Unable to connect to SP-API

Hi, We have developed a private MWS applications which runs fine with MWS APIs. We are now trying to test SP-API in order to prepare migration. Using the technical documentation we have :

• created an IAM user with our AWS account
• defined and created an authorization policy with STS
• created a role with this policy
• registered in seller central a new private SP-API application with the previously created arn (including nearly all authorization, notably orders)
• self-authorized this application and got the LWA information : id, secret code and refresh-token
• using Postman, we requested with success a security token using STS
• using Postman we imported the Orders json file and tried to call SP-API GET Orders. We provided all the relevant infos, including id, secret code, and the token obtained in the previous step. Unfortunately, the only answer we can get is code 403 error : The security token included in the request is invalid.

According to the documentation I created a "SellerPartnerAPI" policy including { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "execute-api:Invoke", "Resource": "arn:aws:execute-api:::*" } ] } Please help , it's been a week since our first try ! Here is the postman track re a new test done this morning : GET https://sellingpartnerapi-eu.amazon.com/orders/v0/orders?CreatedAfter=2023-03-01&MarketplaceIds=A13V1IB3VIYZZH 403 172 ms GET /orders/v0/orders?CreatedAfter=2023-03-01&MarketplaceIds=A13V1IB3VIYZZH HTTP/1.1 Accept: application/json Host: sellingpartnerapi-eu.amazon.com X-Amz-Security-Token: Atza|IwEBIBAAVkX_G6WERnyAtp03wCe2Hvc1ucciQQ15xxTPRS1iVqaIrHRUGQR7nMir1UX6LceaJ-DkjjKIKvwk2WOHre0opwzo4yjAl9SM3xwsg5bKzajv2XXgLj7FKYVhGdIlYlB_J52Lgeo-EHzllmwFJMeCj2UiWK_3rfb_4eVUJov5PsvYt1J0yY85Lweh4Vcnxevcb0zEIaFCalCzm0dCAh5tQCEvF8TOiliJJE2lKImfp7aka5go94Chko4mjs3nLxByY9JUnTn8r5JyAnmvOkn4zPHr0361YJK5I2Pq_IgIC05rD57lcwDElwochknVP-EAn8MEe0iPrdu_AKZfN2yx X-Amz-Date: 20230308T091250Z Authorization: AWS4-HMAC-SHA256 Credential=amzn1.application-oa2-client.15bef5d917ca45709dd18035b6d35996/20230308/eu-west-1/execute-api/aws4_request, SignedHeaders=accept;host;x-amz-date;x-amz-security-token, Signature=d893a93dba2612d61e7e8fa23f89301a115312627011a78062d395f6819fb2f8 User-Agent: PostmanRuntime/7.29.2 Postman-Token: c2a4878e-d395-40ca-92eb-568f77b1154c Accept-Encoding: gzip, deflate, br Connection: keep-alive

HTTP/1.1 403 Forbidden Date: Wed, 08 Mar 2023 09:12:50 GMT Content-Type: application/json Content-Length: 137 Connection: keep-alive x-amzn-RequestId: f79343aa-bb8c-40f7-a63e-cc12300c3b16 x-amzn-ErrorType: UnrecognizedClientException x-amz-apigw-id: BdGu9GgjjoEFjZg=

{ "errors": [ { "message": "The security token included in the request is invalid.", "code": "InvalidInput" } ] }