HomeDocumentationCode SamplesAnnouncementsModelsRelease NotesFAQGitHubVideos
Developer HubAPI StatusSupport
Documentation
Developer HubAPI StatusSupport

Renew Your Website Authorization

Renew your website authorization.

To manually reauthorize your application, or have existing users (sellers or vendors) authorize new roles for your application, you must set up an OAuth workflow. Reauthorization is performed in Seller Central or Vendor Central.

To create a new authorization in your application, use the Selling Partner Appstore authorization workflow or Website authorization workflow.

Step 1. Reauthorize from Manage Your Apps page

  1. Sign in to Seller Central or Vendor Central and navigate to Manage Your Apps.

  2. Find the application that you want to reauthorize.

  3. Choose Re-Authorize.

  4. Review and accept the data access requested by your application.

  5. Choose Login to [your application name] now.

    Amazon loads your Login URI (provided when you created the app client from your developer account) into the browser with the following query parameters:

    Parameter
    Description
    amazon_callback_uriA URI for redirecting the browser to Amazon.
    amazon_stateA state value generated by Amazon to guard against cross-site request forgery attacks.
    selling_partner_idThe identifier of the selling partner who is authorizing your application.

Request example:

https://d2yzyfnnpjylxu.cloudfront.net/index.html?amazon_callback_uri=https://amazon.com/apps/authorize/confirm/amzn1.sellerapps.app.2eca283f-9f5a-4d13-b16c-474EXAMPLE57&amazon_state=amazonstateexample&selling_partner_id=A3FHEXAMPLEYWS

📘

Note

If the application is in DRAFT status, Amazon includes version=beta in the URI.

Step 2. Sign in to your website and generate a refresh token

  1. Sign in to your website.

  2. Amazon sends you the authorization information.

  3. Use the Login with Amazon (LWA) authorization code to generate an LWA refresh token.

📘

Note

You can use the Login with Amazon SDK for JavaScript to use an LWA authorization code to generate an LWA refresh token. For more information, refer to the Login with Amazon documentation.

Your application calls the LWA authorization server (https://api.amazon.com/auth/o2/token), which uses the LWA authorization code to generate an LWA refresh token. The call must include the following query parameters:

Parameter
Description
grant_typeThe type of access grant requested. Must be authorization_code.
codeYour LWA authorization code.
redirect_uriThe redirect URI for your application.
client_idPart of your LWA credentials.
client_secretPart of your LWA credentials.

Request example:

POST /auth/o2/token HTTP/l.l
Host: api.amazon.com
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
grant_type=authorization_code&code=SplxlOexamplebYS6WxSbIA&client_id=foodev&client_secret=Y76SDl2F

The LWA Authorization Server returns the LWA refresh token. The response includes:

Parameter
Description
access_tokenA token that authorizes your application to take certain actions on behalf of a selling partner. For more information, refer to Connecting to the Selling Partner API.
token_typeThe type of token returned (should be bearer).
expires_inThe number of seconds until the access token expires.
refresh_tokenA token that you can use to generate a new access token. For more information, refer to Connecting to the Selling Partner API.

Response example:

{
  "access_token": "Atza|IQEBLjAsAexampleHpi0U-Dme37rR6CuUpSR",
  "token_type": "bearer",
  "expires_in": 3600,
  "refresh_token": "Atzr|IQEBLzAtAhexamplewVz2Nn6f2y-tpJX2DeX"
}

Your application saves the refresh_token value. Delete the old refresh_token for the selling partner. The browser opens a page that indicates next steps for using your application.

📘

Note

An LWA refresh token is a long-lived token that you can use to generate an LWA access token. An access token obtained through this token generation must be included with calls to all Selling Partner API operations, except:

Access tokens expire after one hour. You can use an access token for multiple API calls while it's active.

To generate a refresh token for an access token using a generated SDK, refer to Connecting to the Selling Partner API using a generated Java SDK. To manually generate a refresh token for an access token, refer to Connecting to the Selling Partner API.

Step 3. Test your reauthorization workflow

Visit the Manage Your Apps page within Seller Central or Vendor Central and choose the Re-Authorize button to start the reauthorization workflow. If you're testing your workflow with a trusted selling partner, make sure they log in to their selling partner account on Seller Central or Vendor Central and navigate to the Manage Your Apps page to initiate the workflow.

Test the reauthorization workflows for these scenarios:

  • The seller or vendor is logged in to your website at Step 1.
  • The seller or vendor is logged out of your website at Step 1.

📘

Note

We recommend that you test your reauthorization workflow while your application is in Draft status to ensure that your application can generate parameters and receive authorization information. If this workflow isn't set up correctly, existing sellers and vendors might lose access to your application when trying to reauthorize.