From 63a55cee11ca54caf8242884027a863860abaaf2 Mon Sep 17 00:00:00 2001
From: rickdeee <39277031+rickdeee@users.noreply.github.com>
Date: Tue, 6 Apr 2021 09:05:25 -0700
Subject: [PATCH] Add restricted-data-token-workflow.java

---
 .../restricted-data-token-workflow.java       | 182 ++++++++++++++++++
 1 file changed, 182 insertions(+)
 create mode 100644 clients/sample-code/restricted-data-token-workflow.java

diff --git a/clients/sample-code/restricted-data-token-workflow.java b/clients/sample-code/restricted-data-token-workflow.java
new file mode 100644
index 0000000..cf5437d
--- /dev/null
+++ b/clients/sample-code/restricted-data-token-workflow.java
@@ -0,0 +1,182 @@
+package sampleCode;
+
+// Imports from the Selling Partner API (SP-API) Auth & Auth client library.
+import com.amazon.SellingPartnerAPIAA.AWSAuthenticationCredentials;
+import com.amazon.SellingPartnerAPIAA.AWSAuthenticationCredentialsProvider;
+import com.amazon.SellingPartnerAPIAA.AWSSigV4Signer;
+import com.amazon.SellingPartnerAPIAA.LWAAuthorizationCredentials;
+
+// Imports from the generated Tokens API client library.
+import io.swagger.client.ApiException;
+import io.swagger.client.api.TokensApi;
+import io.swagger.client.model.CreateRestrictedDataTokenRequest;
+import io.swagger.client.model.CreateRestrictedDataTokenResponse;
+import io.swagger.client.model.RestrictedResource;
+
+// Imports from the generated Tokens API client library dependencies.
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.squareup.okhttp.OkHttpClient;
+import com.squareup.okhttp.Request;
+import com.squareup.okhttp.RequestBody;
+import com.squareup.okhttp.Response;
+
+public class RestrictedDataTokenWorkflow {
+
+    public static void main(String[] args) throws IOException, ApiException {
+        // This method represents a workflow for a simple use case. More use cases can be defined using a similar pattern.
+        callRestrictedOperationWorkflow();
+    }
+
+    // The SP-API endpoint.
+    private static final String sellingPartnerAPIEndpoint = "https://sellingpartnerapi-na.amazon.com";
+
+    // Declare a string variable for the Restricted Data Token (RDT).
+    private static String restrictedDataToken;
+
+    // Configure the LWAAuthorizationCredentials object.
+    private static final LWAAuthorizationCredentials lwaAuthorizationCredentials = LWAAuthorizationCredentials.builder()
+            .clientId("<application_client_id>")
+            .clientSecret("<application_client_secret>")
+            .refreshToken("Atzr|XXXXXXXXXXX")
+            .endpoint("https://api.amazon.com/auth/O2/token")
+            .build();
+
+    // Configure the AWSAuthenticationCredentials object.
+    private static final AWSAuthenticationCredentials awsAuthenticationCredentials = AWSAuthenticationCredentials.builder()
+            // If application registered with Role ARN, use here the aws credentials of a user that is linked to the Role ARN via security token service.
+            // Otherwise, if the application was registered using User ARN, use the access key and secret key of the User ARN, but you have to make sure that it has the policy attached.
+            .accessKeyId("aws_access_key")
+            .secretKey("aws_secret_key")
+            .region("aws_region")
+            .build();
+
+    // Configure the AWSAuthenticationCredentialsProvider object. This is only needed for applications registered using an IAM Role.
+    // If the application was registered using an IAM User, the AWSAuthenticationCredentialsProvider object should be removed.
+    private static final AWSAuthenticationCredentialsProvider awsAuthenticationCredentialsProvider = AWSAuthenticationCredentialsProvider.builder()
+            // The IAM Role must have the IAM policy attached as described in "Step 3. Create an IAM policy" in the SP-API Developer Guide.
+            .roleArn("arn:aws:iam::XXXXXXXXX:role/XXXXXXXXX")
+            .roleSessionName("session-name")
+            .build();
+
+    // The SP-API Tokens API instance used to call the createRestrictedDataToken operation.
+    private static final TokensApi tokensApi = new TokensApi.Builder()
+            .awsAuthenticationCredentials(awsAuthenticationCredentials)
+            .awsAuthenticationCredentialsProvider(awsAuthenticationCredentialsProvider)  // If the application uses User ARN, this line is not needed. Remove it or pass a null value.
+            .lwaAuthorizationCredentials(lwaAuthorizationCredentials)
+            .endpoint(sellingPartnerAPIEndpoint)
+            .build();
+
+    // This method wraps the workflow to request an RDT and make a call to a restricted operation.
+    private static void callRestrictedOperationWorkflow() throws IOException, ApiException {
+        // Define the path for the restricted operation that requires an RDT.
+        final String resourcePath = "/orders/v0/orders/123-1234567-1234567/address";
+
+        // Build the RestrictedResource object with the respective Method (MethodEnum from RestrictedResource class) and Path.
+        RestrictedResource resource = buildRestrictedResource(RestrictedResource.MethodEnum.GET, resourcePath);
+
+        // Make a list of the RestrictedResource objects that will be included in the request to create the RDT.
+        List<RestrictedResource> resourceList = Arrays.asList(resource);
+
+        // Get an RDT for the list of restricted resources.
+        restrictedDataToken = getRestrictedDataToken(resourceList);
+
+        // Build, sign, and execute the request, specifying RestrictedResource, RDT, and RequestBody.
+        // Pass a RequestBody only if required by the restricted operation. The requestBody is not required in this example.
