possibly removing amazon API support
Robby Stephenson
robby at periapsis.org
Fri Jul 10 22:32:34 MDT 2009
Hi folks,
Amazon.com has renamed their web services API to "Product Advertising API"
and has introduced a requirement to encrypt and sign all search requests.
You can read some more info at
http://affiliate-blog.amazon.com/2009/05/attention-amazon-associates-web-
service-developers.html
Essentially, you work up the REST query as usual, then use a secret key to
sign it with SHA-256 encryption or something. I've worked up an update to
Tellico that seems to work with the new method, but basically, you're not
supposed to distribute your secret key at all.
As of August 15, 2009, all searches using the old method will stop working.
That is, all versions of Tellico will stop working with amazon search on
that day. That's the first thing.
Second, Tellico has always been a bit in the grey area in terms of the API
terms of service. You probably notice that there's always a link back to
amazon in the search results. That's part of the terms of service. The terms
have also been updated, and they're a bit more stringent. I'm not sure I can
truthfully say that Tellico would not cross the line somehow. One of the
requirements is that the principal task of the app is marketing amazon
products. Yup...
Third, it's pretty clear that even if the Terms of Service allowed it,
they're pretty clear about not distributing your secret key. So I guess I
could allow ever user to register for their own key (which is free), but I
don't know if that is really a solution.
So, I'm considering removing the Amazon API support altogether. Drastic, I
know. Any comments?
I don't know how other applications like Delicious Library plan to deal with
the change. I wish I did...
Robby
More information about the tellico-users
mailing list