walmart affiliate api demo

const nodeRSA = require('node-rsa');
const fetch = require('node-fetch');

const publicKey = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbM2br48JS2JJy8Ajy0gy33Gu5RNAFgysUp4Mj9FqzXWg7AwdGaXc0vIAGG3vmyrP906qJpiEV1aW9GhsEGNQ9Mjmngfnu1VAKZjskVToqG1ktiXZJKSlVUfGTYj+r1lKDgd2iKt4azIzoeElk1gnLovn8zEaiCT7prHlzWWb7JgW3qp1e12e5WvSC5xX9P5iKOs6WM3qTSAX3e8qGeA9wtlHdQuDjSjWA0WlYQIFKgpoCBNZeldNxel79QgR7QKG6Oo/H4aImhDW9vXH00mGVy9QX11ngovVYPhCQWzsAo+v+Y2lAJUtFdjr2t9/mJisKxpYvpMeqVo2ZSydwBmb5'
const consumerId = 'change this to your consumer id'
const privateKey = "MIIEpAIBAAKCAQEAmzNm6+PCUtiScvAI8tIMt9xruUTQBYMrFKeDI/Ras11oOwMH\
Rml3NLyABht75sqz/dOqiaYhFdWlvRobBBjUPTI5p4H57tVQCmY7JFU6KhtZLYl2\
SSkpVVHxk2I/q9ZSg4HdoireGsyM6HhJZNYJy6L5/MxGogk+6ax5c1lm+yYFt6qd\
XtdnuVr0gucV/T+YijrOljN6k0gF93vKhngPcLZR3ULg40o1gNFpWECBSoKaAgTW\
XpXTcXpe/UIEe0ChujqPx+GiJoQ1vb1x9NJhlcvUF9dZ4KL1WD4QkFs7AKPr/mNp\
QCVLRXY69rff5iYrCsaWL6THqlaNmUsncAZm+QIDAQABAoIBAQCXocrmoSnUg1/i\
B/7WLr7aS/K7mi2blSHcFiWcVTrgj1wse7L56kTbM2fpj6SoQldEoS63OaaNjKVX\
ck/+2rtR5uZJcEXeQG7pGiSiRNqFFR81zF3S8PI/N8ZMdus6WjVX4uPFcxh5Gmx5\
HDyo1i3P1TVk9bf0zA+5ghdOyYRBzsKiX3HTRFLGn0EGEDpXwqvq43qJ49DL/YVe\
t0eKYS9E7F3MNqAQDHS4tuc0QsidFQHn50uLOIKtyAZ9lcc5X8Lw/3HLWM1+8hzD\
wX9N5C0YlUen3yGuMpY89jheLp1f5NRqE1JxHK5Rcb0MWNmMum5B5Azzg+0+NOoi\
Bi7bb98BAoGBAO3gWf9K7jrx8N15qJYb6lHIUvyTgrmu8VidbKOaFSr6Xmq/KTts\
w2F0YR15/N03cyeJBKYP/VWcTEJsyWXiy/XoFjjddLdCz8eMeMdowAMeWSDC7/DC\
B8xY2148u5QdIe/+UCCFGCFVxRSdAayYxMQjChUw0ZfFW9Cor/hA452pAoGBAKcG\
gitiez4F6bpCIelLerM8gambpC490LwILtcVCU3HzXoP+BfMd+NjgudqJpQ8Arqq\
y+1qkwfOkH0GUaBl6FHYEM0vZAfD00f4jL18Ft3wlvqCerxAU0GQWxIi2b8XYO04\
N9MtEMOwDr50bXeHKVYYhzrABNUxQ1e4NRWrazDRAoGAcC584uu4e+37tMcaHWie\
0eDSWjFK1jzNrwfW4zTYRMN8YYUzccXyQnR7FEaiXMU4tm1k1tf1ljk2saDSPg1+\
OMMyL7EoyQBmMuppT0l0PERErjGgrH8k5FcHZWLo54nxplfd++gooBft8LG2x2no\
acNIjwPN5HB7w2S6UC5x6bkCgYBafKMuv+bGvktWthdLHbI2wlP4wDJdPu4DwGcn\
7OSid9lxBI/CzOoyjanQl2iZLD3KRVe/otpPA3Cx2yeDv1HybR0FHGST9FpVhmkx\
CrYUvQ/+XYwCytKQFZXRKIJRDWhce/V6edK4QXxrYAYiGF6jnxw8DuVPXqX+MvTH\
bZvf0QKBgQCoDO0nfdW+TWGu4C9TgcX9lX+1G1Uszz0d6zmiRhh8dqconUoANpuV\
pgvIgsD2l2KOGiSrRknjdoutMPJLmdsJvi6ycO3/oOsAenfe/1/uoukpw9HGxdQ+\
NfNFwzDKLFEki8LLhbVesYeWNcAwmRkqpPqFN+GSuHt+jyYI2XoBgw=="

