A PHP library for connecting to Amazon's Selling Partner API.
highsidelabs/laravel-spapi
: A Laravel wrapper for this package that makes SP API integration in Laravel projects quick and easy.highsidelabs/amazon-business-api
: A PHP library for Amazon's Business API, with a near-identical interface to this package.highsidelabs/walmart-api
: A PHP library for Walmart's seller and supplier APIs, including the Marketplace, Drop Ship Vendor, Content Provider, and Warehouse Supplier APIs.
This package is developed and maintained by Highside Labs. If you need support integrating with Amazon's (or any other e-commerce platform's) APIs, we're happy to help! Shoot us an email at [email protected]. We'd love to hear from you :)
If you've found any of our packages useful, please consider becoming a Sponsor, or making a one-time donation via the button below. I appreciate any and all support you can provide!
Sponsored by Tesmo.
- Supports all Selling Partner API operations (for Sellers and Vendors) as of 4/11/2023 (see here for links to documentation for all calls)
- Supports applications made with both IAM user and IAM role ARNs (docs)
- Automatically generates Restricted Data Tokens for all calls that require them -- no extra calls to the Tokens API needed
- Includes a
Document
helper class for uploading and downloading feed/report documents
composer require jlevers/selling-partner-api
Check out the Getting Started section below for a quick overview.
This README is divided into several sections:
- Setup
- Examples
- Debug mode
- Supported API segments
- Restricted operations
- Uploading and downloading documents
- Working with model classes
- Response headers
- Custom request authorization
- Custom request signing
You need a few things to get started:
- A Selling Partner API developer account
- An AWS IAM user or role configured for use with the Selling Partner API
- A Selling Partner API application
If you're looking for more information on how to set those things up, check out this blog post. It provides a detailed walkthrough of the whole setup process.
The Configuration
constructor takes a single argument: an associative array with all the configuration information that's needed to connect to the Selling Partner API:
$config = new SellingPartnerApi\Configuration([
"lwaClientId" => "<LWA client ID>",
"lwaClientSecret" => "<LWA client secret>",
"lwaRefreshToken" => "<LWA refresh token>",
"awsAccessKeyId" => "<AWS access key ID>",
"awsSecretAccessKey" => "<AWS secret access key>",
// If you're not working in the North American marketplace, change
// this to another endpoint from lib/Endpoint.php
"endpoint" => SellingPartnerApi\Endpoint::NA,
]);
If you created your Selling Partner API application using an IAM role ARN instead of a user ARN, pass that role ARN in the configuration array:
$config = new SellingPartnerApi\Configuration([
"lwaClientId" => "<LWA client ID>",
"lwaClientSecret" => "<LWA client secret>",
"lwaRefreshToken" => "<LWA refresh token>",
"awsAccessKeyId" => "<AWS access key ID>",
"awsSecretAccessKey" => "<AWS secret access key>",
// If you're not working in the North American marketplace, change
// this to another endpoint from lib/Endpoint.php
"endpoint" => SellingPartnerApi\Endpoint::NA,
"roleArn" => "<Role ARN>",
]);
Getter and setter methods exist for the Configuration
class's lwaClientId
, lwaClientSecret
, lwaRefreshToken
, awsAccessKeyId
, awsSecretAccessKey
, and endpoint
properties. The methods are named in accordance with the name of the property they interact with: getLwaClientId
, setLwaClientId
, getLwaClientSecret
, etc.
$config
can then be passed into the constructor of any SellingPartnerApi\Api\*Api
class. See the Example
section for a complete example.
