jlevers/selling-partner-api

PHP client for Amazon's Selling Partner API


README

A PHP library for connecting to Amazon's Selling Partner API.

Total Downloads Latest Stable Version License

Highside Labs Logo This package is developed and maintained as part of Highside Labs. If you need support integrating with Amazon's (or any other e-commerce platform's) APIs, we're happy to help! Shoot us an email at hi@highsidelabs.co. We'd love to hear from you :)

If you've found this library useful, please consider becoming a Sponsor, or making a one-time donation via the button below. I appreciate any and all support you can provide!

paypal

Features

  • Supports all Selling Partner API operations (for Sellers and Vendors) as of 11/13/2022 (see here for links to documentation for all calls)
  • Supports applications made with both IAM user and IAM role ARNs (docs)
  • Automatically generates Restricted Data Tokens for all calls that require them -- no extra calls to the Tokens API needed
  • Includes a Document helper class for uploading and downloading feed/report documents

Sponsors

Installation

composer require jlevers/selling-partner-api

Table of Contents

Check out the Getting Started section below for a quick overview.

This README is divided into several sections:

Getting Started

Prerequisites

You need a few things to get started:

  • A Selling Partner API developer account
  • An AWS IAM user or role configured for use with the Selling Partner API
  • A Selling Partner API application

If you're looking for more information on how to set those things up, check out this blog post. It provides a detailed walkthrough of the whole setup process.

Setup

The Configuration constructor takes a single argument: an associative array with all the configuration information that's needed to connect to the Selling Partner API:

$config = new SellingPartnerApi\Configuration([
    "lwaClientId" => "<LWA client ID>",
    "lwaClientSecret" => "<LWA client secret>",
    "lwaRefreshToken" => "<LWA refresh token>",
    "awsAccessKeyId" => "<AWS access key ID>",
    "awsSecretAccessKey" => "<AWS secret access key>",
    // If you're not working in the North American marketplace, change
    // this to another endpoint from lib/Endpoint.php
    "endpoint" => SellingPartnerApi\Endpoint::NA,
]);

If you created your Selling Partner API application using an IAM role ARN instead of a user ARN, pass that role ARN in the configuration array:

$config = new SellingPartnerApi\Configuration([
    "lwaClientId" => "<LWA client ID>",
    "lwaClientSecret" => "<LWA client secret>",
    "lwaRefreshToken" => "<LWA refresh token>",
    "awsAccessKeyId" => "<AWS access key ID>",
    "awsSecretAccessKey" => "<AWS secret access key>",
    // If you're not working in the North American marketplace, change
    // this to another endpoint from lib/Endpoint.php
    "endpoint" => SellingPartnerApi\Endpoint::NA,
    "roleArn" => "<Role ARN>",
]);

Getter and setter methods exist for the Configuration class's lwaClientId, lwaClientSecret, lwaRefreshToken, awsAccessKeyId, awsSecretAccessKey, and endpoint properties. The methods are named in accordance with the name of the property they interact with: getLwaClientId, setLwaClientId, getLwaClientSecret, etc.

$config can then be passed into the constructor of any SellingPartnerApi\Api\*Api class. See the Example section for a complete example.

Configuration options

The array passed to the Configuration constructor accepts the following keys:

  • lwaClientId (string): Required. The LWA client ID of the SP API application to use to execute API requests.
  • lwaClientSecret (string): Required. The LWA client secret of the SP API application to use to execute API requests.
  • lwaRefreshToken (string): The LWA refresh token of the SP API application to use to execute API requests. Required, unless you're only using the Configuration instance to call grantless operations.
  • awsAccessKeyId (string): Required. AWS IAM user Access Key ID with SP API ExecuteAPI permissions.
  • awsSecretAccessKey (string): Required. AWS IAM user Secret Access Key with SP API ExecuteAPI permissions.
  • endpoint (array): Required. An array containing a url key (the endpoint URL) and a region key (the AWS region). There are predefined constants for these arrays in lib/Endpoint.php: (NA, EU, FE, and NA_SANDBOX, EU_SANDBOX, and FE_SANDBOX. See here for more details.
  • accessToken (string): An access token generated from the refresh token.
  • accessTokenExpiration (int): A Unix timestamp corresponding to the time when the accessToken expires. If accessToken is given, accessTokenExpiration is required (and vice versa).
  • onUpdateCredentials (callable|Closure): A callback function to call when a new access token is generated. The function should accept a single argument of type SellingPartnerApi\Credentials.
  • roleArn (string): If you set up your SP API application with an AWS IAM role ARN instead of a user ARN, pass that ARN here.
  • authenticationClient (GuzzleHttp\ClientInterface): Optional GuzzleHttp\ClientInterface object that will be used to generate the access token from the refresh token
  • tokensApi (SellingPartnerApi\Api\TokensApi): Optional SellingPartnerApi\Api\TokensApi object that will be used to fetch Restricted Data Tokens (RDTs) when you call a restricted operation
  • authorizationSigner (SellingPartnerApi\Contract\AuthorizationSignerContract): Optional SellingPartnerApi\Contract\AuthorizationSignerContract implementation. See Custom Authorization Signer section
  • requestSigner (SellingPartnerApi\Contract\RequestSignerContract): Optional SellingPartnerApi\Contract\RequestSignerContract implementation. See Custom Request Signer section.

