Index: branches/version-2_12-dev/data/class/api/SC_Api_Operation.php
===================================================================
--- branches/version-2_12-dev/data/class/api/SC_Api_Operation.php	(revision 21713)
+++ branches/version-2_12-dev/data/class/api/SC_Api_Operation.php	(revision 21722)
@@ -64,10 +64,10 @@
         $table = 'dtb_member';
         $where = 'login_id = ? AND del_flg <> 1 AND work = 1';
-        $arrData = $objQuery->getRow($cols, $table, $where, array($login_id));
+        $arrData = $objQuery->getRow($cols, $table, $where, array($member_id));
         if (SC_Utils_Ex::isBlank($arrData)) {
             return false;
         }
         // ユーザー入力パスワードの判定
-        if (SC_Utils_Ex::sfIsMatchHashPassword($pass, $arrData['password'], $arrData['salt'])) {
+        if (SC_Utils_Ex::sfIsMatchHashPassword($member_password, $arrData['password'], $arrData['salt'])) {
             return true;
         }
@@ -134,4 +134,7 @@
         $access_key = $arrParam['AccessKeyId'];
         $secret_key = SC_Api_Operation_Ex::getApiSecretKey($access_key);
+        if(SC_Utils_Ex::isBlank($secret_key)) {
+            return false;
+        }
 
         // バイト順に並び替え
@@ -155,7 +158,5 @@
                      . $_SERVER['PHP_SELF'] . "\n"
                      . $check_str;
-
         $signature = base64_encode(hash_hmac('sha256', $check_str, $secret_key, true));
-
         if($signature === $arrParam['Signature']) {
             return true;
@@ -190,5 +191,5 @@
     protected function getApiSecretKey($access_key) {
         $objQuery =& SC_Query_Ex::getSingletonInstance();
-        $secret_key = $objQuery->get('api_secret_key', 'dtb_api_account', 'api_access_key = ? and del_flg = 0');
+        $secret_key = $objQuery->get('api_secret_key', 'dtb_api_account', 'api_access_key = ? and enable = 1 and del_flg = 0', array($access_key));
         return $secret_key;
     }
@@ -201,5 +202,5 @@
      * @return boolean 権限がある場合 true; 無い場合 false
      */
-    protected function checkOperationAuth($operation_name, &$arrParams, &$arrApiConfig) {
+    protected function checkOperationAuth($operation_name, &$arrParam, &$arrApiConfig) {
         if (SC_Utils_Ex::isBlank($operation_name)) {
             return false;
@@ -300,5 +301,5 @@
             $arrApiConfig = SC_Api_Utils_Ex::getApiConfig($operation_name);
 
-            if (SC_Api_Operation_Ex::checkOperationAuth($operation_name, $arrParam, $arrApiConfig)) {
+            if (SC_Api_Operation_Ex::checkOperationAuth($operation_name, $arrPost, $arrApiConfig)) {
                 SC_Api_Utils_Ex::printApiLog('Authority PASS', $start_time, $operation_name);
 
Index: branches/version-2_12-dev/data/class/api/SC_Api_Utils.php
===================================================================
--- branches/version-2_12-dev/data/class/api/SC_Api_Utils.php	(revision 21713)
+++ branches/version-2_12-dev/data/class/api/SC_Api_Utils.php	(revision 21722)
@@ -35,5 +35,5 @@
 class SC_Api_Utils {
 
-    /** API XML Namspase */
+    /** API XML Namspase Header */
     const API_XMLNS = 'http://www.ec-cube.net/ECCUBEApi/';