Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@scaleleap/selling-partner-api-sdk
Advanced tools
@scaleleap/selling-partner-api-sdk
📦 A fully typed TypeScript and Node.js SDK library for Amazon Selling Partner API
Selling Partner API for Node.js
- A fully typed TypeScript and Node.js SDK package for Amazon Selling Partner API
- Uses models from API model's repo to generate classes automatically
- Picks up changes and releases daily when/if models have drifted
- Based on Axios and uses aws4-axios interceptor to automatically sign the requests
- Can optionally assume roles via STS, and refresh STS credentials on schedule
Download & Installation
npm i -s @scaleleap/selling-partner-api-sdk
Getting Started
Prerequisites
A few things to get started:
- Registering as a developer
- Registering your Hybrid Selling Partner API applications
- Authorizing Selling Partner API applications
Authorizing Selling Partner API
Note that it is outside the responsibility of this package to handle the authorization process.
This package assumes you have already acquired the access and refresh tokens either by going through the OAuth flow or by using a self-authorized set of credentials.
Basic Usage
Using Existing AWS Credentials
This method is applicable if you want to assume the Selling Partner API role yourself, or you are using a static set of user credentials (not recommended).
import { SellersApiClient } from '@scaleleap/selling-partner-api-sdk'
const stsClient = new STSClient({
// Static set of credentials that have the permission to assume the role above
credentials: {
accessKeyId: 'AKIAIOSFODNN7EXAMPLE',
secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY',
},
})
const { Credentials } = await stsClient.send(
new AssumeRoleCommand({
// This is the role you have set in your Selling Partner API application
RoleArn: 'arn:aws:iam::123456789012:role/your-SP-API-role-name',
RoleSessionName: 'selling-partner-api-axios',
}),
)
const client = new SellersApiClient({
accessToken: 'Atza|...',
// Or use `amazonMarketplaces.CA.sellingPartner.region.endpoint`
// from `@scaleleap/amazon-marketplaces` package
basePath: 'https://sellingpartnerapi-na.amazon.com',
// Or use `amazonMarketplaces.CA.sellingPartner.region.awsRegion`
// from `@scaleleap/amazon-marketplaces` package
region: 'us-east-1',
credentials: {
accessKeyId: Credentials?.AccessKeyId || '',
secretAccessKey: Credentials?.SecretAccessKey || '',
sessionToken: Credentials?.SessionToken || '',
}
})
const marketplaceParticipations = await client.getMarketplaceParticipations()
Letting @scaleleap/selling-partner-api-sdk to Assume the Role
This package uses aws4-axios under the hood, which has the capability to make the STS call and get the credentials for you, and refresh the temporary AWS credentials session.
import { SellersApiClient } from '@scaleleap/selling-partner-api-sdk'
const client = new SellersApiClient({
accessToken: 'Atza|...',
// Or use `amazonMarketplaces.CA.sellingPartner.region.endpoint`
// from `@scaleleap/amazon-marketplaces` package
basePath: 'https://sellingpartnerapi-na.amazon.com',
// Or use `amazonMarketplaces.CA.sellingPartner.region.awsRegion`
// from `@scaleleap/amazon-marketplaces` package
region: 'us-east-1',
// This is the role you have set in your Selling Partner API application
roleArn: 'arn:aws:iam::123456789012:role/your-SP-API-role-name',
// Static set of credentials that have the permission to assume the role above
credentials: {
accessKeyId: 'AKIAIOSFODNN7EXAMPLE',
secretAccessKey: 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY',
},
})
const marketplaceParticipations = await client.getMarketplaceParticipations()
See the full list of exported classes and types:
src/api-models/index.ts.
See @scaleleap/amazon-marketplaces docs for a database of constants about Amazon Marketplaces.
Documentation
Contributing
This repository uses Conventional Commit style commit messages.
Authors or Acknowledgments
- Roman Filippov (Scale Leap)
- Toan Nguyen (nguyentoanit)
License
This project is licensed under the MIT License.
FAQs
📦 A fully typed TypeScript and Node.js SDK library for Amazon Selling Partner API
The npm package @scaleleap/selling-partner-api-sdk receives a total of 858 weekly downloads. As such, @scaleleap/selling-partner-api-sdk popularity was classified as not popular.
We found that @scaleleap/selling-partner-api-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 15 Oct 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024