Amazon Ads API: 403 Forbidden / "No output data" on /v2/profiles (Client ID, Scope, and Auth Issues)

Questions
1

Hi everyone,

I’m hitting a wall connecting n8n to the Amazon Ads API. I’m trying to use the standard /v2/profiles endpoint to retrieve the profileId but consistently get a 403 Forbidden (masked as “No output data returned” in n8n).

I suspect a combination of missing headers and scope issues, but I’ve exhausted my current troubleshooting steps.

Problem Details & Steps Taken

  1. Goal: Successfully call GET https://advertising-api-eu.amazon.com/v2/profiles to get the profile ID.

  2. Initial Error: The node returned “No output data returned” (which the browser console showed as a 403 Forbidden).

  3. Authentication Setup (My OAuth2 Credential):

    • Type: OAuth2 API

    • Client ID/Secret: Using the client’s credentials.

    • Current Scope: advertising::campaign_management 4. Header Conflict Test: When I removed the manually added Amazon-Advertising-API-ClientId header, the error immediately changed to 401 Unauthorized (as expected, since n8n’s Generic OAuth2 doesn’t add the Client ID header). This proves the header is necessary.

  4. Current (Failing) HTTP Request Configuration:

    • Method: GET

    • URL: https://advertising-api-eu.amazon.com/v2/profiles

    • Authentication: OAuth2 API (using “Unnamed credential 2”)

    • Send Headers: Manually adding the client ID (required, as shown in test 4).

The Current State

  • Token is Fresh: I have re-authorized the credential successfully.

  • Headers: Authorization: Bearer <token> (from credential) and Amazon-Advertising-API-ClientId: <client_id> (manually added) are both present.

  • Result: Still receiving 403 Forbidden / “No output data returned.”

Possible Issues I Need Help With

  1. Scope Issue: Is the scope advertising::campaign_management sufficient to hit the /v2/profiles endpoint? Should I change it to include advertising::read_only?

  2. User Permissions: My client confirmed I have Developer access. However, I suspect the specific user who clicked “Allow” might only have Viewer permissions on the advertising profile, preventing the API from showing the profile list.

    • Client’s User Role: My Amazon Developer account shows I have “Developer” access, but the specific Amazon Ads Console user permissions are unknown. 3. Configuration Check: Is there a standard Amazon Ads n8n configuration that handles both the Authorization and the Amazon-Advertising-API-ClientId headers automatically, or must the Client ID always be manual?

Any guidance on which specific scope or header configuration is required for the /v2/profiles endpoint would be hugely appreciated!

Thanks!