PHP / Aliexpress affiliation API : IncompleteSignature / The request signature does not conform to platform standards

Question

I use the affiliation API from Aliexpress to retrieve product prices and transform links into affiliation links.

I can get product information without any issue but when I try to transform my links into affiliation links, I get the following error message:

{"error_response":{"type":"ISV","code":"IncompleteSignature","msg":"The request signature does not conform to platform standards","request_id":"210101cd17036054742456317"}}

I use exactly the same signature method as for other api method but for this specific method, it doesn't work.

This is what I use:

$url = "https://api-sg.aliexpress.com/sync";
$appKey = "***";
$appSecret = "***";
$appName = "***";

$param = array();
$param["app_key"] = $appKey;
$param["format"] = "json";
$param["promotion_link_type"]=0;
$param["source_values"]="***";
$param["method"] = "aliexpress.affiliate.link.generate";
$param["sign_method"] = "md5";
$param["timestamp"] = time();
ksort($param);

foreach ($param as $key=>$value)
    {
        if (!isset($parameters))
            {
                $parameters = $key."=".$value;
            }
        else
            {
                $parameters = $parameters."&".$key."=".utf8_encode($value);
            }
    }

  $final = $url."?".$parameters."&sign=".strtoupper(md5($appSecret.$parameters.$appSecret));

 $ch = curl_init($final);
 curl_setopt($ch, CURLOPT_POST, true);
 curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded;charset=utf-8'));

$response = curl_exec($ch);

if (curl_errno($ch)) {
    echo 'Error: ' . curl_error($ch);
    }

curl_close($ch);

echo $response;

I have also tried sha256 and hmac but i get the same error message. The signature in MD5 works fine to use the aliexpress.affiliate.product.query method. I check the documentation and the only mandatory parameters are: promotion_link_type, source_values, tracking_id. (doc here: https://developers.aliexpress.com/en/doc.htm?docId=45804&docType=2)

Am I missing something?

Thanks

Answer 1

Found the solution thanks to @MarkusZeller

Adapted code:

$url = "https://api-sg.aliexpress.com/sync";
$appKey = "***";
$appSecret = "***";
$appName = "***";

$param = array();
$param["app_key"] = $appKey;
$param["format"] = "json";
$param["promotion_link_type"]=0;
$param["source_values"]="***";
$param["method"] = "aliexpress.affiliate.link.generate";
$param["sign_method"] = "md5";
$param["timestamp"] = time();
ksort($param);

foreach ($param as $key=>$value) { if (!isset($parameters)) { $parameters = $key."=".$value; } else { $parameters = $parameters."&".$key."=".utf8_encode($value); } } $sign = str_replace("&","",$parameters); $sign = str_replace("&","",$sign); $sign = str_replace("=","",$sign); $final = $url."?".$parameters."&sign=".strtoupper(md5($appSecret.$sign.$appSecret));

$ch = curl_init($final);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $parameters);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded;charset=utf-8'));

$response = curl_exec($ch);

Rest of the code remains the same. I had to use some modifications stored in $sign that were not added to the final params.