Feeds

Amazon API crackdown neuters book apps

New keys to the etail kingdom

Build a business case: developing custom apps

Following a change in the Amazon.com API, downloadable applications that rely on the etail giant for product data are experiencing a kind of Amazonian impotence.

Nathaniel Elam, a Linux user from New London, Connecticut, recently encountered the problem with his copy of Tellico, a tool that keeps a digital catalog of his CDs, LPs, videos, and other collectibles. The open source app is designed to automatically pull titles, track names, cast lists, images, and other data from various websites, but two weeks back, Elam's copy suddenly quit working with the world's largest etailer.

Then Elam noticed a similar problem with an aging Windows app known as Album Art Aggregator, which provided cover art for his collection of ripped CDs. And after a quick web search, he turned up issues with several other Linux apps, including Amarok, a music player for the KDE Linux desktop interface, and Rhythmbox, a music-management app for the GNOME destktop.

As it turns out, all are victims of a recent change to the Amazon.com data API. On August 15, Amazon began rejecting API requests that weren't signed with a secret access key. In the past, Amazon required a key from each application, but this was a key that could potentially be picked up and applied to any other tool - a particular danger with open source apps. Now, in an effort to maintain tighter control over use of the API, Amazon is requiring signed authentication.

"We are requiring that all calls to the Product Advertising API be signed in order to help us prevent unauthorized and improper uses of the API," reads an Amazon FAQ. "Signed requests will help developers protect the security of their access identifiers and will help prevent others from using their access identifiers to make unauthorized calls to the API."

This means that a separate key is required for each installation of an application. With a web-based app, each user is tapping into the same, centrally-located tool, so the developer can request and apply a single key for all users. But with a downloadable desktop app, each user needs their own key. The developer must tweak the app to accept the key and either distribute keys or have users apply their own keys by way of a free Amazon Web Services account.

The end result is that using desktop apps with the API is a bit more complicated. And existing apps - like Elam's version of Tellico - are on the fritz.

"Before, Tellico - as an application - had a unique access key. So every search that came from Tellico had the same key. It was hard-coded in the source. Some other application could have used the same key, since it was pretty much public, though," Robby Stephenson, the app's developer, tells The Reg. "Now, the new scheme requires each user to have a separate key that is kept private."

Like other developers, Stephenson was first notified of the change in May, and he received regular notifications from Amazon until the change was made in mid-August.

Stephenson has tweaked the new version of his downloadable app to use the private keys, but he has no intention of updating older versions that work with older interfaces. "The Amazon searching no longer works for any version of Tellico released for KDE3," he recently told his users. "I don't plan to try to backport that support, either. Sorry, folks. You'll just have to use a different search source."

Similarly, two other book-cataloging apps - the Mac-based Books for MacOS X and the GNOME-based Alexandria - have been updated to accommodate Amazon's change, and new downloads are required.

What exactly is Amazon trying to crack down on? It's unclear. The company did not respond to specific questions about the API change, merely pointing us to that online FAQ. But it's worth noting that Amazon has also changed the name of the API, dropping the "Amazon Associates Web Service" moniker in favor of "Product Advertising API."

The company's terms of service say that the API can only be used by applications that "have the principal purpose of advertising and marketing the Amazon Site and driving sales of products and services on the Amazon Site." But the terms have always read this way. And the new setup hardly seems like the best means of severing ties with product cataloging apps along the lines of Tellico and Books for MacOS X. But it has certainly made their lives a more difficult. ®

Next gen security for virtualised datacentres

More from The Register

next story
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.