This repository is not an official Amazon PHP library for their SP API.
Stand With Ukraine | Stand With Us |
On Feb. 24, 2022, Russia declared an unprovoked war on Ukraine and launched a full-scale invasion. Russia is currently bombing peaceful Ukrainian cities, including schools and hospitals and attacking civilians who are fleeing conflict zones.
On Oct. 7, 2023, the national holiday of Simchat Torah, Hamas terrorists initiated an attack on Israel in the early hours, targeting civilians. They unleashed violence that resulted in at least 1,400 casualties and abducted at least 200 individuals, not limited to Israelis.
The main goal of this SDK is to provide SDK's for the Amazon SP API in a way that would let the application to pass Amazon audit.
Amazon audit might happen to systems that must access API endpoints with PII.
There are already few php sp api SDKs available for PHP however most of them comes with many issues of auto generated code.
- hardcoded dependencies like
guzzlehttp/guzzle
oraws/aws-sdk-php
- legacy code base (7.2)
- no logger
- SDK's are oriented around single seller which is not suitable for bigger systems
- missing or lacking support for
client_credentials
grant type - not all API covered
- no extensions
This library goal is to resolve all above mentioned issues.
composer require amazon-php/sp-api-sdk
This library is not in a stable stage yet, please use with caution.
branch | maintained |
---|---|
1.x | π« |
2.x | π« |
3.x | π« |
4.x | π« |
5.x | π« |
6.x | β |
7.x | β |
Version 1.x is deprecated becuase of the attempt to
make a little more sense of what Amazon is doing with using "tags" in their Open API specification.
This attempt failed and in order to keep Backward Compatibility promise, changes in the class names had to be
introduced in 2.x.
Version 1.0 is not going to be updated anymore, please migrate to version 2.0 that will stay consistent with Amazon Models
Branch 3.x comes with BC breaks introduced by Amazon in
Catalog Item models.
Until old model won't go away, branches 2.x and 3.x should be maintained in parallel.
4.x comes with BC breaks in following Amazon api models:
- Listings
- Reports
- Vendor
- Direct Fulfillment Shipping
- Direct Fulfillment Orders
- Direct Fulfillment Transactions
5.x moves to Catalog Item API version 2022-04-01 which is replacing version 2020-12-01. Additionally, uuid used to generate correlation identifiers was replaced with IdGenerator interface that by default is using php internal uniqid(). This change allowed us to drop one additional dependency. Some minor adjustments were made in the template files for models/api.
6.x comes with changes to the Fulfillment Inbound API as well as other additions and removals.
- Additions
- Fulfillment Inbound API v2024-03-20
- This is a major change. The
v2024-03-20
version takes the place of theV0
version in namespace whereas theV0
version SDK is nowFulfillmentInboundV0SDK
and theV0
models are within theModel\FulfillmentInboundV0
directory.
- This is a major change. The
- Amazon Warehousing and Distribution API v2024-05-09
- Application Management API v2023-11-30
- Fulfillment Inbound API v2024-03-20
- Removals
- Authorization API
- FBA Small and Light API
- You can retrieve the new fees for affected products by using the Product Fees API and/or the relevant FBA and Referral Fee reports.
SellingPartnerSDK - Facade for all SDK's
- APlusSDK
- ApplicationManagement
- CatalogItemSDK
- FBAInboundSDK
- FBAInventorySDK
- FulfillmentInboundV0SDK
- FulfillmentInboundSDK
- FeedsSDK
- FinancesSDK
- FulfillmentOutboundSDK
- ListingsItemsSDK
- MessagingSDK
- NotificationsSDK
- OrdersSDK
- Shipment/OrdersSDK
- ProductFeesSDK
- ProductPricingSDK
- ProductTypesDefinitionsSDK
- ReportsSDK
- SalesSDK
- SellersSDK
- ServicesSDK
- ShipmentInvoicingSDK
- ShippingSDK
- SolicitationsSDK
- TokensSDK
- UploadsSDK
- WarehousingAndDistributionSDK
- VendorSDK
In order to start using SP API you need to first register as a Developer and create application. Whole process is described in Amazon Official Guides.
Amazon recommends to use Role IAM when creating application however this requires and additional API request in order to obtain access token. It's easier to use User IAM and just make sure that the user has following Inline Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:*:*:*"
}
]
}
Example of changing refresh token into access token.
