Integrate One-Click Account Information Sharing

Important: At this time, Quick Subscribe is available to select partners only.

Setting up one-click account information sharing is an important step in the Quick Subscribe flow. One-click account information sharing allows customers to share their Amazon account information with your app with minimal effort, rather than having to manually enter their details. This feature improves the sign-up experience for customers. Use this guide to set up one-click account information sharing in your app.

Update app manifest
Implement getUserData changes
Get Access Token API
Get User Profile API
Best practices for account setup
Related topics

Update app manifest

To indicate to the Appstore that your app supports the one-click account information sharing feature, update your app's manifest with the following code.

<uses-feature android:name="amazon.lwa.quicksignup.supported"/>

Implement getUserData changes

To determine whether a customer has explicitly consented to share their Amazon account details with your app, you must implement the following process during your app's initialization.

In the onCreate() method of your app's main activity:

Create a new UserDataRequest object and configure it to request the customer's profile consent status information. To configure the UserDataRequest object to request consent status, set its setFetchUserProfileAccessConsentStatus() method to true.
Call the getUserData() method and pass the configured UserDataRequest object to it.

The following example shows how to build a UserDataRequest object and pass it to getUserData().

@Override
protected void onCreate(Bundle savedInstanceState)
{
    super.onCreate(savedInstanceState);
    
    //...
    
    // Pass the reference of PurchasingListener to be registered
    PurchasingService.registerListener(this.getApplicationContext(), purchasingListener);
    
    // Pass the reference of UserProfileAccessListener to be registered
    PurchasingService.registerUserProfileAccessListener(this.getApplicationContext(), userProfileAccessListener);
     
    // Implement logic to identify customer logged in status inside isLoggedIn()
    if (!isLoggedIn()) {
        PurchasingService.getUserData(UserDataRequest.newBuilder().setFetchUserProfileAccessConsentStatus(true).build());
    }
    //...
}

Implement the onUserDataResponse() callback method to get the UserDataResponse object, which contains customer consent data. The following code shows how to handle the consent data received from the UserDataResponse object.

@Override
public void onUserDataResponse(final UserDataResponse response) {

    UserDataResponse.RequestStatus status = response.getRequestStatus();

    switch (status) {
        case SUCCESSFUL:
            if (UserProfileAccessConsentStatus.CONSENTED.equals(response.getUserData().getUserProfileAccessConsentStatus())) {
                // Initiate the custom loader screen or spinner.
                PurchasingService.requestUserProfileAccess();
            }
            break;

        case FAILED:
        case NOT_SUPPORTED:
            // Fail gracefully.
            break;
    }
}

If a customer provides consent, the UserProfileAccessConsentStatus of the UserData object has the status CONSENTED. If a customer doesn't provide consent or if the consent token expires, UserProfileAccessConsentStatus has the status UNAVAILABLE.

Note: A consent token expires after the first query.

If the customer provides consent, call the requestUserProfileAccess() method and update your server with the authorization code found in the response object. Then, use the REST APIs provided by Appstore SDK to get an access token and the customer profile. Create an account in your system with the user information shared.

The following code shows how to extract the user profile access authorization code from the UserProfileAccessResponse object.

@Override
public void onUserProfileAccessResponse(final UserProfileAccessResponse response) {
    
    UserProfileAccessResponse.RequestStatus status = response.getRequestStatus();
    
    switch (status) {
        case SUCCESSFUL:
            // Here you should update your server with the userProfileAccessAuthCode 
            // to further interact with Appstore SDK REST APIs to get access token and customer profile.
            final String userProfileAccessAuthCode = response.getUserProfileAccessAuthCode();
            break;
    
        case FAILED:
        case NOT_SUPPORTED:
            // Fail gracefully.
            break;
    } 
}

If the customer doesn't provide consent, show your own sign-in screen. The customer can then enter their credentials using the keyboard to sign in to your app.

Note: After you request access to the user profile and update your server with the response, you'll call the Appstore SDK REST APIs to get the access token and customer profile. The next sections explain these APIs.

Get Access Token API

Appstore SDK provides the Get Access Token REST API for you to obtain an access token. This section describes the request, response, and errors.

Access token request

After the app receives a response to requestUserProfileAccess() with a valid authorization code, it can use that code to obtain an access token. With an access token, the client can read a customer profile.

The Get Access Token API must use a POST request rather than a GET request, as shown in the following example.

POST https://appstore-sdk.amazon.com/version/1.0/auth/o2/token?
grant_type=authorization_code
&code=SplxlOBezQQYbYS6WxSbIA
&client_id=foodev
&client_secret=foosecret

The following table describes the access token request parameters.