Examples

This example assumes you have access to the Seller Insights Selling Partner API role, but the general format applies to any Selling Partner API request.

<?php
require_once(__DIR__ . '/vendor/autoload.php');

use SellingPartnerApi\Api\SellersV1Api as SellersApi;
use SellingPartnerApi\Configuration;
use SellingPartnerApi\Endpoint;

$config = new Configuration([
    "lwaClientId" => "amzn1.application-oa2-client.....",
    "lwaClientSecret" => "abcd....",
    "lwaRefreshToken" => "Aztr|IwEBI....",
    "awsAccessKeyId" => "AKIA....",
    "awsSecretAccessKey" => "ABCD....",
    // If you're not working in the North American marketplace, change
    // this to another endpoint from lib/Endpoint.php
    "endpoint" => Endpoint::NA
]);

$api = new SellersApi($config);
try {
    $result = $api->getMarketplaceParticipations();
    print_r($result);
} catch (Exception $e) {
    echo 'Exception when calling SellersApi->getMarketplaceParticipations: ', $e->getMessage(), PHP_EOL;
}

?>

Debug mode

To get debugging output when you make an API request, you can call $config->setDebug(true). By default, debug output goes to stdout via php://output, but you can redirect it a file with $config->setDebugFile('<path>').

<?php
require_once(__DIR__ . '/vendor/autoload.php');

use SellingPartnerApi\Configuration;

$config = new Configuration([/* ... */]);
$config->setDebug(true);
// To redirect debug info to a file:
$config->setDebugFile('./debug.log');

Supported API segments

Each API class name contains the API's version. This allows for multiple versions of the same API to be accessible in a single version of this package. It makes the class names a little uglier, but allows for simultaneously using new and old versions of the same API segment, which is often useful. The uglier names can be remedied by formatting use statements like so:

use SellingPartnerApi\Api\SellersV1Api as SellersApi;
use SellingPartnerApi\Model\SellersV1 as Sellers;

It also means that if a new version of an existing API is introduced, the library can be updated to include that new version without introducing breaking changes.

Seller APIs

Vendor APIs

Restricted operations

When you call a restricted operation, a Restricted Data Token (RDT) is automatically generated. If you're calling a restricted operation that accepts a dataElements parameter, you can pass dataElements values as a parameter to the API call. Check out the getOrders, getOrder, and getOrderItems documentation to see how to pass dataElements values to those calls. (At the time of writing, those are the only restricted operations that accept dataElements values.)

Uploading and downloading documents

The Feeds and Reports APIs include operations that involve uploading and downloading documents to and from Amazon. Amazon encrypts all documents they generate, and requires that all uploaded documents be encrypted. The SellingPartnerApi\Document class handles all the encryption/decryption, given an instance of one of the Model\ReportsV20210630\ReportDocument, Model\FeedsV20210630\FeedDocument, or Model\FeedsV20210630\CreateFeedDocumentResponse classes. Instances of those classes are in the response returned by Amazon when you make a call to the getReportDocument, getFeedDocument, and createFeedDocument endpoints, respectively.

