Merge branch 'main' into main

Author: wizzardmr42

PII_QA.md

@@ -1,30 +1,45 @@
+**Describe why you require Personally Identifiable Information to build your application or feature.**
+- We are shipping internationally from our store  to  (UK) and need to automate the generation of AWBs (Air Waybills) through our system and the shipping company. To generate the AWB, we require the customer's address.
+- The only purpose for using PII (Personal Identifiable Information) is to create the AWB by passing the necessary information to the shipping company's API. 
+
+
+
+
+**List all outside parties with whom your organization shares Amazon Information and describe how your organization shares this information.**
+- We share customer addresses with the shipping company to automate the shipping process. This is done through a customized API that generates AWB labels. We only provide the necessary information to the shipping company’s API by submitting a request from our side, which includes all required personal information (PII) to create a new AWB.
+
+
 **Describe the network protection controls used by your organization to restrict public access to databases, file servers, and desktop/developer endpoints.**
-- Access to the Amazon Aurora database through the network is disabled and standard ports are closed. The database is only accessible through a socket on the server itself.
-- The reverse proxy only serves whitelisted directories that are only from sources controlled by us used (AWS Amplify).
-- API endpoints are password protected (PBKDF2 & SHA512 encryption, salted, and stretched for thousands of rounds).
-- Login credentials are always transmitted securely over SSL.
+- Our database server is behind a firewall Only allows connection from certain addresses IP, in addition to being protected by username and password. As for our file server, we use Azure Storage. where we also block requests through a private Key Access.
+
 
-**Describe how your organization individually identifies employees who have access to Amazon Information, and restricts employee access to Amazon information on a need- to-know basis.**
-- If all your employees are properly assigned separate users and given only relevant access rights: Access rights are provided to employees based on their role within the company and are progressive, based on their responsibility.
 
-For instance, salespersons only have access to their own leads/quotes (and thus no access to quotes generated through the Amazon API). A salesmanager has access to all quotes/leads for reporting purposes (including quotes generated through the Amazon API). A quote will generate a delivery order which will be accessible to a „normal“ user of the Inventory application for him to be able to print the delivery label and pack the products.
+**Describe how your organization individually identifies employees who have access to Amazon Information, and restricts employee access to Amazon information on a need- to-know basis.**
+- All of our employees are identified by a unique ID. accessing with username and password. that determines your role and permissions within our system. In this way, only authorized employees will have access to information from Amazon, keeping at all times the traceability of who and what information accesses
 
-- If your employees share users or if they are given more permissions than necessary. They will be fired and be held responsible before the law for the consequences of leaking user information.
 
 **Describe the mechanism your organization has in place to monitor and prevent Amazon Information from being accessed from employee personal devices (such as USB flash drives, cellphones) and how are you alerted in the event such incidents occur.**
-- We does not allowed developers access to PII. Role-based restrictions and access rights still apply. Developers must not store PII in removable media, personal devices, or unsecured public cloud applications (e.g., public links made available through Google Drive) unless it is encrypted using at least RSA-2048 bit keys or higher. Developers must securely dispose of any printed documents containing PII.
+- The USB connections of all computers are disabled and the use of personal email, messaging or cloud storage accounts. they are totally prohibited. We have an alert system that warns when abnormal behavior is detected when accessing sensitive information. providing the user, date and time. the IP address of the connection and the event that triggered the alarm (for example, a large number of requests to a sensitive endpoint).
 
 **Provide your organization's privacy and data handling policies to describe how Amazon data is collected, processed, stored, used, shared and disposed. You may provide this in the form of a public website URL.**
 1000 characters maximum
 