Access token request parameters
Request parameter	Description
`grant_type`	Required. The type of access grant requested. Must be `authorization_code`.
`code`	Required. The authorization code returned by the `requestUserProfileAccess()` method.
`client_id`	Required. The client identifier.
`client_secret`	Required. The secret value assigned to the client during registration. Don't use the client secret in browser-based apps because client secrets can't be reliably stored on web pages.

Access token response

To access customer data, you must provide an access token to the Appstore SDK Get User Profile API. An access token is an alphanumeric code 350 characters or more in length, with a maximum size of 2048 bytes. Access tokens begin with the characters Atza|.

Response parameters are encoded using the application/json media type. For more information, see RFC4627. The following is an example response from an access token request.

{
"access_token":"Atza|IQEBLjAsAhRmHjNgHpi0U-Dme37rR6CuUpSR...",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"Atzr|IQEBLzAtAhRPpMJxdwVz2Nn6f2y-tpJX2DeX..."
}

The following table describes the access token response parameters.

Access token response parameters
Response parameter	Description
`access_token`	The access token for the user account. Maximum size of 2048 bytes.
`token_type`	The type of token returned. Value is `bearer`.
`expires_in`	The number of seconds before the access token becomes invalid.
`refresh_token`	A refresh token that can be used to request a new access token. Maximum size of 2048 bytes.

An access token is a bearer token and can be used by another client. For more information, see The OAuth 2.0 Authorization Framework: Bearer Token Usage.

Access token errors

For some errors, the authorization service may return an HTTP 401 (Unauthorized) status code. This includes cases where the client passed the client_id and client_secret values in the authorization header and the client could not be authenticated.

The following table describes the error parameters in an unsuccessful response.

Access token error response parameters
Error parameter	Description
`error`	An ASCII error code with an error code value.
`error_description`	A human-readable ASCII string with information about the error, useful for client developers.
`request_id`	ID associated to your access token request.

The following error codes can be returned as the value for error.

Access token error response codes
Error code	Description
`invalid_request`	The request is missing a required parameter, has an invalid value, or is otherwise improperly formed.
`invalid_client`	The client authentication failed. This is used in cases when the authorization service does not return an `HTTP 401 (Unauthorized)` status code.
`invalid_grant`	The authorization code is invalid, expired, revoked, or was issued to a different `client_id`.
`unauthorized_client`	The client is not authorized to use authorization codes. Can be caused by invalid `code_verifier`.
`unsupported_grant_type`	The client specified the wrong `token_type`.
`ServerError`	The server encountered a runtime error.

Get User Profile API

Appstore SDK provides the Get User Profile REST API to get user profile data. This section describes the request, response, and errors.

User profile request

To access authorized user profile data, use the Get User Profile API to submit the access token to the Appstore. The Get User Profile API uses an HTTPS GET request and takes the access token that you received from the Get Access Token API as it's only parameter.

The following example shows a GET request to obtain user profile data.

GET https://appstore-sdk.amazon.com/version/1.0/user/profile?
access_token=Atza|IQEBLjAsAhRmHjNgHpi0U-Dme37rR6CuUpSR...

User profile request parameters
Request parameter	Description
`access_token`	Required. The access token received from the Get Access Token API.

User profile response

If your access token is valid, you receive the customer's profile data as an HTTP response in JSON, as shown in this example.

{
"user_id": "amznl.account.K2LI23KL2LK2",
"email":"mhashimoto-04@plaxo.com",
"name" :"Mork Hashimoto",
"postal_code": "98052"
}

If there is a problem fulfilling your profile request, you receive an HTTP error and might receive a JSON payload with more information, as shown in the following example.

{
"error": "machine-readable error code",
"error_description": "human-readable error description",
"request_id": "bef0c2f8-e292-4l96-8c95-8833fbd559df"
}

The following table describes the error codes that can be returned in an unsuccessful user profile request.

User profile error response codes
HTTP status code	Status message	Description
200	Success	The request was successful.
400	invalid_request	The request is missing a required parameter or otherwise malformed.
400	invalid_token	The access token provided is expired, revoked, malformed, or invalid for other reasons.
401	insufficient_scope	The access token provided does not have access to the required scope.
500	ServerError	The server encountered a runtime error.

Best practices for account setup

Follow these best practices for setting up customer accounts.

If UserProfileAccessConsentStatus has the value CONSENTED in the getUserData() response, do the following:
- Fetch the user information from the Appstore SDK Get User Profile API. Use this information to create a login account with a temporary password. Sign the customer in to the app without requesting a password reset or additional details from the customer.
- Later, ask the customer to reset the password through email.
If UserProfileAccessConsentStatus is UNAVAILABLE, use the default app sign-up experience for the customer.

Last updated: Apr 07, 2025