Connecting Netsuite with Amazon MWS

I am trying to connect to Amazon SP-API for obtaining orders Created After a certain date but i have encountered this error:
{ "errors": [ { "message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. The Canonical String for this request should have been 'GET / CreatedAfter=20201116T125444Z&MarketplaceId=ATVPDKIKX0DER host:sellingpartnerapi-na.amazon.com x-amz-access-token:Atza|IwEBIMzLxXsQchY-WGw-nRN9iUxIDSzhppj2I359K3q5v0b7oFLrt_1Wvul8JvA7vUZjaoCfDxmTKOaIts6QhDvRMm1McB7IJtT8ktHpTElKarRndKH5ckCph_GqqQc2OuSfmS3VSHD7v1pqh8rIzaKIC9v9HcGdx-NGIgLLT0HlDkxaLC0r2U8NueAg9mGINtt5e7L8lQ7RMa9N-WQCFb8TADIEsSpwKK3WShira0z_0hFNoKKYFbxDxMlh5tI4jSCOGEZ_h8crnUJ_UrPY6vFaU01f1rNrHtD5aDYfeJCE_aax0S4_37wtwmDfTqvAiKxl7Y6uwO7uuRtjQo20_NMbpNir x-amz-date:20201116T125444Z host;x-amz-access-token;x-amz-date e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' The String-to-Sign should have been 'AWS4-HMAC-SHA256 20201116T125444Z 20201116/us-east-1/execute-api/aws4_request 9a54fa21548b508a4026f1927f3a67878e537600c1952f3dfb96e60a59ed89be' ", "code": "InvalidSignature" } ] }

String to Sign as well as Canonical Request string exactly matches with that generated by my code . Signature generated by the code also seems to be correct when i verify it by using test credentials from amazon site .
Here is my code . I am using netsuite suitescript 2.0 . I have been trying since few days but couldn’t figure out the solution for this issue .

`var headers={
‘Content-Type’:’application/x-www-form-urlencoded;charset=UTF-8′
}
var body={
‘grant_type’: ‘refresh_token’,
‘refresh_token’: refreshtoken,
‘client_id’: client id here,
‘client_secret’: client secret here
};

    var response=https.post({
      url: 'https://api.amazon.com/auth/o2/token',
      headers: headers,
      body: body

    });

    var accessToken=JSON.parse(response.body).access_token;

    log.debug('Response is ',accessToken); //token retrieved successfully

    

    //Calculating timestamp in ISO 8601  format
    var today = new Date();

    var ISO8601Date=today.getUTCFullYear()+''+pad((today.getUTCMonth()+1))+''+pad(today.getUTCDate())+'T'+pad(today.getUTCHours())+''+pad(today.getUTCMinutes())+''+pad(today.getUTCSeconds())+'Z';



   log.debug('ISO 8601 date format ', ISO8601Date);
    

    log.debug('ISO 8601 date format ', today.getUTCFullYear()+'  '+(today.getUTCMonth()+1)+'  '+today.getUTCDate()+'T'+today.getUTCHours()+'  '+today.getUTCMinutes()+'  '+today.getUTCSeconds()+'Z');

   

    uri='GET https://sellingpartnerapi-na.amazon.com/orders/v0/orders?MarketplaceId=ATVPDKIKX0DER&CreatedAfter='+ISO8601Date;

    

    method = 'GET';

    
    canonical_uri ='/';
    

    canonical_querystring=encodeURI('CreatedAfter='+ISO8601Date+'&MarketplaceId=ATVPDKIKX0DER');

    

    canonical_headers = 'host:' + 'sellingpartnerapi-na.amazon.com' + '\n' + 'x-amz-access-token:' + accessToken + '\n'+ 'x-amz-date:' + ISO8601Date + '\n';


    signed_headers = 'host;x-amz-access-token;x-amz-date';


  
var hmacsha256Data = CryptoJS.SHA256('');
var payload_hash = CryptoJS.enc.Hex.stringify(hmacsha256Data);



    log.debug('Payload hash data ',hmacsha256Data);
    log.debug('Payload payload_hash ',payload_hash);

    

   canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash;




    log.debug('URI String ',canonical_request);

    /*************** TASK 2: CREATE THE STRING TO SIGN************* */
    var datestamp = today.getUTCFullYear()+''+(today.getUTCMonth()+1)+''+today.getUTCDate();

    region = 'us-east-1';
    service='sellingpartnerapi-na';
    algorithm='AWS4-HMAC-SHA256';



    log.debug('Date Stamp is '+datestamp);

   

    var canonicalsha256Data = CryptoJS.SHA256(canonical_request);
    var canonical_hash = CryptoJS.enc.Hex.stringify(canonicalsha256Data);

    log.debug('canonicalsha256Data is ',canonicalsha256Data);

    log.debug('canonical_hash is ',canonical_hash);


    algorithm = 'AWS4-HMAC-SHA256';
    credential_scope = datestamp + '/' + region + '/' + 'execute-api' + '/' + 'aws4_request';
    string_to_sign = algorithm + '\n' +  ISO8601Date + '\n' +  credential_scope + '\n' +  canonical_hash;


    log.debug('String to Sign ',string_to_sign);

    /************* TASK 3: CALCULATE THE SIGNATURE *************/

    secret_key=secret key here; //secret key for iam user 
    access_key=access key here; // access key for iam user

    signing_key = getSignatureKey(secret_key, datestamp, region, service);

    


    var signingsha256Data = CryptoJS.HmacSHA256(string_to_sign,signing_key);

    var signature= CryptoJS.enc.Hex.stringify(signingsha256Data);

    log.debug('Final signature is ',signature);



/************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST *************/
authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' +  'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature;

headers = {host:'sellingpartnerapi-na.amazon.com','x-amz-access-token':accessToken,'x-amz-date':ISO8601Date, 'Authorization':authorization_header}



/************** SEND THE REQUEST **************/
request_url = 'https://sellingpartnerapi-na.amazon.com/orders/v0/orders' + '?' + canonical_querystring;

log.debug('Request URL is ',request_url);


var response = https.get({
  url: request_url,
  headers: headers
});

log.debug('Response Code is ',response.code); //Response code returned is 403
log.debug('Response is ',response.body);  //invalid signature (details at top)

`
//HELPER FUNCTIONS

function getSignatureKey(key, dateStamp, regionName, serviceName) { var kDate = CryptoJS.HmacSHA256(dateStamp, "AWS4" + key); var kRegion = CryptoJS.HmacSHA256(regionName, kDate); var kService = CryptoJS.HmacSHA256(serviceName, kRegion); var kSigning = CryptoJS.HmacSHA256("aws4_request", kService); return kSigning; } function pad(n) {return n<10 ? '0'+n : n}