+
+**Provide your organisation's privacy and data-handling policies to describe how Amazon data is collected, processed, stored, used, shared and disposed of. You may provide this in the form of a public website URL.**
+- {URL}/Home/PrivacyPolicy
+
 **Describe where your organization stores Amazon Information at rest and provide details on any encryption algorithm used.**
-- Developers must encrypt all PII at rest using at least RSA with 2048-bit key size or higher. The cryptographic materials (e.g., encryption/decryption keys) and cryptographic capabilities (e.g. daemons implementing virtual Trusted Platform Modules and providing encryption/decryption APIs) used for encryption of PII at rest must be only accessible to the Developer's processes and services. Direct access to the database is not possible for the customer outside of UI interactions or API calls. Granular access rights control ensures that access is not shared to all users of the database.
+- We store information about personalization of the products necessary for their manufacture. This data is stored on our database server, with symmetric AES 256 encryption and is removed as manufacturing proceeds. Any resource or application that accesses this data must do so through the HTTPS protocol, to guarantee encryption in transit.
+
 
 **Describe how your organization backups or archives Amazon Information and provide details on any encryption algorithm used.**
-- The entire database is backed up once a day and no longer than 30 days after order delivery and only for the purpose of, and as long as is necessary to (i) fulfill orders, (ii) calculate and remit taxes, (iii) produce tax invoices, or (iv) meet legal requirements, including tax or regulatory requirements. If a Developer is required by law to retain archival copies of PII for tax or other regulatory purposes, PII must be stored as a "cold" or offline encrypted backup (e.g., not available for immediate or interactive use). And these backups can only be retrieved by Teecom employees through support requests.
+- The stored information (product customization) is included in our periodic backups. These copies are encrypted using the AES 256 algorithm and managed by Azure, including access restriction by username and password. firewall and security alerts. Backups are done in Azure. where no one has access, only the database administrator.
 
 **Describe how your organization monitors, detects, and logs malicious activity in your application(s).**
-- We uses automated probes on our server that report their status in Munin (an opensource monitoring tool). This tool automatically triggers alarms when probes detect values outside of their pre-defined range. We monitor (among many other things) access rates, response times, ssh connections, network activity.
+We uses automated probes on our server that report their status in Munin (an opensource monitoring tool). This tool automatically triggers alarms when probes detect values outside of their pre-defined range. We monitor access rates, response times, ssh connections, network activity.
+We gather logs information to detect security-related events and logs accessible only to developer who has permission , 
+But for amazon PII we made exception for logs to exclude any PII information from logs
+
 
 **Summarize the steps taken within your organization's incident response plan to handle database hacks, unauthorized access, and data leaks.**
 1. Preparation is we plan needs to detail who is on the incident response team—along with their contact info.
@@ -33,17 +48,23 @@ For instance, salespersons only have access to their own leads/quotes (and thus
 4. Post-incident activities is security updates have been made, we take some time to debrief from the incident.
 
 
+
 **How do you enforce password management practices throughout the organization as it relates to required length, complexity (upper/lower case, numbers, special character) and expiration period?**
-- We're defined a guidelines for password and developers must establish minimum password requirements for personnel and systems with access to Information. Password requirements must be a minimum of eight (8) characters, contain upper and lower case letters, contain numbers, contain special characters, and rotated at least quarterly. We're using Multi-Factor Authentication.
+- We're defined a guidelines for password and developers must establish minimum password requirements for personnel and systems with access to Information. 
+Password restrictions	
+• A minimum of 12 characters 
+• Requires the following: - Lowercase characters - Uppercase characters - Numbers (0-9) - Symbols
+- and rotated at least quarterly before expired  
+- We're using Multi-Factor Authentication.
 
 **How is Personally Identifiable Information (PII) protected during testing?**
-In during testing, employee only using stub database for test and not using Amazon Information database. And Personally Identifiable Information is encrypted when debug or logs.
+- If it’s necessary for a test participant’s PII to be visible on the screen during a certain task then we enable the Blur Tool to make the screen unreadable during that specific task.
+- Also if data move to test database in test environment then all data for user data PII removed and to mock random data added by database admin before give access to testing user or developer in Test environments and also developer do testing and call to sandbox instead of call production
+
 
 **What measures are taken to prevent exposure of credentials?**
-- Developers must use different passwords for different accounts and systems.
-Developers must use multi-factor authentication (MFA) via Microsoft Authenticator for login to systems.
-Developers must not hardcode sensitive credentials in their code, including encryption keys, secret access keys, or passwords. Sensitive credentials must not be exposed in public code repositories. 
-Developers must maintain separate test and production environments.
+- Passwords are hashed (with salt and IV) before being stored in our database, so If anyone can access it, they couldn't access the original passwords. Additionally, we enforce changing passwords every 6 months, to avoid other password leaks possibilities.
+
 
 **How do you track remediation progress of findings identified from vulnerability scans and penetration tests?**
 - We're testing our applications periodically to assess products’ security is locate any security vulnerabilities that might be hidden in source code, before releasing it.  