The array passed to the Configuration
constructor accepts the following keys:
lwaClientId (string)
: Required. The LWA client ID of the SP API application to use to execute API requests.lwaClientSecret (string)
: Required. The LWA client secret of the SP API application to use to execute API requests.lwaRefreshToken (string)
: The LWA refresh token of the SP API application to use to execute API requests. Required, unless you're only using theConfiguration
instance to call grantless operations.awsAccessKeyId (string)
: Required. AWS IAM user Access Key ID with SP API ExecuteAPI permissions.awsSecretAccessKey (string)
: Required. AWS IAM user Secret Access Key with SP API ExecuteAPI permissions.endpoint (array)
: Required. An array containing aurl
key (the endpoint URL) and aregion
key (the AWS region). There are predefined constants for these arrays inlib/Endpoint.php
: (NA
,EU
,FE
, andNA_SANDBOX
,EU_SANDBOX
, andFE_SANDBOX
. See here for more details.accessToken (string)
: An access token generated from the refresh token.accessTokenExpiration (int)
: A Unix timestamp corresponding to the time when theaccessToken
expires. IfaccessToken
is given,accessTokenExpiration
is required (and vice versa).onUpdateCredentials (callable|Closure)
: A callback function to call when a new access token is generated. The function should accept a single argument of typeSellingPartnerApi\Credentials
.roleArn (string)
: If you set up your SP API application with an AWS IAM role ARN instead of a user ARN, pass that ARN here.authenticationClient (GuzzleHttp\ClientInterface)
: OptionalGuzzleHttp\ClientInterface
object that will be used to generate the access token from the refresh tokentokensApi (SellingPartnerApi\Api\TokensApi)
: OptionalSellingPartnerApi\Api\TokensApi
object that will be used to fetch Restricted Data Tokens (RDTs) when you call a restricted operationauthorizationSigner (SellingPartnerApi\Contract\AuthorizationSignerContract)
: OptionalSellingPartnerApi\Contract\AuthorizationSignerContract
implementation. See Custom Authorization Signer sectionrequestSigner (SellingPartnerApi\Contract\RequestSignerContract)
: OptionalSellingPartnerApi\Contract\RequestSignerContract
implementation. See Custom Request Signer section.
This example assumes you have access to the Seller Insights
Selling Partner API role, but the general format applies to any Selling Partner API request.
<?php
require_once(__DIR__ . '/vendor/autoload.php');
use SellingPartnerApi\Api\SellersV1Api as SellersApi;
use SellingPartnerApi\Configuration;
use SellingPartnerApi\Endpoint;
$config = new Configuration([
"lwaClientId" => "amzn1.application-oa2-client.....",
"lwaClientSecret" => "abcd....",
"lwaRefreshToken" => "Aztr|IwEBI....",
"awsAccessKeyId" => "AKIA....",
"awsSecretAccessKey" => "ABCD....",
// If you're not working in the North American marketplace, change
// this to another endpoint from lib/Endpoint.php
"endpoint" => Endpoint::NA
]);
$api = new SellersApi($config);
try {
$result = $api->getMarketplaceParticipations();
print_r($result);
} catch (Exception $e) {
echo 'Exception when calling SellersApi->getMarketplaceParticipations: ', $e->getMessage(), PHP_EOL;
}
?>
To get debugging output when you make an API request, you can call $config->setDebug(true)
. By default, debug output goes to stdout
via php://output
, but you can redirect it a file with $config->setDebugFile('<path>')
.
<?php
require_once(__DIR__ . '/vendor/autoload.php');
use SellingPartnerApi\Configuration;
$config = new Configuration([/* ... */]);
$config->setDebug(true);
// To redirect debug info to a file:
$config->setDebugFile('./debug.log');
Each API class name contains the API's version. This allows for multiple versions of the same API to be accessible in a single version of this package. It makes the class names a little uglier, but allows for simultaneously using new and old versions of the same API segment, which is often useful. The uglier names can be remedied by formatting use
statements like so:
use SellingPartnerApi\Api\SellersV1Api as SellersApi;
use SellingPartnerApi\Model\SellersV1 as Sellers;
It also means that if a new version of an existing API is introduced, the library can be updated to include that new version without introducing breaking changes.
