flex your info

For the past few months, I’ve received emails from Amazon reminding me that the Product Advertising API, formerly Amazon Associates Web Service, will require signed requests after August 15 of this year. (If any Amazon-related functionality you have on your website stops working then, this might be why.) From my understanding, this seems to encompass all calls, including calls to ItemLookup, which is primarily the way I’ve interacted with Amazon’s services.  I finally had some time today to sit down and figure out what this means for me–and it seems to be a bit of a mess!

The way that I’ve used Amazon’s services before is only through Yahoo Pipes, with my Rated New Fiction pipe and Similar Products pipe. These involve calls to Amazon’s ItemLookup functionality, which provides things like Author name, book cover, and rating information for a particular item. I also received an email from Cab Vinton, director of the Sanbornton Public Library in New Hampshire, with a great idea for a way to use Amazon to figure out whether donated books were high value or not.  I wanted to put something together in Yahoo Pipes for him, but I’ve put it off because I knew I had to deal with this signing thing, which seems to complicate things quite a bit.

The value of using Yahoo Pipes is that the pipes you create can be easily used by others. I don’t mean by accessing them (although that is one way people can use it), but by cloning a pipe and using it to create something new, that is potentially of even higher value than what you created.  Yahoo Pipes also makes it easier for people without programming backgrounds to dive in and create things. It provides simple methods for manipulating data, through filtering and sorting, and the visual presentation makes it easy to see the flow of information through the pipe.

One of the main drawbacks of Yahoo Pipes, however, is that it’s hard to do anything particularly complicated.  Amazon’s process for signing requests isn’t overly complicated and, in fact, they’ve provided an easy to follow list of the steps required to do authentication (in this case, for a REST request). Unfortunately, there’s no “apply SHA1 to a block of text” capability in Yahoo Pipes.

It seems as if the only way to do a signed request through Yahoo Pipes would be to create an external service that will apply SHA1 to a block of text. The problem there is that you have to pass the information back and forth, and there’s plenty of opportunity for error. In order to have a correct signature, you have to be careful about the encoding of the text block to be signed and the encoding of the signature itself.  At that point, it seems to me as if it would be easier to just create a web service in PHP (or your favorite programming language) to do all the work, without using Yahoo Pipes as a intermediary. The downside of creating your own web service is that the server isn’t maintained by Yahoo, plus you don’t get all the built-in manipulation benefits–you have to create them yourself.

I’m going to try it out today to see how hard it is to migrate my Rated New Fiction pipe and Similar Products pipe to PHP. Here’s are two good PHP examples I’ve found so far: PHP Example for Amazon Signed Request and Amazon® AWS HMAC signed request using PHP.  If that works out, I’ll try to tackle Cab’s idea.  And in the interest of making it so that people can use the code to do something new and exciting, I’ll make the source code available when it’s done.