+        Response restrictedRequestResponse = buildAndExecuteRestrictedRequest(resource, restrictedDataToken, null);
+
+        // You can handle the response as a JSON object, as shown in this example.
+        JsonObject responseBodyJson = new JsonParser().parse(restrictedRequestResponse.body().string()).getAsJsonObject();
+        System.out.println(responseBodyJson);
+
+        // Below is a example of how the workflow would look when requesting an RDT for multiple restricted resources.
+        // You can specify a maximum of 50 restricted resources.
+        /*
+        // Define a path for each restricted operation that requires an RDT.
+        final String resourcePath1 = "/orders/v0/orders/123-1234567-1234567/address";
+        final String resourcePath2 = "/orders/v0/orders/123-7654321-1234567/address";
+        final String resourcePath3 = "/orders/v0/orders/123-1234567-7654321/address";
+
+        // Build each RestrictedResource object with the respective Method (MethodEnum from RestrictedResource class) and Path.
+        RestrictedResource resource1 = buildRestrictedResource(RestrictedResource.MethodEnum.GET, resourcePath1);
+        RestrictedResource resource2 = buildRestrictedResource(RestrictedResource.MethodEnum.GET, resourcePath2);
+        RestrictedResource resource3 = buildRestrictedResource(RestrictedResource.MethodEnum.GET, resourcePath3);
+
+        // Make a list of the RestrictedResource objects that will be included in the request to create the RDT.
+        List<RestrictedResource> resourceList = Arrays.asList(resource1,resource2,resource3);
+
+        // Get an RDT for the list of restricted resources.
+        restrictedDataToken = getRestrictedDataToken(resourceList);
+
+        // If you request an RDT for multiple restricted resources; build, sign and execute each restricted operation separately.
+        // Pass the same RDT when building each restricted operation request. An RDT expires after 60 minutes.
+
+        // Build, sign, and execute each request, specifying RestrictedResource, RDT, and RequestBody.
+        // Pass a RequestBody only if required by the restricted operation. The requestBody is not required in this example.
+        Response restrictedRequestResponse1 = buildAndExecuteRestrictedRequest(resource1, restrictedDataToken, null);
+        Response restrictedRequestResponse2 = buildAndExecuteRestrictedRequest(resource2, restrictedDataToken, null);
+        Response restrictedRequestResponse3 = buildAndExecuteRestrictedRequest(resource3, restrictedDataToken, null);
+         */
+    }
+
+
+    // An example of a helper method to build, sign, and execute a restricted operation, specifying RestrictedResource, (String) RDT, and RequestBody.
+    // Returns the restricted operation Response object.
+    private static Response buildAndExecuteRestrictedRequest(RestrictedResource resource, String restrictedDataToken, RequestBody requestBody) throws IOException {
+        // Construct a request with the specified RestrictedResource, RDT, and RequestBody.
+        Request signedRequest = new Request.Builder()
+                .url(sellingPartnerAPIEndpoint + resource.getPath())  // Define the URL for the request, based on the endpoint and restricted resource path.
+                .method(resource.getMethod().getValue(), requestBody)  // Define the restricted resource method value, and requestBody, if required by the restricted operation.
+                .addHeader("x-amz-access-token", restrictedDataToken) // Sign the request with the RDT by adding it to the "x-amz-access-token" header.
+                .build(); // Build the request.
+
+        // Initiate an AWSSigV4Signer instance using your AWS credentials. This example is for an application registered using an AIM Role.
+        AWSSigV4Signer awsSigV4Signer = new AWSSigV4Signer(awsAuthenticationCredentials, awsAuthenticationCredentialsProvider);
+
+        /*
+        // Or, if the application was registered using an IAM User, use the following example:
+        AWSSigV4Signer awsSigV4Signer = new AWSSigV4Signer(awsAuthenticationCredentials);
+        */
+
+        // Sign the request with the AWSSigV4Signer.
+        signedRequest = awsSigV4Signer.sign(signedRequest);
+
+        // Execute the signed request.
+        OkHttpClient okHttpClient = new OkHttpClient();
+        Response response = okHttpClient.newCall(signedRequest).execute();
+
+        // Check the restricted operation response status code and headers.
+        System.out.println(response.code());
+        System.out.println(response.headers());
+        return response;
+    }
+
+    // An example of a helper method for building RestrictedResource objects, specifying the method (MethodEnum from RestrictedResource class) and the path.
+    private static RestrictedResource buildRestrictedResource(RestrictedResource.MethodEnum method, String path){
+        RestrictedResource resource = new RestrictedResource();
+        resource.setMethod(method);
+        resource.setPath(path);
+        return resource;
+    }
+
+    // An example of a helper method for creating an RDT for a list of RestrictedResource objects.
+    private static String getRestrictedDataToken(List<RestrictedResource> resourceList) throws ApiException {
+        // Initialize a CreateRestrictedDataTokenRequest object that represents the Restricted Data Token request body.
+        CreateRestrictedDataTokenRequest restrictedDataTokenRequest = new CreateRestrictedDataTokenRequest();
+
+        // Add a resource list to the CreateRestrictedDataTokenRequest object.
+        restrictedDataTokenRequest.setRestrictedResources(resourceList);
+
+        try {
+            CreateRestrictedDataTokenResponse response = tokensApi.createRestrictedDataToken(restrictedDataTokenRequest);
+            restrictedDataToken = response.getRestrictedDataToken();
+            return restrictedDataToken;
+        } catch (ApiException e) {
+            System.out.println(e.getResponseHeaders());  // Capture the response headers when a exception is thrown.
+            throw e;
+        }
+    }
+}