Downloading a report document

use SellingPartnerApi\Api\ReportsV20210630Api as ReportsApi;
use SellingPartnerApi\ReportType;

// Assume we've already fetched a report document ID, and that a $config object was defined above
$documentId = 'foo.1234';
$reportType = ReportType::GET_FLAT_FILE_OPEN_LISTINGS_DATA;

$reportsApi = new ReportsApi($config);
$reportDocumentInfo = $reportsApi->getReportDocument($documentId, $reportType['name']);

$docToDownload = new SellingPartnerApi\Document($reportDocumentInfo, $reportType);
$contents = $docToDownload->download();  // The raw report text
/*
 * - Array of associative arrays, (each sub array corresponds to a row of the report) if content type is ContentType::TAB or ContentType::CSV
 * - A nested associative array (from json_decode) if content type is ContentType::JSON
 * - The raw report data if content type is ContentType::PLAIN or ContentType::PDF
 * - PHPOffice Spreadsheet object if content type is ContentType::XLSX
 * - SimpleXML object if the content type is ContentType::XML
 */
$data = $docToDownload->getData();
// ... do something with report data

If you are manipulating huge reports you can use downloadStream() to minimize the memory consumption. downloadStream() will return a Psr\Http\Message\StreamInterface.

// line to replace >>>>$contents = $docToDownload->download();  // The raw report text
$streamContents = $docToDownload->downloadStream();  // The raw report stream

Uploading a feed document

use SellingPartnerApi\Api\FeedsV20210630Api as FeedsApi;
use SellingPartnerApi\FeedType;
use SellingPartnerApi\Model\FeedsV20210630 as Feeds;

$feedType = FeedType::POST_PRODUCT_PRICING_DATA;
$feedsApi = new FeedsApi($config);

// Create feed document
$createFeedDocSpec = new Feeds\CreateFeedDocumentSpecification(['content_type' => $feedType['contentType']]);
$feedDocumentInfo = $feedsApi->createFeedDocument($createFeedDocSpec);
$feedDocumentId = $feedDocumentInfo->getFeedDocumentId();

// Upload feed contents to document
$feedContents = file_get_contents('<your/feed/file.xml>');
// The Document constructor accepts a custom \GuzzleHttp\Client object as an optional 3rd parameter. If that
// parameter is passed, your custom Guzzle client will be used when uploading the feed document contents to Amazon.
$docToUpload = new SellingPartnerApi\Document($feedDocumentInfo, $feedType);
$docToUpload->upload($feedContents);

$createFeedSpec = new Feeds\CreateFeedSpecification();
$createFeedSpec->setMarketplaceIds(['ATVPDKIKX0DER']);
$createFeedSpec->setInputFeedDocumentId($feedDocumentId);
$createFeedSpec->setFeedType($feedType['name']);

$createFeedResult = $feedsApi->createFeed($createFeedSpec);
$feedId = $createFeedResult->getFeedId();

If you are manipulating huge feed documents you can pass to upload() anything that Guzzle can turn into a stream.

Uploading with a specific charset

$charset = "Shift-JIS";
...
// Create feed document
$createFeedDocSpec = new Feeds\CreateFeedDocumentSpecification([
    'content_type' => SellingPartnerApi\Document::withContentType($feedType['contentType'], $charset)]
]);
...
// Upload feed contents to document
...
$docToUpload->upload($feedContents, $charset);

Downloading a feed result document

This works very similarly to downloading a report document:

use SellingPartnerApi\Api\FeedsV20210630Api as FeedsApi;
use SellingPartnerApi\FeedType;

$feedType = FeedType::POST_PRODUCT_PRICING_DATA;
$feedsApi = new FeedsApi($config);

// ...
// Create and upload a feed document, and wait for it to finish processing
// ...

$feedId = '1234567890';  // From the createFeed call
$feed = $api->getFeed($feedId);

$feedResultDocumentId = $feed->resultFeedDocumentId;
$feedResultDocument = $api->getFeedDocument($feedResultDocumentId);

$docToDownload = new SellingPartnerApi\Document($feedResultDocument, $feedType);
$contents = $docToDownload->download();  // The raw report data
$data = $docToDownload->getData();  // Parsed/formatted report data

Working with model classes

Most operations have one or more models associated with it. These models are classes that contain the data needed to make a certain kind of request to the API, or contain the data returned by a given request type. All of the models share the same general interface: you can either specify all the model's attributes during initialization, or set each attribute after the fact. Here's an example using the Service API's Buyer model (docs, (source).

