Amazon’s Product Advertising API

My fiance and I have a lot of movies. Well over 500. It costs so much to rent a movie for a night that it’s usually better to buy it for $5-$10 and keep it to watch again. So that’s what we do. And it’s left us with an awful lot of movies.

Recently, I decided that I needed to catalog all the movies. Not only because I often got the question, “do you have this movie I may borrow?” but more so in case of theft or natural disaster. A few years ago the apartment building I was living in at the time was struck by lightning. Bad enough that the fire department came out to use their fancy cameras to make sure there were no in-wall electrical fires. This electricity surge destroyed much of my audio/visual equipment. Luckily, I had renter’s insurance as was able to have everything replaced because I had kept receipts for everything. But I don’t keep receipts for small DVD/Blu-ray purchases. How would I get my precious movie collection back should it be stolen or destroyed?

I’ve had grand ideas before to make an online catalog of movies so that others can go see what I’ve got. But every time I started to make one, there was always this daunting task of actually populating the database with 400+ movies, their list price, description, and all the other stuff someone would want to know about a particular movie.

Delicious Library Screen ShotI found some other options this time around: one of the neatest ones is Delicious Library 2, a mac-only cataloging program with a web export. All the bells and whistles in this program (including the ability to use your web cam to scan UPCs and have them added directly to your collection) didn’t out weigh the extremely poor web export. However, it did make me start thinking about where it gets its data from once a UPC is scanned. Turns out it was Amazon. Now if I could harness the power that is the Amazon Product database, I could populate my movie collection database with the information from there simply by searching either by UPC or movie title. That was something I could get excited about!

After searching for what seemed like days, I finally found the most-recent version of the Amazon Product Advertising API (formerly the Amazon ECS, I think.) Because I absolutely hate writing CRUD (Create, Read, Update, Delete) operations for database records in PHP, any time that an application will rely heavily on them I tend to use cakePHP. This time was no different. I found a component that talked to Amazon at the cakePHP bakery. Unfortunately I had to do a lot of updating as it was using the 2006-09-11 version of the API and I wanted to use the most-recent, 2010-11-01, version. The main difference here was the addition of a security signature requirement. The simplest explianation of this type of API is that you have a public key which you send openly in the request. Your private key is used locally on your server to hash the whole request and send it to Amazon. Then Amazon’s server attempts to create the same hash on their server by looking up your private key based on the public key you sent them. If the hash matches, then you’ve made a properly authenticated API request. Sounds easy, right?

Unfortunately it was relatively hard to find documentation on how to actually create this signature with PHP. Luckily, I eventually figured it out. Here’s a simple request for looking up the movie “Elizabethtown” through Amazon’s Product Advertising API.

So You’ll see that it’s actually a really simple request. The hard part comes in creating that last Signature. But it’s your lucky day. I’ll show you just how to do it. First, we’ll need to take this array and build it into a url-encoded GET string to send to Amazon.

Now we’re got a nice URL encoded string ready to go. Note that this DOES NOT include the signature as we don’t yet know it. We still have to create it. Amazon wants a base64-encoded, Hash-based Message Authentication Code (HMAC) string built with the SHA-256 algorithm. Lucky for us, PHP gives us the function hash_gmac(string $algo, string $data, string $key [, bool $raw_output = false ]). We just have to plug in some values and we’ll be spit back the perfect signature for making our request.

About Jeff

Jeff is the Jelyco CTO and a developer. His passion lies in standards based coding and design with an emphasis on progressive enhancement. He's also a huge movie buff and enjoys spending time on his bikes in the summer and time in the wood shop in the winter.

2 Responses to Amazon’s Product Advertising API

Leave a Reply to Muskie Cancel reply

Your email address will not be published. Required fields are marked *