API Access
To use Developer Console APIs, you need to create a security profile and map the security profile to the API. Security profile is the mechanism used to generate access tokens for API access.
Create a Security Profile
To create a security profile, follow these steps:
- Login to your Amazon Developer Console account. You will be prompted to create an account if you do not already have one.
- In the main navigation, click Apps & Services.
- Click API Access in the sub-menu.
-
Click the name of the API.
- Click the Create a new security profile button.
- Enter a Security Profile Name and Security Profile Description for your new profile, then click Save.
- Save your Client ID and Client Secret (from the Web Settings tab), as you will need this information to access the Sales Reporting API.
Map the Security Profile to the API
To map the security profile to the API, follow these steps:
- Return to the API Access page.
- Click the API name to select the API.
- Select your new security profile from the drop-down list.
- Select Attach to associate the security profile with this API.
The API name and attached security profile is added to the Security Profile(s) in use panel.
You can now use the client ID and client secret to request a Login With Amazon (LWA) access token.
Request LWA Access Token
With your client ID and client secret, use the Login With Amazon API to request a Login with Amazon access token by following these steps:
1. Send token request
Send a POST request to https://api.amazon.com/auth/o2/token with the following header and content:
- Header:
Content-Type: application/x-www-form-urlencoded - Content:
client_id: The client ID you saved in step 7 of Create a Security Profile.client_secret: The client secret you saved in step 7 of Create a Security Profile.grant_type: Set toclient_credentials.scope: Set the value toappstore::apps:readwrite(oradx_reporting::appstore:marketerfor the Reporting API).
Sample JSON content:
{
"grant_type": "client_credentials",
"client_id": "amzn1.application-oa2-client.<your-client-id>",
"client_secret": "<your-client-secret>",
"scope": "appstore::apps:readwrite"
}
Sample cURL request:
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=client_credentials&client_id=amzn1.application-oa2-client.<your-client-id>&client_secret=<your-client-secret>&scope=appstore::apps:readwrite' https://api.amazon.com/auth/O2/token
2. Save the response
The response looks like this:
{
"access_token": "Atc|MAEBI...",
"scope": "appstore::apps:readwrite",
"token_type": "bearer",
"expires_in": 3600
}
access_token: The access token.expires_in: The number of seconds until the access token expires.scope: Will beappstore::apps:readwrite(oradx_reporting::appstore:marketerfor the Reporting API).token_type: Will always bebearer.
3. Handle any error responses
If your token request results in an error, the response message body includes one of the following error messages:
| Error message body | Details |
|---|---|
| {"error_description":"Client authentication failed", "error":"invalid_client"} | Invalid secret key |
| {"error_description":"The request has an invalid parameter : scope", "error":"invalid_scope"} | Invalid scope value |
| {"error_description":"The authorization grant type is not supported by the authorization server", "error":"unsupported_grant_type"} | Incorrect authorization grant type |
| {"error_description":"The Content-Type is not supported by the authorization server", "error":"invalid_request"} | Unsupported content-type |