- A+ Content API (2020-11-01)
- Authorization API (V1)
- Catalog Items API (2022-04-01)
- Catalog Items API (2021-12-01)
- Catalog Items API (V0)
- EasyShip API (2022-03-23)
- FBA Inbound API (V0)
- FBA Inbound Eligibility API (V1)
- FBA Inventory API (V1)
- FBA Outbound API (2020-07-01)
- Feeds API (2021-06-30)
- Fees API (V0)
- Finances API (V0)
- Listings API (2021-08-01)
- Listings Restrictions API (2021-08-01)
- Merchant Fulfillment API (V0)
- Messaging API (V1)
- Notifications API (V1)
- Orders API (V0)
- Product Pricing API (V0)
- Product Pricing API (2022-05-01)
- Product Type Definitions API (2020-09-01)
- Replenishment API (2022-11-07)
- Reports API (2021-06-30)
- Sales API (V1)
- Sellers API (V1)
- Service API (V1)
- Shipment Invoicing API (V0)
- Shipping API (V1)
- Shipping API (V2)
- Small and Light API (V1)
- Solicitations API (V1)
- Restricted Data Tokens API (2021-03-01)
- Uploads API (2020-11-01)
- Direct Fulfillment Inventory API (V1)
- Direct Fulfillment Orders API (V1)
- Direct Fulfillment Orders API (2021-12-28)
- Direct Fulfillment Payments API (V1)
- Direct Fulfillment Sandbox API (2021-10-28)
- Direct Fulfillment Shipping API (V1)
- Direct Fulfillment Shipping API (2021-12-28)
- Direct Fulfillment Transactions API (V1)
- Direct Fulfillment Transactions API (2021-12-28)
- Invoices API (V1)
- Orders API (V1)
- Shipping API (V1)
- Transaction Status API (V1)
When you call a restricted operation, a Restricted Data Token (RDT) is automatically generated. If you're calling a restricted operation that accepts a data_elements
parameter, you can pass data_elements
values as a parameter to the API call. Check out the getOrders, getOrder, and getOrderItems documentation to see how to pass data_elements
values to those calls. (At the time of writing, those are the only restricted operations that accept data_elements
values.)
Note that if you want to call a restricted operation on a sandbox endpoint (e.g., Endpoint::NA_SANDBOX
), you should not pass a data_elements
parameter. RDTs are not necessary for restricted operations.
The Feeds and Reports APIs include operations that involve uploading and downloading documents to and from Amazon. Amazon encrypts all documents they generate, and requires that all uploaded documents be encrypted. The SellingPartnerApi\Document
class handles all the encryption/decryption, given an instance of one of the Model\ReportsV20210630\ReportDocument
, Model\FeedsV20210630\FeedDocument
, or Model\FeedsV20210630\CreateFeedDocumentResponse
classes. Instances of those classes are in the response returned by Amazon when you make a call to the getReportDocument
, getFeedDocument
, and createFeedDocument
endpoints, respectively.
use SellingPartnerApi\Api\ReportsV20210630Api as ReportsApi;
use SellingPartnerApi\ReportType;
// Assume we've already fetched a report document ID, and that a $config object was defined above
$documentId = 'foo.1234';
$reportType = ReportType::GET_FLAT_FILE_OPEN_LISTINGS_DATA;
$reportsApi = new ReportsApi($config);
$reportDocumentInfo = $reportsApi->getReportDocument($documentId, $reportType['name']);
$docToDownload = new SellingPartnerApi\Document($reportDocumentInfo, $reportType);
$contents = $docToDownload->download(); // The raw report text
/*
* - Array of associative arrays, (each sub array corresponds to a row of the report) if content type is ContentType::TAB or ContentType::CSV
* - A nested associative array (from json_decode) if content type is ContentType::JSON
* - The raw report data if content type is ContentType::PLAIN or ContentType::PDF
* - PHPOffice Spreadsheet object if content type is ContentType::XLSX
* - SimpleXML object if the content type is ContentType::XML
*/
$data = $docToDownload->getData();
// ... do something with report data
If you are manipulating huge reports you can use downloadStream()
to minimize the memory consumption. downloadStream()
will return a Psr\Http\Message\StreamInterface
.
// line to replace >>>>$contents = $docToDownload->download(); // The raw report text
$streamContents = $docToDownload->downloadStream(); // The raw report stream
use SellingPartnerApi\Api\FeedsV20210630Api as FeedsApi;
use SellingPartnerApi\FeedType;
use SellingPartnerApi\Model\FeedsV20210630 as Feeds;
$feedType = FeedType::POST_PRODUCT_PRICING_DATA;
$feedsApi = new FeedsApi($config);
// Create feed document
$createFeedDocSpec = new Feeds\CreateFeedDocumentSpecification(['content_type' => $feedType['contentType']]);
$feedDocumentInfo = $feedsApi->createFeedDocument($createFeedDocSpec);
$feedDocumentId = $feedDocumentInfo->getFeedDocumentId();
// Upload feed contents to document
$feedContents = file_get_contents('<your/feed/file.xml>');
// The Document constructor accepts a custom \GuzzleHttp\Client object as an optional 3rd parameter. If that
// parameter is passed, your custom Guzzle client will be used when uploading the feed document contents to Amazon.
$docToUpload = new SellingPartnerApi\Document($feedDocumentInfo, $feedType);
$docToUpload->upload($feedContents);
$createFeedSpec = new Feeds\CreateFeedSpecification();
$createFeedSpec->setMarketplaceIds(['ATVPDKIKX0DER']);
$createFeedSpec->setInputFeedDocumentId($feedDocumentId);
$createFeedSpec->setFeedType($feedType['name']);
$createFeedResult = $feedsApi->createFeed($createFeedSpec);
$feedId = $createFeedResult->getFeedId();
If you are manipulating huge feed documents you can pass to upload()
anything that Guzzle can turn into a stream.
This works very similarly to downloading a report document:
use SellingPartnerApi\Api\FeedsV20210630Api as FeedsApi;
use SellingPartnerApi\FeedType;
$feedType = FeedType::POST_PRODUCT_PRICING_DATA;
$feedsApi = new FeedsApi($config);
// ...
// Create and upload a feed document, and wait for it to finish processing
// ...
$feedId = '1234567890'; // From the createFeed call
$feed = $feedsApi->getFeed($feedId);
$feedResultDocumentId = $feed->resultFeedDocumentId;
$feedResultDocument = $feedsApi->getFeedDocument($feedResultDocumentId);
$docToDownload = new SellingPartnerApi\Document($feedResultDocument, $feedType);
$contents = $docToDownload->download(); // The raw report data
$data = $docToDownload->getData(); // Parsed/formatted report data
Most operations have one or more models associated with it. These models are classes that contain the data needed to make a certain kind of request to the API, or contain the data returned by a given request type. All of the models share the same general interface: you can either specify all the model's attributes during initialization, or set each attribute after the fact. Here's an example using the Service API's Buyer
model (docs, (source).
The Buyer
model has four attributes: buyer_id
, name
, phone
, and is_prime_member
. (If you're wondering how you would figure out which attributes the model has on your own, check out the docs
link above.) To create an instance of the Buyer
model with all those attributes set:
$buyer = new SellingPartnerApi\Model\ServiceV1\Buyer([
"buyer_id" => "ABCDEFGHIJKLMNOPQRSTU0123456",
"name" => "Jane Doe",
"phone" => "+12345678901",
"is_prime_member" => true
]);
Alternatively, you can create an instance of the Buyer
model and then populate its fields:
$buyer = new SellingPartnerApi\Model\ServiceV1\Buyer();
$buyer->buyerId = "ABCDEFGHIJKLMNOPQRSTU0123456";
$buyer->name = "Jane Doe";
$buyer->phone = "+12345678901";
$buyer->isPrimeMember = true;
Each model also has the property accessors you might expect:
$buyer->buyerId; // -> "ABCDEFGHIJKLMNOPQRSTU0123456"
$buyer->name; // -> "Jane Doe"
$buyer->phone; // -> "+12345678901"
$buyer->isPrimeMember; // -> true
Models can (and usually do) have other models as attributes:
$serviceJob = new SellingPartnerApi\Model\ServiceV1\Buyer([
// ...
