.:. tweet

Inside Amazon Widgets .:.

A week or so back, Amazon released their Widgets page, which seems to be a corral for many existing widgets and services, plus some neat-looking new ones.

What's most interesting to me is that the cool new toys all seem to be in HTML, and not Flash. Amazon seems to be going after a smaller, more-capable crowd (bloggers, hackers, small business operators) and not the denizens of the MySpace/Facebook walled gardens.

Most of the new badges are basic script tags that make iframes full of static ads. The iframe approach seems to be the only sensible way to make the ten out of sixteen that want you to be signed in before showing personalized recommendations work in a secure fashion.

At least one of these new widgets, however, is interactive and not just a static ad. See here:

They're using the script tag hack, JSON, and callbacks. They are not, however, deleting their dynamic scripts after they run, or returning a final semicolon in their returns ... tssk tssk tssk!

The badge framework itself is large, heavily obfuscated, and makes four more calls to bring in support libraries, including Alessandro Fulciniti's Nifty Corners Cube, for a total of 108k in scripts alone. There's also a CSS call, which--depending on what badge and what chrome you choose--pulls in up to 20 more images to build the thing. It seems like it could be done in a cleaner fashion, especially with regards to all those HTTP calls ... YSlow gives a maximum grade of 76% to any page with my tiny search badge on it, and it can't get possibly better as you make the badge bigger.

To play with my search badge, save the next few lines as amazonSearch.html and drag it into your browser:

<script src=""></script>

What's interesting--to me, anyway, because they're hackable--are the APIs that Amazon has released with this widget. Bring it up under Firefox, open up Firebug, and switch to your Net tab. As the badge builds you'll see output labeled q go by twice. The first is my badge styling information, which you can ignore.

The second is a call to Operation=getTopSellers, which runs automatically to populate the badge:

Here's the reply:

topseller_display_callback( {
   results:[ {
      ASIN : "B000QDLSR0",
      Title : "Heroes - Season One",
      Price : "$39.99",
      ImageUrl : "http:\/\/\/images\/I\/21e%2B0TZImQL.jpg",
      ImageHeight : "160",
      ImageWidth : "118" ,
      ThumbImageUrl : "http:\/\/\/images\/I\/11uZ1UXZbiL.jpg" ,
      ThumbImageHeight : "75" ,
      ThumbImageWidth : "55" ,
      category : "DVD" ,
      DetailPageURL : "http:\/\/\/dp\/B000QDLSR0" ,
      Rating : "4.5" ,
      TotalReviews : "129" ,
      Subtitle : "Hayden Panettiere, Masi Oka, Ali Larter, Adrian Pasdar (DVD)"
   { ... more results here ... }
   MarketPlace: "US",
   InstanceId: "0" }

InstanceId looks like it would be useful to determine which of your script tags was the one you were waiting for. While I haven't figured out how to specify a callback, I can pass arbitrary text to InstanceId, which I'd probably fill with the ID of the script tag that called it, so I could delete it and clean things up.

Side note: I'm hoping Amazon is keeping an eye on whatever goes through InstanceId ... it seems like there ought to be an XSS vulnerability in there somewhere, if I can pass InstanceId=alert('ding') and see it back in my results. Which, by the way ... I can.

After the Search badge comes up for the first time, it waits for input and then runs a different API, Operation=getResults:

Here's the reply you'll see if you enter cool and click the Go button:

search_callback( {
   results : [ {
      ASIN : "B000RHRGOO",
      Title : "Forever Cool",
      Price : "$12.99",
      ImageUrl : "http:\/\/\/images\/I\/21xS4SwS-DL.jpg",
      ImageHeight : "160",
      ImageWidth : "160",
      ThumbImageUrl : "http:\/\/\/images\/I\/11y96t9bKyL.jpg",
      ThumbImageHeight : "75",
      ThumbImageWidth : "75",
      category : "Music",
      DetailPageURL : "http:\/\/\/dp\/B000RHRGOO",
      Rating : "4.0",
      TotalReviews : "13",
      Subtitle : "Dean Martin (Audio CD - Aug 14, 2007)"
  { ... more results here ... }
  NumRecords : "75511",
  CorrectedQuery : "",
  MarketPlace : "US",
  InstanceId: "0"
} )

Yes, before you ask: plugging in one of Amazon's ASINs into Keywords will yield the single definitive record for that product. I'm guessing there has to be a way to run GetResults without making the poor thing run a full search ... all we need to do is figure out the right parameter name.

