Authorization API v1 Use Case Guide
How to use the Authorization API to get authorization to call Selling Partner API operations on behalf of a seller who previously authorized you.
API Version: v1
What is the Authorization API?
The Authorization API lets you migrate an Amazon Marketplace Web Service (Amazon MWS) authorization, that a seller previously granted you, to a hybrid Selling Partner API (SP-API) application. This eliminates the need to request authorization from this seller for your hybrid SP-API application.
Note: Authorizations of a hybrid SP-API application expire after one year. Be sure to have your selling partners reauthorize your SP-API hybrid application yearly before their authorizations expire.
When should you use the Authorization API? Suppose you have published an Amazon MWS application on the Amazon Selling Partner Appstore. A number of sellers have authorized you as an Amazon MWS developer so they can use your application. You later convert your Amazon MWS application into a hybrid SP-API application that makes calls to both Amazon MWS and the SP-API. Now you want your application to make calls to the SP-API on behalf of these sellers. The Authorization API lets you do this without your selling partners needing to authorize your hybrid SP-API application.
Tutorial: Migrate an Amazon MWS authorization to a Selling Partner API application
This tutorial shows you how to use the Authorization API to get authorization to call Selling Partner API operations on behalf of a seller who previously authorized you as an Amazon MWS developer.
Prerequisites
This tutorial assumes that you have a hybrid Selling Partner API application published on the Selling Partner Appstore. It also assumes that you published your application following these steps:
- You published an Amazon MWS application on the Selling Partner Appstore.
- One or more sellers have authorized your developer ID to make calls to Amazon MWS on your behalf.
- You converted your Amazon MWS application to a draft hybrid Selling Partner API application.
- You published your hybrid Selling Partner API application to the Selling Partner Appstore.
For more information, see Hybrid Selling Partner API applications in the Amazon Selling Partner API Developer Guide.
Steps
Step 1. Get an LWA authorization code
Step 2. Exchange the LWA authorization code for an LWA refresh token
Step 1. Get an LWA authorization code
An LWA authorization code represents authorization to make calls to Selling Partner API on behalf of a seller who authorized you as an Amazon MWS developer.
Note: An LWA authorization code expires after five minutes. Be sure to exchange it for an LWA refresh token before it expires.
To get an LWA authorization code
-
Get the seller ID of the seller that previously authorized you as an Amazon MWS developer.
-
Get the MWS auth token that the seller gave you when they authorized you.
-
Call the
getAuthorizationCodeoperation of the Authorization API, passing the following parameters:
| Name | Description | Required |
|---|---|---|
sellingPartnerId | The seller ID of the seller for whom you are requesting Selling Partner API authorization. This must be the seller ID of the seller who authorized your application on the Selling Partner Appstore. Type: string | Yes |
developerId | Your developer ID. This must be one of the developer ID values that you provided when you registered your hybrid application in Developer Central. This must also be the developer ID that the seller authorized for you to make calls to Amazon MWS on their behalf. Type: string | Yes |
mwsAuthToken | The MWS Auth Token that was generated when the seller authorized your application on the Selling Partner Appstore. Type: string | Yes |
Request example
GET https://sellingpartnerapi-na.amazon.com/authorization/v1/authorizationCode
Important: The developer ID that you specify must be the same developer ID that you provided when you registered your application for listing in the Selling Partner Appstore. Otherwise the service returns an error.
The operation returns an LWA authorization code.
Response
A successful response includes the following:
| Name | Description | Required |
|---|---|---|
getAuthorizationCodeResponse | The response schema for the GetAuthorizationCode operation. Type: GetAuthorizationCodeResponse | Yes |
Response example
{
"payload": {
"authorizationCode": "authcodeexample"
}
}
Note: While the getAuthorizationCode operation gets you authorization to make calls to Selling Partner API on behalf of a seller, calling the operation itself does not require authorization from any seller. In this respect, the getAuthorizationCode operation is a grantless operation and has a different authorization model from other Selling Partner API operations. For information about calling the getAuthorizationCode operation, see Grantless operations in the Amazon Selling Partner API Developer Guide.
Step 2. Exchange the LWA authorization code for an LWA refresh token
Call the LWA authorization server to exchange the LWA authorization code for an LWA refresh token. Upon receiving the LWA refresh token, your application is authorized to make calls to Selling Partner API operations on the seller's behalf.
The LWA refresh token can be stored and reused to generate access tokens that can be used to make calls to SP-API.
LWA refresh tokens are long-lived, expiring after a year for public developers and never expiring for private developers. The generated access tokens are valid for 60 minutes. Refer to Connecting to the Selling Partner API for help with understanding how to use LWA refresh tokens to get access tokens and make calls to SP-API.
Do not generate new LWA refresh tokens for every call to SP-API
The Authorization API is for migrating authorization from MWS to SP-API one time per authorization. It should not be used repeatedly to get new LWA refresh tokens for every SP-API call. An LWA refresh token should be stored and reused to get access tokens for subsequent calls.
For more information, see Authorizing Selling Partner API applications and Authorization errors in the Selling Partner API Developer Guide.
Updated about 2 months ago