README.md

@@ -80,14 +80,11 @@ Install-Package CSharpAmazonSpAPI
 ## Keys
 To get all keys needed you need to follow this step [Creating and configuring IAM policies and entities](https://developer-docs.amazon.com/sp-api/docs/creating-and-configuring-iam-policies-and-entities) and then you need to [Registering your Application](https://developer-docs.amazon.com/sp-api/docs/registering-your-application) then [Authorizing Selling Partner API applications
 ](https://developer-docs.amazon.com/sp-api/docs/authorizing-selling-partner-api-applications#step-1-request-a-login-with-amazon-access-token)
-> :warning: **Use role ARN created in step 5 when you register your application**: and dont use IAM user
+
 
 | Name | Description |
 | --- | --- |
-| AccessKey | AWS USER ACCESS KEY |
-| SecretKey | AWS USER SECRET KEY |
-| RoleArn | AWS IAM Role ARN (needs permission to “Assume Role” STS) |
-| Region | Marketplace region [List of Marketplaces](https://developer-docs.amazon.com/sp-api/docs/marketplace-ids)|
+| Marketplace | Marketplace region [List of Marketplaces](https://developer-docs.amazon.com/sp-api/docs/marketplace-ids)|
 | ClientId | Your amazon app id |
 | ClientSecret | Your amazon app secret |
 | RefreshToken | Check how to get [RefreshToken](https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md#Self-authorization) |
@@ -105,9 +102,6 @@ You can configure a connection like so please see [Here](https://github.com/abuz
 ```CSharp
 AmazonConnection amazonConnection = new AmazonConnection(new AmazonCredential()
 {
-     AccessKey = "AKIAXXXXXXXXXXXXXXX",
-     SecretKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-     RoleArn = "arn:aws:iam::XXXXXXXXXXXXX:role/XXXXXXXXXXXX",
      ClientId = "amzn1.application-XXX-client.XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      ClientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      RefreshToken= "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
@@ -118,9 +112,6 @@ or
 
 AmazonConnection amazonConnection = new AmazonConnection(new AmazonCredential()
 {
-     AccessKey = "AKIAXXXXXXXXXXXXXXX",
-     SecretKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-     RoleArn = "arn:aws:iam::XXXXXXXXXXXXX:role/XXXXXXXXXXXX",
      ClientId = "amzn1.application-XXX-client.XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      ClientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      RefreshToken= "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
@@ -129,14 +120,13 @@ AmazonConnection amazonConnection = new AmazonConnection(new AmazonCredential()
 
 ```
 
+
+
 ### Configuration using a proxy
 Please see [here](https://github.com/abuzuhri/Amazon-SP-API-CSharp/blob/main/Source/FikaAmazonAPI.SampleCode/Program.cs) for the relevant code file.
 >```csharp
 >AmazonConnection amazonConnection = new AmazonConnection(new AmazonCredential()
 >{
->     AccessKey = "AKIAXXXXXXXXXXXXXXX",
->     SecretKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
->     RoleArn = "arn:aws:iam::XXXXXXXXXXXXX:role/XXXXXXXXXXXX",
 >     ClientId = "amzn1.application-XXX-client.XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
 >     ClientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
 >     RefreshToken= "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
@@ -216,9 +206,6 @@ var orders = _amazonConnection.Orders.GetOrders(parameterOrderList);
 ```CSharp
 AmazonConnection amazonConnection = new AmazonConnection(new AmazonCredential()
 {
-     AccessKey = "AKIAXXXXXXXXXXXXXXX",
-     SecretKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-     RoleArn = "arn:aws:iam::XXXXXXXXXXXXX:role/XXXXXXXXXXXX",
      ClientId = "amzn1.application-XXX-client.XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      ClientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
      RefreshToken= "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
@@ -285,6 +272,7 @@ var returnFBAOrder = reportManager.GetReturnFBAOrder(90); //GET_FBA_FULFILLMENT_
 var reimbursementsOrder = reportManager.GetReimbursementsOrder(180); //GET_FBA_REIMBURSEMENTS_DATA
 var feedbacks = reportManager.GetFeedbackFromDays(180); //GET_SELLER_FEEDBACK_DATA
 var LedgerDetails = reportManager.GetLedgerDetailAsync(10); //GET_LEDGER_DETAIL_VIEW_DATA
+var UnsuppressedInventory = reportManager.GetUnsuppressedInventoryDataAsync().ConfigureAwait(false).GetAwaiter().GetResult(); //GET_FBA_MYI_UNSUPPRESSED_INVENTORY_DATA
 ```
 