const keyVer = '2'

const generateWalmartHeaders = () => {
    const hashList = {
        "WM_CONSUMER.ID": consumerId,
        "WM_CONSUMER.INTIMESTAMP": Date.now().toString(),
        "WM_SEC.KEY_VERSION": keyVer,
    };

    const sortedHashString = `${hashList["WM_CONSUMER.ID"]}\n${hashList["WM_CONSUMER.INTIMESTAMP"]}\n${hashList["WM_SEC.KEY_VERSION"]}\n`;
    const signer = new nodeRSA(privateKey, "pkcs1");
    const signature = signer.sign(sortedHashString);
    const signature_enc = signature.toString("base64");

    return {
        "WM_SEC.AUTH_SIGNATURE": signature_enc,
        "WM_CONSUMER.INTIMESTAMP": hashList["WM_CONSUMER.INTIMESTAMP"],
        "WM_CONSUMER.ID": hashList["WM_CONSUMER.ID"],
        "WM_SEC.KEY_VERSION": hashList["WM_SEC.KEY_VERSION"],
    };
}

(async () => {
    const options = {
        method: 'GET',
        headers: generateWalmartHeaders()
    }
    const response = await fetch('https://developer.api.walmart.com/api-proxy/service/affil/product/v2/search?query=ipod', options);
    const body = await response.text();

    console.log(body);
})();

Hey @ammark97, thanks for translating the Java example into JS. I know you might be past this now, but I was wondering if you had encountered this issue upon making requests- {"details":{"Description":"Could not authenticate in-request, auth signature : Signature verification failed: affil-product, version: 2.0.0, env: prod","wm_svc.version":"2.0.0","wm_svc.name":"affil-product","wm_svc.env":"prod"}}

I used the same keygen site as you with 2048 as the key size (the default) and also uploaded my public key to my account on walmart.io

Any help would be super appreciated!

Sure, I'll see if I can help!

Copying and pasting the public/private key properly into your IDE is tricky so I would start there. If you want, I can look your code over if you paste it online somewhere.

I have the same problem "Signature verification failed". I've tried formatting my private key exactly like yours (with and without ) and also reading from file (fs.readFileSync('privateKey.pem'); I've troubleshooted the timestamp TTL and encoding, and tests pass. I'm using your exact code, could it be the hashList? Please let me know your thoughts, thanks!

Make sure const keyVer = '2' is using the correct key version you have uploaded. If you have only uploaded 1 key, you should be using const keyVer = '1'. Check to make sure it matches this value.

Walmart's api seems to be down for me so it but if you're not getting security error once you fix the keyVersion that should be a good sign.

Hi @ammark47, can you help setting this up on PHP please?

Hi @ammark97, thanks a lot for this useful piece of work. In my case, after changing the Private Key and the keyVer to 1 (as indicated in my application details at walmart IO) I got the following error: UnhandledPromiseRejectionWarning: InvalidAsn1Error: Expected 0x2: got 0x86.
May it be related to the privaKey? Do you have any ideas why this is happening? Thanks a lot!

The most common cause of generate header errors is an ill-formed RSA string, you can create a correct RSA online by visiting https://travistidwell.com/jsencrypt/demo/

Hello, has anyone succeeded on solving the auth issue?

Hey @ammark97, thanks for translating the Java example into JS. I know you might be past this now, but I was wondering if you had encountered this issue upon making requests- {"details":{"Description":"Could not authenticate in-request, auth signature : Signature verification failed: affil-product, version: 2.0.0, env: prod","wm_svc.version":"2.0.0","wm_svc.name":"affil-product","wm_svc.env":"prod"}}

I've tried using the given public/private key, my own public/private key and ofcourse used the consumer id and ver from walmart.io. I did use the windows and unix version of the key-tutorial, so I'm not sure what's wrong.
And also the tutorial mentions PKCS8, but the code here has pkcs1. Does that make a difference?