Feeds

Amazon API crackdown neuters book apps

New keys to the etail kingdom

Providing a secure and efficient Helpdesk

Following a change in the Amazon.com API, downloadable applications that rely on the etail giant for product data are experiencing a kind of Amazonian impotence.

Nathaniel Elam, a Linux user from New London, Connecticut, recently encountered the problem with his copy of Tellico, a tool that keeps a digital catalog of his CDs, LPs, videos, and other collectibles. The open source app is designed to automatically pull titles, track names, cast lists, images, and other data from various websites, but two weeks back, Elam's copy suddenly quit working with the world's largest etailer.

Then Elam noticed a similar problem with an aging Windows app known as Album Art Aggregator, which provided cover art for his collection of ripped CDs. And after a quick web search, he turned up issues with several other Linux apps, including Amarok, a music player for the KDE Linux desktop interface, and Rhythmbox, a music-management app for the GNOME destktop.

As it turns out, all are victims of a recent change to the Amazon.com data API. On August 15, Amazon began rejecting API requests that weren't signed with a secret access key. In the past, Amazon required a key from each application, but this was a key that could potentially be picked up and applied to any other tool - a particular danger with open source apps. Now, in an effort to maintain tighter control over use of the API, Amazon is requiring signed authentication.

"We are requiring that all calls to the Product Advertising API be signed in order to help us prevent unauthorized and improper uses of the API," reads an Amazon FAQ. "Signed requests will help developers protect the security of their access identifiers and will help prevent others from using their access identifiers to make unauthorized calls to the API."

This means that a separate key is required for each installation of an application. With a web-based app, each user is tapping into the same, centrally-located tool, so the developer can request and apply a single key for all users. But with a downloadable desktop app, each user needs their own key. The developer must tweak the app to accept the key and either distribute keys or have users apply their own keys by way of a free Amazon Web Services account.

The end result is that using desktop apps with the API is a bit more complicated. And existing apps - like Elam's version of Tellico - are on the fritz.

"Before, Tellico - as an application - had a unique access key. So every search that came from Tellico had the same key. It was hard-coded in the source. Some other application could have used the same key, since it was pretty much public, though," Robby Stephenson, the app's developer, tells The Reg. "Now, the new scheme requires each user to have a separate key that is kept private."

Like other developers, Stephenson was first notified of the change in May, and he received regular notifications from Amazon until the change was made in mid-August.

Stephenson has tweaked the new version of his downloadable app to use the private keys, but he has no intention of updating older versions that work with older interfaces. "The Amazon searching no longer works for any version of Tellico released for KDE3," he recently told his users. "I don't plan to try to backport that support, either. Sorry, folks. You'll just have to use a different search source."

Similarly, two other book-cataloging apps - the Mac-based Books for MacOS X and the GNOME-based Alexandria - have been updated to accommodate Amazon's change, and new downloads are required.

What exactly is Amazon trying to crack down on? It's unclear. The company did not respond to specific questions about the API change, merely pointing us to that online FAQ. But it's worth noting that Amazon has also changed the name of the API, dropping the "Amazon Associates Web Service" moniker in favor of "Product Advertising API."

The company's terms of service say that the API can only be used by applications that "have the principal purpose of advertising and marketing the Amazon Site and driving sales of products and services on the Amazon Site." But the terms have always read this way. And the new setup hardly seems like the best means of severing ties with product cataloging apps along the lines of Tellico and Books for MacOS X. But it has certainly made their lives a more difficult. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
DOUBLE BONK: Testy fanbois catch Apple Pay picking pockets
Users wail as tapcash transactions are duplicated
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.