<?php
use AmazonPHP\SellingPartner\OAuth;
use AmazonPHP\SellingPartner\Configuration;
use AmazonPHP\SellingPartner\HttpFactory;
use Buzz\Client\Curl;
use Nyholm\Psr7\Factory\Psr17Factory;
use Psr\Log\NullLogger;
$factory = new Psr17Factory();
$client = new Curl($factory);
$oauth = new OAuth(
$client,
$httpFactory = new HttpFactory($factory, $factory),
$config = Configuration::forIAMUser(
'lwaClientId',
'lwaClientIdSecret',
'awsAccessKey',
'awsSecretKey'
),
new NullLogger()
);
$accessToken = $oauth->exchangeRefreshToken('seller_oauth_refresh_token');
<?php
use AmazonPHP\SellingPartner\OAuth;
use AmazonPHP\SellingPartner\Configuration;
use AmazonPHP\SellingPartner\HttpFactory;
use AmazonPHP\SellingPartner\STSClient;
use Buzz\Client\Curl;
use Nyholm\Psr7\Factory\Psr17Factory;
use Psr\Log\NullLogger;
$factory = new Psr17Factory();
$client = new Curl($factory);
$sts = new STSClient(
$client,
$requestFactory = $factory,
$streamFactory = $factory
);
$oauth = new OAuth(
$client,
$httpFactory = new HttpFactory($requestFactory, $streamFactory),
$config = Configuration::forIAMRole(
'lwaClientID',
'lwaClientIdSecret',
$sts->assumeRole(
'awsAccessKey',
'awsSecretKey',
'arn:aws:iam::.........'
)
),
new NullLogger()
);
$accessToken = $oauth->exchangeRefreshToken('seller_oauth_refresh_token');
99% of code in this library is auto generated from Amazon Selling Partner API Models using OpenAPI Generator tool. Output is later automatically upgraded by RectorPHP to PHP 7.4 version and finally coding standards are also automatically unified by PHP CS Fixer.
Requirements:
In oder to regenerate code (for example when API definitions change), execute following code:
composer generate
<?php
use AmazonPHP\SellingPartner\Marketplace;
use AmazonPHP\SellingPartner\Regions;
use AmazonPHP\SellingPartner\SellingPartnerSDK;
use Buzz\Client\Curl;
use AmazonPHP\SellingPartner\Exception\ApiException;
use AmazonPHP\SellingPartner\Configuration;
use Monolog\Handler\StreamHandler;
use Monolog\Logger;
use Nyholm\Psr7\Factory\Psr17Factory;
require_once __DIR__ . '/vendor/autoload.php';
$factory = new Psr17Factory();
$client = new Curl($factory);
$configuration = Configuration::forIAMUser(
'lwaClientId',
'lwaClientIdSecret',
'awsAccessKey',
'awsSecretKey'
);
$logger = new Logger('name');
$logger->pushHandler(new StreamHandler(__DIR__ . '/sp-api-php.log', Logger::DEBUG));
$sdk = SellingPartnerSDK::create($client, $factory, $factory, $configuration, $logger);
$accessToken = $sdk->oAuth()->exchangeRefreshToken('seller_oauth_refresh_token');
try {
$item = $sdk->catalogItem()->getCatalogItem(
$accessToken,
Regions::NORTH_AMERICA,
$asin = 'B07W13KJZC',
$marketplaceId = [Marketplace::US()->id()]
);
dump($item);
} catch (ApiException $exception) {
dump($exception->getMessage());
}
Default log level is set up to DEBUG, but it can be changed in configuration to any other level for all operations in all APIs or only for given operation in given API.
$configuration->setDefaultLogLevel(\Psr\Log\LogLevel::INFO);
Specific API's or only given operations can be also excluded from logging (for example APIs with PII or sensitive data).
$configuration->setLogLevel(CatalogItemSDK::API_NAME, CatalogItemSDK::OPERATION_GETCATALOGITEM, LogLevel::INFO);
$configuration->setSkipLogging(TokensSDK::API_NAME);
$configuration->setSkipLogging(AuthorizationSDK::API_NAME, AuthorizationSDK::OPERATION_GETAUTHORIZATIONCODE);
Finally, you can also ignore specific headers when logging http request/response. By default, configuration is set to ignore following sensitive authorization headers:
'authorization',
'x-amz-access-token',
'x-amz-security-token',
'proxy-authorization',
'www-authenticate',
'proxy-authenticate',
you can also add your own ignored headers:
$configuration->loggingAddSkippedHeader('some-sensitive-key');
Each SDK allows you to register custom extensions executed before and after sending API requests.
<?php
$configuration->registerExtension(new class implements \AmazonPHP\SellingPartner\Extension {
public function preRequest(string $api, string $operation, RequestInterface $request): void
{
echo "pre: " . $api . "::" . $operation . " " . $request->getUri() . "\n";
}
public function postRequest(string $api, string $operation, RequestInterface $request, ResponseInterface $response): void
{
echo "post: " . $api . "::" . $operation . " " . $request->getUri() . " "
. $response->getStatusCode() . " rate limit: " . implode(' ', $response->getHeader('x-amzn-RateLimit-Limit')) . "\n";
}
});
Sandbox mode can be turned on using configuration:
$configuration->setSandbox();
Some APIs endpoints are covered in functional tests.
To run tests that are using sandbox mode, you need to create .env
file and populate it with your credentials:
cp .env.dist .env
Then you can enter composer test:functional
te execute sandbox test suite.