 
@@ -487,6 +475,64 @@ var processingReport = amazonConnection.Feed.GetFeedDocumentProcessingReport(out
 ```
 
 
+#### JSON_LISTINGS_FEED Submit for change price
+```CSharp
+string sellerId = "SellerId";
+string sku = "SKU";
+decimal price = 19.99m;
+
+string jsonString = $@"
+{{
+    ""header"": {{
+    ""sellerId"": ""{sellerId}"",
+    ""version"": ""2.0"",
+    ""issueLocale"": ""en_US""
+    }},
+    ""messages"": [
+    {{
+        ""messageId"": 1,
+        ""sku"": ""{sku}"",
+        ""operationType"": ""PATCH"",
+        ""productType"": ""PRODUCT"",
+        ""patches"": [
+        {{
+            ""op"": ""replace"",
+            ""path"": ""/attributes/purchasable_offer"",
+            ""value"": [
+            {{
+                ""currency"": ""USD"",
+                ""our_price"": [
+                {{
+                    ""schedule"": [
+                    {{
+                        ""value_with_tax"": {price}
+                    }}
+                    ]
+                }}
+                ]
+            }}
+            ]
+        }}
+        ]
+    }}
+    ]
+}}";
+
+string feedID = await amazonConnection.Feed.SubmitFeedAsync(jsonString, FeedType.JSON_LISTINGS_FEED, new List<string>() { MarketPlace.UnitedArabEmirates.ID }, null, ContentType.JSON);
+
+Thread.Sleep(1000*60);
+
+var feedOutput = amazonConnection.Feed.GetFeed(feedID);
+
+var outPut = amazonConnection.Feed.GetFeedDocument(feedOutput.ResultFeedDocumentId);
+
+var reportOutpit = outPut.Url;
+
+var processingReport = await amazonConnection.Feed.GetJsonFeedDocumentProcessingReportAsync(output);
+
+```
+
+
 #### Feed Submit for change Quantity
 ```CSharp
 ConstructFeedService createDocument = new ConstructFeedService("{SellerID}", "1.02");
@@ -607,7 +653,7 @@ public void SubmitFeedOrderAdjustment()
 ## Usage Plans and Rate Limits in the Selling Partner API
 
 Please read this doc to get all information about this limitation
-https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/usage-plans-rate-limits/Usage-Plans-and-Rate-Limits.md
+https://developer-docs.amazon.com/sp-api/docs/usage-plans-and-rate-limits
 
 we calc waiting time by read x-amzn-RateLimit-Limit header 
 

Source/FikaAmazonAPI.SampleCode/CustomMessageReceiver.cs

@@ -1,11 +1,5 @@
-using Amazon;
-using FikaAmazonAPI.NotificationMessages;
+using FikaAmazonAPI.NotificationMessages;
 using FikaAmazonAPI.Parameter.Notification;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
 
 namespace FikaAmazonAPI.SampleCode
 {
@@ -19,6 +13,7 @@ public void ErrorCatch(Exception ex)
 
         public void NewMessageRevicedTriger(NotificationMessageResponce message)
         {
+            Console.Write(".");
             //Your Code here
         }
     }