The Buyer model has four attributes: buyer_id, name, phone, and is_prime_member. (If you're wondering how you would figure out which attributes the model has on your own, check out the docs link above.) To create an instance of the Buyer model with all those attributes set:

$buyer = new SellingPartnerApi\Model\ServiceV1\Buyer([
    "buyer_id" => "ABCDEFGHIJKLMNOPQRSTU0123456",
    "name" => "Jane Doe",
    "phone" => "+12345678901",
    "is_prime_member" => true
]);

Alternatively, you can create an instance of the Buyer model and then populate its fields:

$buyer = new SellingPartnerApi\Model\ServiceV1\Buyer();
$buyer->buyerId = "ABCDEFGHIJKLMNOPQRSTU0123456";
$buyer->name = "Jane Doe";
$buyer->phone = "+12345678901";
$buyer->isPrimeMember = true;

Each model also has the property accessors you might expect:

$buyer->buyerId;        // -> "ABCDEFGHIJKLMNOPQRSTU0123456"
$buyer->name;           // -> "Jane Doe"
$buyer->phone;          // -> "+12345678901"
$buyer->isPrimeMember;  // -> true

Models can (and usually do) have other models as attributes:

$serviceJob = new SellingPartnerApi\Model\ServiceV1\Buyer([
    // ...
    "buyer" => $buyer,
    // ...
]);

$serviceJob->buyer;        // -> [Buyer instance]
$serviceJob->buyer->name;  // -> "Jane Doe"

Response headers

Amazon includes some useful headers with each SP API response. If you need those for any reason, you can get an associative array of response headers by calling getHeaders() on the response object. For instance:

<?php
require_once(__DIR__ . '/vendor/autoload.php');

use SellingPartnerApi\Api\SellersV1Api as SellersApi;
use SellingPartnerApi\Configuration;
use SellingPartnerApi\Endpoint;

$config = new Configuration([...]);
$api = new Api\SellersApi($config);
try {
    $result = $api->getMarketplaceParticipations();
    $headers = $result->headers;
    print_r($headers);
} catch (Exception $e) {
    echo 'Exception when calling SellersApi->getMarketplaceParticipations: ', $e->getMessage(), PHP_EOL;
}

Custom Authorization Signer

You may need to do custom operations while signing the API request. You can create a custom authorization signer by creating an implementation of the AuthorizationSignerContract interface and passing it into the Configuration constructor array.

// CustomAuthorizationSigner.php
use GuzzleHttp\Psr7\Request;
use SellingPartnerApi\Contract\AuthorizationSignerContract;

class CustomAuthorizationSigner implements AuthorizationSignerContract
{
    public function sign(Request $request, Credentials $credentials): Request
    {
        // Calculate request signature and request date.
        
        $requestDate = '20220426T202300Z';
        $signatureHeaderValue = 'some calculated signature value';
        
        $signedRequest = $request
            ->withHeader('Authorization', $signatureHeaderValue)
            ->withHeader('x-amz-date', $requestDate);
        
        return $signedRequest;
    }

    // ...
}

// Consumer code
<?php
require_once(__DIR__ . '/vendor/autoload.php');

use SellingPartnerApi\Api\SellersV1Api as SellersApi;
use SellingPartnerApi\Configuration;
use SellingPartnerApi\Endpoint;
use CustomAuthorizationSigner;

$config = new Configuration([
    ..., 
    'authorizationSigner' => new CustomAuthorizationSigner(),
]);
$api = new SellersApi($config);
try {
    $result = $api->getMarketplaceParticipations();
    print_r($result);
} catch (Exception $e) {
    echo 'Exception when calling SellersApi->getMarketplaceParticipations: ', $e->getMessage(), PHP_EOL;
}

Custom Request Signer

You may also need to customize the entire request signing process – for instance, if you need to call an external service in the process of signing the request. You can do so by creating an implementation of the RequestSignerContract interface, and passing an instance of it into the Configuration constructor array.

// RemoteRequestSigner.php
use GuzzleHttp\Psr7\Request;
use SellingPartnerApi\Contract\RequestSignerContract;

class RemoteRequestSigner implements RequestSignerContract
{
    public function signRequest(
        Request $request,
        ?string $scope = null,
        ?string $restrictedPath = null,
        ?string $operation = null
    ): Request {
        // Sign request by sending HTTP call
        // to external/separate service instance.
        
        return $signedRequest;
    }
}

// Consumer code
<?php
require_once(__DIR__ . '/vendor/autoload.php');

use SellingPartnerApi\Api\SellersV1Api as SellersApi;
use SellingPartnerApi\Configuration;
use SellingPartnerApi\Endpoint;
use RemoteRequestSigner;

$config = new Configuration([
    ..., 
    'requestSigner' => new RemoteRequestSigner(),
]);
$api = new SellersApi($config);
try {
    $result = $api->getMarketplaceParticipations();
    print_r($result);
} catch (Exception $e) {
    echo 'Exception when calling SellersApi->getMarketplaceParticipations: ', $e->getMessage(), PHP_EOL;
}