Hacker News new | past | comments | ask | show | jobs | submit login
Amazon APIs are the worst. No comparison. *Rant
10 points by kderbyma 4 months ago | hide | past | favorite | 3 comments
Working with amazon API's is single handedly the worst experience I have ever had programming. They are a textbook example of how to build the worst architecture, and their support system is designed to be almost unusable.

LWA is probably the worst Oauth process ever devised. Their indiosyncracies are so poorly thought out, it makes every crappy "wish we had known when we built this" API design look like an A+.

They require the stupidest relationships, they automatically link things you don't want to link, and they cannot link up anything you want to have automated. They cannot manage sessions correctly between the half-dozen different domains you need to constantly login despite requiring you to register on all of them. They have obscure documentation that does everything but accurately describe the process. Verbose, Inaccurate, Poorly formatted, Impossible to scan, search comes up empty on every question, no FAQs worth a damn.

The number of errors is obscene, nothing seems to work, their IDs are impossible to find, and when you find them, they are magically different and don't seem to be linkable. They rely on emails, yet when you use the same email, it doesn't seem to make a difference.

They require you to constantly go into their AWS IAM console for services which never touch AWS (like Ads, Seller Central, Etc.)

Usually you have a secret, an Id, and maybe an extra ID, but with amazon it seems like you need a damn database just to keep track of the IDs. They then add on top of the ids, the most opaque and granular permissions system known to man, and require you to draft policies by hand using their terrible syntax, not to mention you then need to create specific service accounts, and attach them to the policies, and build roles, and assign the policies to work with the Client IDs, Secrets, Shared Secret, Role Id, etc...

Its disgusting. Its entropy in motion. Its what the heat death of the universe looks like.

Seller Central is the worst...SP-API should be burned alive and never talked about again.

Amazon Ads API should be simple, but somehow, their convoluted systems make it nigh impossible to just make anything work without hitting up support who then cannot do anything because they are siloed in a basement of self-flaggelating slaves somewhere in the world. Then you have the regions, the countries, and need to know which god-forsaked place your user is trying to get into.

Its the most misanthropic design ever devised, and clearly no one at Amazon has a clue about anything.

They clearly hired the cheapest architects, and their UI took almost 2 decades to update and when completed looked worse than the old UIs....

Amazon should be ashamed. No one should be proud of their achievements....They should eulugize them and find a new hobby.

Has anyone ever once had a good experience with Amazon's APIs? And if so, how?




My impression is that IAM is in and of itself a good system, but that it has grown a lot over the years and now has a ton of legacy scenarios that it has to support.

Add in that it seems to be up to the specific service to implement the newer stuff, and you arrive at having three or more different ways to permission resources, none of which are supported everywhere.

In other words - it's old enough to be crufty.


I've had a high degree of satisfaction with AWS but I have done very little with their other APIs. My impression is that Google Cloud is in a class by itself having a difficult API to work with but that's because the authentication process is like the intro to the old Get Smart TV show

https://www.youtube.com/watch?v=ankXUaWqQgM

it seems like LWA is like that for you and maybe that is a big pain point for everything else you are doing. auth is like that because it is so central: if it doesn't work you can't get anything done but boy you are in trouble if somebody can bypass it. I have been reworking an auth system in the last month and it is slow going because the risk is so high.


I have to disagree. We work with Google services and Amazon - we use Google for our cloud services. They are league above amazon in every single way.

The only thing amazon has managed to ever get right is Routing (Route 53), Gateways, and pure AWS only stuff (like containers).

Once you try to incorporate any of their other services (Ads, Seller Central, Vendors, etc.) you see how bad it is.

Nothing works - yet you are still required to use AWS credentials for one purpose (IAM).

LWA is a separate thing from IAM - Oauth should be easy - everyone has figured it out, but Amazon's is so terrible, its not even funny.

---

I challenge you to try setting up the SP-API one day. You will see the pain.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: