Hi Nicole, Further to my last post, I should have quoted this Koha FAQ, http://koha.org/documentation/faq/why-do-i-need-a-awsprivatekey-for-amazon-c... which states that the Private Access Key and Secret key are the same. I assumed you had written the FAQ. Why do I need a AWSPrivateKey for Amazon Content? <http://koha.org/documentation/faq>Up to Table of Contents This FAQ applies to: 3.2 Why do I need the AWSPrivateKey as well as the AWSAccessKeyID to use Amazon Content? After 2009-08-15, Amazon Web Services will expect that all requests to the Product Advertising API, which is what Koha uses for retrieving reviews and other enhanced content from Amazon, include signatures. This patch and subsequenct patches implement this functionality. What this means in practice (assuming the user has elected to use any enhanced content from Amazon) is that * The user must get a Amazon Secret Access Key. This can be done by logging in to the user's AWS account at (e.g.) <http://aws.amazon.com/>http://aws.amazon.com/, going to the 'Access Identifiers' page, and from there retrieving and/or creating a new Secret Access Key. * The contents of the Secret Access Key should then be entered into the new AWSPrivateKey system preference. Once that is done, grabbing reviews and table of contents from Amazon should work as normal. If the user doesn't do this before 2009-08-15, reviews and TOCs will no longer be supplied from Amazon, although there should be no crashes - the content will simply not show up. Note that the requirement to sign requests does *NOT* appear to apply to simply displaying book covers from Amazon. END OF QUOTE FROM FAQ. This won't be so simple to implement because the Secret key is long and complex and can't be cut and pasted from the Amazon site into the Koha system prefs. Presumably the patch for 3.2 uses the Secret Key to create a digital signature, as described in the following Amazon description of access keys at http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredent... * Secret Access Key­Each Access Key ID has a Secret Access Key associated with it. This key is just a long string of characters (and not a file) that you use to calculate the digital signature that you include in the request. Your Secret Access Key is a secret, and only you and AWS should have it. Don't e-mail it to anyone, include it any AWS requests, or post it on the AWS Discussion Forums. No authorized person from AWS will ever ask for your Secret Access Key. When you create a request, you create a digital signature with your secret key and include it in the request along with your Access Key ID. When we get the request, we use your Access Key ID to look up the corresponding Secret Access Key. We use the key to validate the signature and confirm that you're the request sender. END OF QUOTE FROM AMAZON SITE. Mike Mason Earlier today, I wrote: ------------------------------------------------ My statement that "what we call the Amazon private key is really the Amazon Secret Access Key" was based on the following: I have just set up my Amazon associate ID and AWS access keys in Amazon, and the site described two keys as follows: (this is cut and pasted from Amazon's Associates' "Manage your account" page:) You will need access identifiers to call the Product Advertising API, authenticate requests and identify yourself as the sender of a request. Two types of identifiers are available: AWS Access Key Identifiers (Public and Secret Keys) and X.509 Certificates. The site guides you to set up the Public and Secret keys. It does not mention a "Private key". So I assumed that what you referred to in the 3.2 manual as a "Private Key" was meant to indicate Amazon's "Secret Key". But perhaps you had something else in mind? Unfortunately I can't test this as I'm on Liblime's Koha Express, which is still back in Koha 3.00.02.012 and has no system preference entries for Amazon reviews or for the Secret/Private key. Mike Mason At Sunday 14/02/2010, you wrote:

Hi all,

I want to confirm that what we call the Amazon private key is really the Amazon Secret Access Key. If so I want to update the language in the manual and the sys prefs page -but I want to be sure before I do that.

Nicole _______________________________________________ Koha mailing list Koha@lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha