[erlang-questions] Amazon API -- Lookup by ISBN

Bob Ippolito bob@REDACTED
Thu Apr 9 23:34:51 CEST 2015


This answers everything you need to know about how to get a secret key, one
click away from the page about signatures that you linked to:
http://docs.aws.amazon.com/AWSECommerceService/latest/DG/AWSCredentials.html

Erlang type specs are described here:
http://erlang.org/doc/reference_manual/typespec.html

When you see `sometype() = foo | bar | baz` then you know that when you see
`sometype()` then you know that the only valid values are those three
atoms, `foo`, `bar`, or `baz`.

The two iodata parameters to hmac/3 are named Key and Data. Key is the
secret key, and Data is the string to sign (what else could it be?).

The other hmac functions you found are just the lower-level bits that you
could use to implement your own version of hmac/3, the most common use case
would be to stream data into it rather than to provide all of Data
up-front. hmac/3 is the right choice because the documentation says it does
exactly what you're trying to do: "Computes a HMAC".


On Thu, Apr 9, 2015 at 1:03 PM, <lloyd@REDACTED> wrote:

> Hi Bob,
>
> This helps.
>
> I still find the crypo docs confusing, however. With help from the list I
> see that I need hmac/3, but when I first looked at crypto I saw six
> functions referencing hmac which led to the question, which one do I need?
> When I looked at hmac/3 the first two parameters were quite mysterious. I
> see that Type is hash_algorithms(), go to top of page to find
> hash_algorithms() and see SHA256 but it's not clear to me--- is that what I
> plug into the function? Then I see that Key is iodata(). OK, I know what
> iodata() is but it could be anything between square brackets... So, is the
> SecretKey something I just make up out of thin air?
>
> I hope you can see the difficulty and frustration that confronts one
> encountering these functions for the first time. I did look for tutorials
> and examples, but found nothing that cleared away the fog.
>
> Tell you what, if you're willing to take the time to mentor me, I'll write
> up a tutorial that may help the next noobie down the line.
>
> Thanks again,
>
> Lloyd
>
>
>
> hmac(Type, Key, Data)
> -----Original Message-----
> From: "Bob Ippolito" <bob@REDACTED>
> Sent: Thursday, April 9, 2015 3:33pm
> To: "Lloyd Prentice" <lloyd@REDACTED>
> Cc: "ayodele abejide" <abejideayodele@REDACTED>, "Erlang Questions" <
> erlang-questions@REDACTED>
> Subject: Re: [erlang-questions] Amazon API -- Lookup by ISBN
>
> They give you examples in the documentation, rather than worrying about
> what that RFC means you can just try crypto:hmac/3 and see if it works
> (hint: it does).
>
> 1> base64:encode(crypto:hmac(sha256, <<"1234567890">>, <<"GET\
> nwebservices.amazon.com
>
> \n/onca/xml\nAWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&AssociateTag=mytag-20&ItemId=0679722769&Operation=ItemLookup&ResponseGroup=Images%2CItemAttributes%2COffers%2CReviews&Service=AWSECommerceService&Timestamp=2014-08-18T12%3A00%3A00Z&Version=2013-08-01">>)).
> <<"j7bZM0LXZ9eXeZruTqWm2DIvDYVUU3wxPPpp+iXxzQc=">>
>
> This matches their example:
> j7bZM0LXZ9eXeZruTqWm2DIvDYVUU3wxPPpp+iXxzQc=
>
> -bob
>
> On Thu, Apr 9, 2015 at 12:22 PM, <lloyd@REDACTED> wrote:
>
> > Hi Ayo,
> >
> > Looks cool. I'll give it spin. Thanks.
> >
> > Meanwhile, taking Darach Ennis suggestion to use the Library of Commerce
> > db, I came up with this:
> >
> > https://gist.github.com/anonymous/dd9846ef1cb2826f59da
> >
> > Bob Ippolito, I did put effort into trying to build it-- put half a day
> > into it and got 98% of the way there before I got stuck. Why stuck? I
> > simply could not understand the rather cryptic crypto documentation
> > sufficiently to "Calculate an RFC 2104-compliant HMAC with the SHA256
> hash
> > algorithm". This could speak to my mental shortcomings, lack of
> experience,
> > or heavens, could it be that the documentation could use elaboration and
> > better examples? I appreciate your encouragement to work it out and I
> try.
> > But code is just that, code, unless you have the keys to the kingdom.
> > Nevertheless, I appreciate your response.
> >
> > Best to all,
> >
> > Lloyd
> >
> > -----Original Message-----
> > From: "ayodele abejide" <abejideayodele@REDACTED>
> > Sent: Thursday, April 9, 2015 2:20pm
> > To: "Bob Ippolito" <bob@REDACTED>
> > Cc: "Lloyd Prentice" <lloyd@REDACTED>, "Erlang Questions" <
> > erlang-questions@REDACTED>
> > Subject: Re: [erlang-questions] Amazon API -- Lookup by ISBN
> >
> > I played around with implementing this:
> >
> > https://gist.github.com/bjhaid/5d3c58aca0dbee0d96fd
> >
> > PS: It's not tested outside of erl, and was a lunch time hacking.
> >
> > BR,
> >
> > Ayo
> >
> >
> > On Thu, Apr 9, 2015 at 12:44 PM, Bob Ippolito <bob@REDACTED> wrote:
> >
> > > I'm sure they're just trying to keep tabs on who uses the API so that
> > they
> > > can implement rate limiting and such to prevent third parties from
> > scraping
> > > the entire database or adversely affecting performance for everyone
> else.
> > > This actually looks like one of the simpler APIs to implement, since
> it's
> > > just in the query string, and the signature is using standard
> algorithms.
> > > I'm sure you could get it if you put some effort into just building it
> > > rather than trying to find an implementation that someone else has
> > already
> > > built.
> > >
> > > On Thu, Apr 9, 2015 at 9:55 AM, <lloyd@REDACTED> wrote:
> > >
> > >> Thanks all.
> > >>
> > >> Darach--- looks like the Library of Congress API fits the bill.
> > >>
> > >> Garrett--- for sake of self-enlightenment I'll take a look at Python
> > >> implementations.
> > >>
> > >> I can understand that Amazon needs to enforce security on their api,
> but
> > >> one would think that the inventor of one-click ordering could come up
> > with
> > >> a simpler api request implementation. Maybe they're just trying to
> keep
> > >> pesky users like me out of the goodies. Wizards only apply.
> > >>
> > >> Best wishes,
> > >>
> > >> Lloyd
> > >>
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: "Darach Ennis" <darach@REDACTED>
> > >> Sent: Wednesday, April 8, 2015 8:07pm
> > >> To: "Lloyd Prentice" <lloyd@REDACTED>
> > >> Cc: "Erlang Questions" <erlang-questions@REDACTED>
> > >> Subject: Re: [erlang-questions] Amazon API -- Lookup by ISBN
> > >>
> > >> If you don't need the rank information you can get the metadata
> through
> > >> composing a URL
> > >> against the library of congress database:
> > >>
> > >>
> > >>
> >
> http://lx2.loc.gov:210/lcdb?version=1.1&operation=searchRetrieve&query=bath.isbn=0448421658&maximumRecords=1&recordSchema=mods
> > >>
> > >> This will deliver an XML document. You can get similar information
> from
> > >> Google's API:
> > >>
> > >> http://www.google.com/books/feeds/volumes/?q=ISBN%3C0448421658%3E
> > >>
> > >> Both are simple HTTP GET requests so unless you absolutely need data
> > >> unique
> > >> to Amazon's DB perhaps that would suffice.
> > >>
> > >> Cheers,
> > >>
> > >> Darach.
> > >>
> > >> On Wed, Apr 8, 2015 at 9:47 PM, <lloyd@REDACTED> wrote:
> > >>
> > >> > Hello,
> > >> >
> > >> > I'm striving to look up books in Amazon's db by ISBN. At first blush
> > it
> > >> > looks easy enough:
> > >> >
> > >> >
> > >> >
> > >>
> >
> http://docs.aws.amazon.com/AWSECommerceService/latest/DG/EX_LookupbyISBN.html
> > >> >
> > >> > But the last item, Signature, baffles me. Procedure here:
> > >> >
> > >> >
> > >> >
> > >>
> >
> http://docs.aws.amazon.com/AWSECommerceService/latest/DG/rest-signature.html
> > >> >
> > >> > I'm fine with this until I hit step 4:
> > >> >
> > >> > -- Sort parameter/value pairs by byte value --- I can see how to do
> > this
> > >> > manually, but don't know how put Erlang to the task
> > >> >
> > >> > And I'm really stumped when I hit step 8:
> > >> >
> > >> > -- Calculate an RFC 2104-compliant HMAC with the SHA256 hash
> algorithm
> > >> >
> > >> > Any help? Better yet, does anyone have actual code to make such
> > requests
> > >> > they're willing to share?
> > >> >
> > >> > NOTE: Dave Thomas solved this problem way back in 2007. But looks
> like
> > >> > Amazon has changed their request format:
> > >> >
> > >> > http://pragdave.me/blog/2007/04/15/a-first-erlang-program/
> > >> >
> > >> > Many thanks,
> > >> >
> > >> > LRP
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > _______________________________________________
> > >> > erlang-questions mailing list
> > >> > erlang-questions@REDACTED
> > >> > http://erlang.org/mailman/listinfo/erlang-questions
> > >> >
> > >>
> > >>
> > >> _______________________________________________
> > >> erlang-questions mailing list
> > >> erlang-questions@REDACTED
> > >> http://erlang.org/mailman/listinfo/erlang-questions
> > >>
> > >
> > >
> > > _______________________________________________
> > > erlang-questions mailing list
> > > erlang-questions@REDACTED
> > > http://erlang.org/mailman/listinfo/erlang-questions
> > >
> > >
> >
> >
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150409/52fb2cea/attachment.htm>


More information about the erlang-questions mailing list