And the reason they charge a fair amount for these services is that in additional to the authentication (oAuth2), your API interchanges must also be “signed”. This is an added security method to ensure that who you are and what you send is valid and authenticated information.
The signing process for the API requires some complex base64 computations that bundle the auth key with the data payload and a very precise time-stamp. If any part of the computation is off by just a skosh, the request is rejected. This is the high-level process - dive in and you will be swimming up to your eyeballs in complexities.
-
Create a query request as described in Creating a Canonicalized Query String.
-
Calculate an RFC 2104-compliant HMAC with the string you just created, using your Secret Key as the key. Both HmacSHA256 and HmacSHA1 are supported hash algorithms, but Amazon recommends using HmacSHA256. (Note: Standard port numbers should not be included in the query request string used to calculate the signature. See the Signature Version 2 Signing Process for further information.)
-
Convert the resulting value to base64.
-
Use the resulting value as the value of the Signature request parameter.
Having built a few integrations with MWS (and really, it should be called MW$), I cannot imagine any code-less or low-code process that could accomplish these steps. The last time I built such an integration the bill came to $3500.
My opinion - don’t try it unless you have cash stacked up like firewood and you’re ready to have a bonfire.
