Step 5. Generate a signature for the payment request
If you are using the Amazon Pay API, you must include a signature in the request parameters so that Amazon can authenticate your payment requests. If you do not include a signature or if the signature is incorrect, the buyer is directed to an error page that redirects to your specified returnURL for failure handling.
Note: If you are using the express integration with the Button Generator, the signature is generated automatically and you can skip this step.
To generate the signature, do this:
- Construct the string to sign.
- Sign the string with your MWS secret access key.
- Add the signature to the Amazon Pay button parameters.
To create a valid signature, you need to construct the string to sign according to the Amazon MWS V2 signature spec. The string consists of the following elements, with each section separated by a new line:
- The HTTP action. For an Amazon Pay request, it is always POST.
- The request domain. For an Amazon Pay request, it is always a forward slash (/).
- Sorted parameters in query string format, with the URL encoded parameter name and value.
Note: When generating a signature, include only the parameters that must be signed. The required parameters are:
You should include the following parameters when generating a signature only if you designated a value other than the default:
The following example shows what your string to sign might look like. Note that you must replace the value of each field according to the parameter values that you want to use.
POST payments.amazon.com / accessKey=ACCESSKEY &amount=1.01 &cancelReturnURL=https://cancelReturnURL ¤cyCode=USD &lwaClientId=LWACLIENTID &paymentAction=None &returnURL=https://returnURL &sellerId=SELLERID &sellerNote=SELLERNOTE &sellerOrderId=SELLERORDERID &shippingAddressRequired=true
Security recommendation: You should use HTTPS when generating the signature. This will help prevent third parties from eavesdropping on sensitive payment information.