Don't automatically generate RDTs for sandbox calls (#548)

README.md

@@ -251,7 +251,9 @@ It also means that if a new version of an existing API is introduced, the librar
 
 ## Restricted operations
 
-When you call a [restricted operation](https://developer-docs.amazon.com/sp-api/docs/tokens-api-use-case-guide), a Restricted Data Token (RDT) is automatically generated. If you're calling a restricted operation that accepts a [`dataElements`](https://developer-docs.amazon.com/sp-api/docs/tokens-api-use-case-guide#restricted-operations) parameter, you can pass `dataElements` values as a parameter to the API call. Check out the [getOrders](https:/jlevers/selling-partner-api/blob/main/docs/Api/OrdersV0Api.md#getOrders), [getOrder](https:/jlevers/selling-partner-api/blob/main/docs/Api/OrdersV0Api.md#getOrder), and [getOrderItems](https:/jlevers/selling-partner-api/blob/main/docs/Api/OrdersV0Api.md#getOrderItems) documentation to see how to pass `dataElements` values to those calls. (At the time of writing, those are the only restricted operations that accept `dataElements` values.)
+When you call a [restricted operation](https://developer-docs.amazon.com/sp-api/docs/tokens-api-use-case-guide), a Restricted Data Token (RDT) is automatically generated. If you're calling a restricted operation that accepts a [`data_elements`](https://developer-docs.amazon.com/sp-api/docs/tokens-api-use-case-guide#restricted-operations) parameter, you can pass `data_elements` values as a parameter to the API call. Check out the [getOrders](https:/jlevers/selling-partner-api/blob/main/docs/Api/OrdersV0Api.md#getOrders), [getOrder](https:/jlevers/selling-partner-api/blob/main/docs/Api/OrdersV0Api.md#getOrder), and [getOrderItems](https:/jlevers/selling-partner-api/blob/main/docs/Api/OrdersV0Api.md#getOrderItems) documentation to see how to pass `data_elements` values to those calls. (At the time of writing, those are the only restricted operations that accept `data_elements` values.)
+
+Note that if you want to call a restricted operation on a sandbox endpoint (e.g., `Endpoint::NA_SANDBOX`), you *should not* pass a `data_elements` parameter. RDTs are not necessary for restricted operations.
 
 
 ## Uploading and downloading documents

lib/Authentication.php

@@ -195,7 +195,8 @@ public function signRequest(Psr7\Request $request, ?string $scope = null, ?strin
  $request = $request->withUri($newUri);
  }
 
- if ($needRdt) {
+ // Sandbox requests don't require RDTs
+ if ($needRdt && !Endpoint::isSandbox($request->getUri()->getHost())) {
  $relevantCreds = $this->getRestrictedDataToken($restrictedPath, $request->getMethod(), $dataElements);
  }
  }
@@ -490,6 +491,6 @@ private function newToken(): void
  */
  public function formattedRequestTime(?bool $withTime = true): ?string
  {
- return $this->requestSigner->formattedRequestTime($withTime);
+ return $this->authorizationSigner->formattedRequestTime($withTime);
  }
 }

lib/Endpoint.php

@@ -114,4 +114,28 @@ public static function getByMarketplaceId(string $marketplace_id, bool $sandbox
 
  return constant("\SellingPartnerApi\Endpoint::$region");
  }
+
+ /**
+ * Checks if the given endpoint is valid. If the given endpoint is an array, checks
+ * the value of the `url` key. If it's a string, checks if it's a sandbox URL.
+ *
+ * @param array|string $endpoint The endpoint to check
+ * @return bool
+ */
+ public static function isSandbox($endpoint) {
+ $sandboxHosts = [
+ self::NA_SANDBOX['url'],
+ self::EU_SANDBOX['url'],
+ self::FE_SANDBOX['url'],
+ ];
+ if (is_array($endpoint)) {
+ return in_array($endpoint['url'], $sandboxHosts);
+ } else if (is_string($endpoint)) {
+ return in_array($endpoint, $sandboxHosts);
+ } else {
+ throw new InvalidArgumentException(
+ 'Invalid endpoint type ' . gettype($endpoint) . '. Must be array or string.'
+ );
+ }
+ }
 }