amazon is using is LINEFEED (#10). Since you're putting your headers in a TMemo, you're going to get the Windows-style CRLF separator. That alone is enough for your code to fail.

An other thing I had problems with was sending the extra headers with my Indy requests. I was following the on-line API samples, looking at what I'm supposed to send and what Amazon is supposed to answer. Fiddler was the only way to actually test and see what I'm sending, as opposed to what I thought I was sending. For example I mistakenly used TIdHttp.Request.RawHeaders to write my custom headers, but those headers get flushed while the Request is prepared. I was supposed to write my headers to TIdHttp.Request.CustomHeaders - but without Fiddler's help I wouldn't know I'm not actually sending my headers. My code looked just fine.

这篇关于请求亚马逊API用delphi：GOT HTTP / 1.1 403禁止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！