Due to the horrendously slow web interface of Amazon's "Manage your Kindle", I am trying to figure out how to build an app that connects to the undocumented services that feed the management page. I have now established which URLs and parameters to use in order to retrieve the JSON data needed to do CRUD operations, but I am stuck at being unable to successfully POST data the any of the services using CURL.

There seems to be a problem with authentication, but I am sending all the relevant headers and cookies I can find. Still get a

HTTP/1.1 302 MovedTemporarily
Location: https://www.amazon.com/ap/signin?_encoding=UTF8&accountStatusPolicy=P1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=900&openid.return_to=https%3A%2F%2Fwww.amazon.com%2Fgp%2Fdigital%2Ffiona%2Fmanage%2Ffeatures%2Forder-history%2Fajax%2FqueryPdocs.html%3Fie%3DUTF8%26contentType%3DPersonal%2520Documents%26count%3D15%26offset%3D0 

After sending this request, which is supposed to list all personal documents. The cookies have been copied using Chrome's Web Developer Tools.

> POST /gp/digital/fiona/manage/features/order-history/ajax/queryPdocs.html HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: www.amazon.com
> Accept: */*
> Cookie: session-token=8tAmbclc1/ZjtWU8o5VXyU5H8s0/Yiy346W1/Nx4Sz2BzTUWUR9lkwDABzzgRW1lwZUqcu8MqhGzbby2Xg9RA8Y0cwpLRDk5sf6eXUwNQBvZAcgEXsHG8Bj+24q2C1MZ9v5hFrzBNr6pDP+9CYXrMl2WaEVzmvd/sBO69jk5o3mK3PJf1leY6YhLAL3W8dVj89O+ebIoaPvLHP7naDpImbqaa5bwGS4ki+AzJDLAHs5UMwQkiuXoUCnukz1+WqCr0rHhKoPkI17WGm6MrRDs9/PC2ll7+qDU13; session-id=184-5755217-1234567; session-id-time=2082787201l
> Content-Length: 48
> Content-Type: application/x-www-form-urlencoded

(Yes, I changed my session token and session id before posting this online :p )

I use the following call on the CLI and have stored the cookies in cookie3.txt

curl -v --cookie cookie3.txt  --data 'offset=0&count=15&contentType=Personal+Documents' 'https://www.amazon.com/gp/digital/fiona/manage/features/order-history/ajax/queryPdocs.html' 

Any idea what I am missing here to get it working?

It seems that Amazon does it best to implement Security Through Obscurity; if your user agent is not a recognized browser, such as Firefox, Chrome or IE, you will simply be refused access. In order to get requests through one needs to fake the user agent.

I ended up abandoning cURL for Python and the Requests library. All the required steps needed for getting into FIONA can be seen in the code on GitHub.