"buyer" => $buyer,
// ...
]);
$serviceJob->buyer; // -> [Buyer instance]
$serviceJob->buyer->name; // -> "Jane Doe"
Amazon includes some useful headers with each SP API response. If you need those for any reason, you can get an associative array of response headers by calling getHeaders()
on the response object. For instance:
<?php
require_once(__DIR__ . '/vendor/autoload.php');
use SellingPartnerApi\Api\SellersV1Api as SellersApi;
use SellingPartnerApi\Configuration;
use SellingPartnerApi\Endpoint;
$config = new Configuration([...]);
$api = new Api\SellersApi($config);
try {
$result = $api->getMarketplaceParticipations();
$headers = $result->headers;
print_r($headers);
} catch (Exception $e) {
echo 'Exception when calling SellersApi->getMarketplaceParticipations: ', $e->getMessage(), PHP_EOL;
}
You may need to do custom operations while signing the API request. You can create a custom authorization signer by creating an implementation of the AuthorizationSignerContract interface and passing it into the Configuration
constructor array.
// CustomAuthorizationSigner.php
use Psr\Http\Message\RequestInterface;
use SellingPartnerApi\Contract\AuthorizationSignerContract;
class CustomAuthorizationSigner implements AuthorizationSignerContract
{
public function sign(RequestInterface $request, Credentials $credentials): RequestInterface
{
// Calculate request signature and request date.
$requestDate = '20220426T202300Z';
$signatureHeaderValue = 'some calculated signature value';
$signedRequest = $request
->withHeader('Authorization', $signatureHeaderValue)
->withHeader('x-amz-date', $requestDate);
return $signedRequest;
}
// ...
}
// Consumer code
<?php
require_once(__DIR__ . '/vendor/autoload.php');
use SellingPartnerApi\Api\SellersV1Api as SellersApi;
use SellingPartnerApi\Configuration;
use SellingPartnerApi\Endpoint;
use CustomAuthorizationSigner;
$config = new Configuration([
...,
'authorizationSigner' => new CustomAuthorizationSigner(),
]);
$api = new SellersApi($config);
try {
$result = $api->getMarketplaceParticipations();
print_r($result);
} catch (Exception $e) {
echo 'Exception when calling SellersApi->getMarketplaceParticipations: ', $e->getMessage(), PHP_EOL;
}
You may also need to customize the entire request signing process – for instance, if you need to call an external service in the process of signing the request. You can do so by creating an implementation of the RequestSignerContract interface, and passing an instance of it into the Configuration
constructor array.
// RemoteRequestSigner.php
use Psr\Http\Message\RequestInterface;
use SellingPartnerApi\Contract\RequestSignerContract;
class RemoteRequestSigner implements RequestSignerContract
{
public function signRequest(
RequestInterface $request,
?string $scope = null,
?string $restrictedPath = null,
?string $operation = null
): RequestInterface {
// Sign request by sending HTTP call
// to external/separate service instance.
return $signedRequest;
}
}
// Consumer code
<?php
require_once(__DIR__ . '/vendor/autoload.php');
use SellingPartnerApi\Api\SellersV1Api as SellersApi;
use SellingPartnerApi\Configuration;
use SellingPartnerApi\Endpoint;
use RemoteRequestSigner;
$config = new Configuration([
...,
'requestSigner' => new RemoteRequestSigner(),
]);
$api = new SellersApi($config);
try {
$result = $api->getMarketplaceParticipations();
print_r($result);
} catch (Exception $e) {
echo 'Exception when calling SellersApi->getMarketplaceParticipations: ', $e->getMessage(), PHP_EOL;
}