Renew Your Website Authorization
Renew your website authorization.
To manually reauthorize your application, or have existing users (sellers or vendors) authorize new roles for your application, you must set up an OAuth workflow. Reauthorization is performed in Seller Central or Vendor Central.
To create a new authorization in your application, use the Selling Partner Appstore authorization workflow or Website authorization workflow.
Step 1. Reauthorize from Manage Your Apps page
-
Sign in to Seller Central or Vendor Central and navigate to Manage Your Apps.
-
Find the application that you want to reauthorize.
-
Choose Re-Authorize.
-
Review and accept the data access requested by your application.
-
Choose Login to [your application name] now.
Amazon loads your Login URI (provided when you created the app client from your developer account) into the browser with the following query parameters:
ParameterDescription amazon_callback_uriA URI for redirecting the browser to Amazon. amazon_stateA state value generated by Amazon to guard against cross-site request forgery attacks. selling_partner_idThe identifier of the selling partner who is authorizing your application.
Request example:
https://d2yzyfnnpjylxu.cloudfront.net/index.html?amazon_callback_uri=https://amazon.com/apps/authorize/confirm/amzn1.sellerapps.app.2eca283f-9f5a-4d13-b16c-474EXAMPLE57&amazon_state=amazonstateexample&selling_partner_id=A3FHEXAMPLEYWS
Note
If the application is in
DRAFTstatus, Amazon includesversion=betain the URI.
Step 2. Sign in to your website and generate a refresh token
-
Use the Login with Amazon (LWA) authorization code to generate an LWA refresh token.
Note
You can use the Login with Amazon SDK for JavaScript to use an LWA authorization code to generate an LWA refresh token. For more information, refer to the Login with Amazon documentation.
Your application calls the LWA authorization server (https://api.amazon.com/auth/o2/token), which uses the LWA authorization code to generate an LWA refresh token. The call must include the following query parameters:
Parameter | Description |
|---|---|
grant_type | The type of access grant requested. Must be authorization_code. |
code | Your LWA authorization code. |
redirect_uri | The redirect URI for your application. |
client_id | Part of your LWA credentials. |
client_secret | Part of your LWA credentials. |
Request example:
POST /auth/o2/token HTTP/l.l
Host: api.amazon.com
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
grant_type=authorization_code&code=SplxlOexamplebYS6WxSbIA&client_id=foodev&client_secret=Y76SDl2F
The LWA Authorization Server returns the LWA refresh token. The response includes:
Parameter | Description |
|---|---|
access_token | A token that authorizes your application to take certain actions on behalf of a selling partner. For more information, refer to Connecting to the Selling Partner API. |
token_type | The type of token returned (should be bearer). |
expires_in | The number of seconds until the access token expires. |
refresh_token | A token that you can use to generate a new access token. For more information, refer to Connecting to the Selling Partner API. |
Response example:
{
"access_token": "Atza|IQEBLjAsAexampleHpi0U-Dme37rR6CuUpSR",
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": "Atzr|IQEBLzAtAhexamplewVz2Nn6f2y-tpJX2DeX"
}
Your application saves the refresh_token value. Delete the old refresh_token for the selling partner. The browser opens a page that indicates next steps for using your application.
Note
An LWA refresh token is a long-lived token that you can use to generate an LWA access token. An access token obtained through this token generation must be included with calls to all Selling Partner API operations, except:
Access tokens expire after one hour. You can use an access token for multiple API calls while it's active.
To generate a refresh token for an access token using a generated SDK, refer to Connecting to the Selling Partner API using a generated Java SDK. To manually generate a refresh token for an access token, refer to Connecting to the Selling Partner API.
Step 3. Test your reauthorization workflow
Visit the Manage Your Apps page within Seller Central or Vendor Central and choose the Re-Authorize button to start the reauthorization workflow. If you're testing your workflow with a trusted selling partner, make sure they log in to their selling partner account on Seller Central or Vendor Central and navigate to the Manage Your Apps page to initiate the workflow.
Test the reauthorization workflows for these scenarios:
- The seller or vendor is logged in to your website at Step 1.
- The seller or vendor is logged out of your website at Step 1.
Note
We recommend that you test your reauthorization workflow while your application is in
Draftstatus to ensure that your application can generate parameters and receive authorization information. If this workflow isn't set up correctly, existing sellers and vendors might lose access to your application when trying to reauthorize.
Updated about 2 months ago