Amazon SP-API Sandbox Bestellungen API kehrt 403 nicht autorisiert, obwohl LWA-Token und Sigv4 signiert haben ⇐ Python

[Anonymous]

Ich teste die Amazon Selling Partner API (SP-API) unter Verwendung der Sandbox-Umgebung, insbesondere die GET/Bestellungen/v0/Bestellungen Endpunkt. class = "Lang-json PrettyPrint-Override">

Code: Select all

{
"errors": [
{
"code": "Unauthorized",
"message": "Access to requested resource is denied.",
"details": "Access token is missing in the request header."
}
]
}

Request Details:
•   Endpoint:
https://sandbox.sellingpartnerapi-na.amazon.com/orders/v0/orders?CreatedAfter=TEST_CASE_200&MarketplaceIds=ATVPDKIKX0DER

Headers:
x-amzn-access-token: 
x-amz-security-token: 
x-amz-date: 
Host: sandbox.sellingpartnerapi-na.amazon.com
Accept: application/json
Authorization: AWS4-HMAC-SHA256 ... (generated with SigV4)

Auth flow:
1.  Get LWA token using refresh token, client ID, and client secret.
2.  AssumeRole using long-term AWS access key and secret key.
3.  Sign the request with botocore’s SigV4Auth.

Code:

I’m following this basic structure:
# Get LWA token
# Assume role
# Sign request using SigV4Auth from botocore.auth
# Send with requests.Session().send()

What I’ve checked:
•   LWA token is valid and not expired.
•   Temporary credentials from AssumeRole include session token.
•   All required headers (including x-amzn-access-token) are correctly set.
•   Endpoint, query parameters, and service name are accurate.
•   SigV4 signature is freshly generated for each request.

Questions:
•   Is there any known issue with the sandbox and GET /orders/v0/orders?
•   Is it possible the sandbox rejects requests even with proper headers for some TEST_CASE values?
•   Could the issue stem from a missing permission even in the sandbox?

Any help or clarification is much appreciated!