So: here's the ASIN for that Heroes Season One DVD entered into GetResults:

... and here's the output:

search_callback( {
   results : [ {
      ASIN : "B000QDLSR0",
      Title : "Heroes - Season One",
      Price : "$39.99",
      ImageUrl : "http:\/\/\/images\/I\/21e%2B0TZImQL.jpg",
      ImageHeight : "160",
      ImageWidth : "118",
      ThumbImageUrl : "http:\/\/\/images\/I\/11uZ1UXZbiL.jpg",
      ThumbImageHeight : "75",
      ThumbImageWidth : "55",
      category : "DVD",
      DetailPageURL : "http:\/\/\/dp\/B000QDLSR0",
      Rating : "4.5",
      TotalReviews : "136",
      Subtitle : "Hayden Panettiere, Masi Oka, Ali Larter, Adrian Pasdar (DVD)"
   } ],
   NumRecords : "1",
   CorrectedQuery : "",
   MarketPlace : "US",
   InstanceId: "0"
} )

So What?

Amazon has already created a universal identifier for just about any product that might be ordered online or discussed in an online community by a consumer. From here on out, anybody who discovers and records an ASIN and wants to pull down an image, an average rating, or a price need only poke GetResults.

I can already see how to create rate-this-product pages and communities that show recommended or related sets of products and allow the Web site operator to instantly cash in on Amazon's Associate program.

Bravo, Amazon ... now please consider officially opening the API!

Comments from before Disqus:

scott .:. 2009-09-06 09:02:45
This is interesting, however, how do you tell it to track your affiliate id once you've modified it?
Roger Gehalt .:. 2009-07-04 09:22:20
hello, thank you for the great translation of the scripts, because everything inside seems to be what you need, I try something that is definitely better than the script from amazon, thanks
Dan .:. 2008-08-27 07:28:54
Thanks. I'm adding widgets to I found the information helpful. Visit the site and send me feedback. I have direct links and also widgets (soon). How do you add code for google not to follow the link? see you soon
Kent Brewster .:. 2007-12-04 15:54:30
I haven't played with the eBay API yet; I'm guessing that eBay's HowTo/JS_Shopping document would be a productive place to start. (You need an API key to play, so I didn't really poke at it, but the sample API return looks like JSON-with-callback, which is a very good start.)

Thanks for the kind words about that personal matter, but please respect our wishes that it not be discussed further on the site.
War is not Healthy .:. 2007-12-03 16:11:00
This is very interesting (and I think discouraging) as I just tried adding an amazon affiliate widget to a site -- they're not very flexible -- I don't know why i bother anyway. I read the flash ones don't work on most web browsers (most users still use IE 6&7 according to amazon discussion board).

And, it makes me wonder if you have looked or would take a look at the ebay tools for affiliates which also include some widgets (or a least one). wonder how inefficient/bloated theirs is? at least apparently they have opened their API if I understand correctly.

thanks and this is most informative. I hope you can evaluate/analyze the ebay stuff too. the ebay aff tools are at

developer API info

also i can't believe what happened to your wife.
(talk about a major lawsuit!)

Violence is a poisonous virus infecting our culture/the world. what if we chose to put all that energy into creative problem-solving on behalf of others/our earth/the world? wouldn't that be so much more productive and life building/life changing in such a powerful positive way?

you all have my best hopes for moving forward/healing/justice.

look forward to learning what you think about all this ebay stuff
(trying to learn to earn / build online. thanks)

Copyright Kent Brewster 1987-2014 .:. FAQ .:. RSS .:. Contact