[OPEN-ILS-GENERAL] Bad image for book! How to remove?
Jonathan Rochkind
jonathan at dnil.net
Mon Jul 6 17:45:06 EDT 2009
I forget how the image URLs work, and never knew how EG worked! If
the image URLs themselves are predictable based on ISBN, and you are
just predicting them and checking them for 404 -- then of course
there's no good way for them to require the signature and still have
those images available to browsers at all! I have no information that
they are going to be checking http referrers or anything. So, no, I
don't think you need to authenticate anything just to guess an image
URL and link to it.
If, on the other hand, you actually are using the product information
API to look up an ISBN and determine the image URL -- if you're
sending any requests to http://webservices.amazon.com/onca/xml -- then
any access to the Amazon product info API (doesn't matter what purpose
you are using it for) will require a hmac signature. As of August 15th.
http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?Query_QueryAuth.html
Jonathan
On Jul 6, 2009, at 5:23 PM, Jason Etheridge wrote:
>> For the Evergreen developers reading this -- have you updated your
>> Amazon
>> API code to use the cryptographic signature request form they
>> require as of
>> the middle of August? If anyone is using software that does not
>> use the
>> crypto request by the middle of August, they're going to find it
>> stops
>> working.
>
> Jonathan, are they requiring this for all API, even the image URL's?
> I don't believe we're actually using anything else (like reviews,
> etc.) from Amazon.
>
> --
> Jason Etheridge
> | VP, Community Support and Advocacy
> | Equinox Software, Inc. / The Evergreen Experts
> | phone: 1-877-OPEN-ILS (673-6457)
> | email: jason at esilibrary.com
> | web: http://www.esilibrary.com
More information about the Open-ils-general
mailing list