An access scope defines the type of user profile data that the client is requesting. The first time users sign in, they see a list of the items in the access scope and must agree to provide the data to the client to proceed.
An access token is granted by the authorisation server when a user signs in to a site. An access token is specific to a client, a user, and an access scope. A client must use an access token to retrieve customer profile data and allow access to shipping and payment information.
A return URL is an address on a website that uses Login with Amazon. The Login with Amazon authorisation service redirects users to this address when they complete login. Also see Redirect URL.
Application Programming Interfaces (APIs)
You call the operations in the Amazon Pay API to exchange information and instructions between Amazon Pay and your internal systems. For example, you call these operations to obtain customer profile information, ask Amazon to charge the buyer, issue a refund, get the buyer's shipping information, or cancel an order reference. For more information, see the Amazon Pay API reference guide.
The client identifier is a value assigned to the client when they register with Login with Amazon that is used in conjunction with the client secret to verify the identity of the client when they request an authorisation grant from the authorisation service. The client identifier is not secret.
The client secret, like the client identifier, is a value assigned to the client when they register with Login with Amazon that is used in conjunction with the client identifier to verify the identity of the client when they request an authorisation grant from the authorisation service. The client secret must be kept confidential.
When users sign in to a website or mobile app for the first time, they are presented with a consent screen if the website or app requests profile data. The consent screen shows the name, logo image file, and privacy notice URL associated with the website or app, along with the Access scope that is being requested.
A customer profile contains information about the Login with Amazon customer, including their name, email address, postal code, and a unique identifier. A website must obtain an access token before it can obtain a customer profile. The kind of profile data returned is determined by the Access scope.
An implicit grant is an authorization grant that can be completed using only the user's web browser. When using an implicit grant, the browser receives an access token as a URI fragment. An implicit grant requires a client identifier and an access scope. The implicit grant doesn't return a refresh token.
Instant Payment Notifications (IPNs)
Amazon processes your payment requests (Authorize, Capture, and Refund) in an asynchronous manner. After Amazon processes each request, you receive a notification, called an Instant Payment Notification (IPN), which notifies you of the final status of the request.
Additionally, the status of a payment object can change because of a request submitted by you or because of an internal Amazon business rule. If the status of a payment object changes, Amazon sends an IPN to you so that you can keep your system in sync with Amazon Pay. For more information, see Instant Payment Notification (IPN).
The login screen is an HTML page presented to users when they initiate signing in to a website or mobile app using Login with Amazon. Users can enter credentials from an existing Amazon account or create a new account from the login screen.
Login with Amazon
The Amazon Pay and Login with Amazon service consists of two parts, Login with Amazon and Amazon Pay. These two parts are closely related technically and run on the same platform.
Login with Amazon lets your customers become registered users just by signing in with their Amazon credentials. Amazon Pay then transfers user information to you that lets you create a local account for the customer. This also means that you get the real customer email address and can contact them directly.
Logo image file
A PNG file provided by the client when setting up an application on the Login with Amazon console in Seller Central. The logo image appears on the user login screen and represents the client website.
The Marketplace Switcher is a drop-down box near the top of the screen on Seller Central that is used to switch between marketplaces. For example, you use the Marketplace Switcher to move from Sandbox mode to Production.
Note: If your screen is minimized, the Marketplace Switcher drop-down box appears as an icon (see below) rather than the full drop-down box. If you see the icon, increase the size of your screen to be able to use the drop-down box to switch marketplaces.
A package name is a unique identifier for an Android app. Package names normally take the form of com.companyname.appname.
The Amazon Pay and Login with Amazon service consists of two parts, Login with Amazon and Pay with Amazon. These two parts are closely related technically and run on the same platform.
Amazon Pay represents a checkout that is fully integrated into your site by means of widgets that Amazon Pay provides to you. The Amazon Pay checkout is a part of your website, but a buyer chooses a shipping address and payment method that is stored in their Amazon.com user accounts.
Regardless of whether or not the buyer previously used Login with Amazon to identify themselves on your site, you can decide to offer Amazon Pay with guest checkout, a registered checkout with implicit account creation, or both. When you provide both guest checkout and registered checkout, you leave the choice to the customer.
Privacy notice URL
A URL provided by you, pointing to the authorization service. After a customer signs in, the service redirects the customer's browser to this address. Also see Allowed return URL.
A signature is an MD5 hash value embedded in a mobile app that verifies the identity of the app. Signatures normally take the form of 01:23:45:67:89:ab:cd:ef.