Documentation

Console

Settings

Sign out

Notifications

Alexa

Amazon Appstore

AWS

Documentation

Support

My Cases

Console

Vega Developer Docs

Home

Get Started

Design and Develop

Publish

Reference

Support

Integrate One-Click Account Information Sharing

Open Beta Documentation Amazon offers this technical documentation as part of a pre-release, open beta. The features described might change as Amazon receives feedback and iterates on the features. For the most current feature information, see the Release Notes.

Setting up one-click account information sharing is an important step in the Quick Subscribe flow. One-click account information sharing allows customers to share their Amazon account information with your app with minimal effort, rather than having to manually enter their details. This feature improves the sign-up experience for customers. Use this guide to set up one-click account information sharing in your app.

Implement getUserData changes

To determine if a customer provided consent to share their Amazon account details, in your app's main screen component, call the useIapUserData() hook method with the fetchUserProfileAccessConsentStatus flag of the UserDataRequest object set to true.

The following example shows how to build a UserDataRequest object and invoke it using the useIapUserData() hook when the customer has given consent to obtain their details.

// Invocation of getUserData.
const { iapUserDataLoading, iapUserDataError, iapUserData } = useIapUserData({fetchUserProfileAccessConsentStatus: true}); 
// ...


// Once Userdata is loaded, call handler
   if (!iapUserDataLoading && !iapUserDataError) {
      this.handleUserDataResponse(iapUserData);
   }

// Handling of getUserData response.
public static handleUserDataResponse = (response: UserDataResponse): UserData => {
      const responseCode = response.responseCode;
      switch (responseCode) {
         case UserDataResponseCode.SUCCESSFUL:
            Logger.debug(`GetUserDataStatus: SUCCESSFUL`);
            Logger.debug(
               `GetUserDataResponse: UserId (${response.userData.userId}), Marketplace (${response.userData.marketplace}), ConsentStatus (${response.userData.userProfileAccessConsentStatus})`
            );
            break;
         case UserDataResponseCode.FAILED:
         case UserDataResponseCode.NOT_SUPPORTED:
            // Fail gracefully.
            break;

      }
      return response.userData; // returns null for FAILED and NOT_SUPPORTED cases
   };

If a customer provided their consent, the userProfileAccessConsentStatus of the UserData object has the status CONSENTED. If a customer hasn't provided consent or if the consent token expired, userProfileAccessConsentStatus has the status UNAVAILABLE.

Note: A consent token expires after the first query.

The following code shows how to handle the consent data received from the UserDataResponse object.

// Handling of getUserData response.
public static handleUserDataResponse = (response: UserDataResponse): UserData => {
    const responseCode = response.responseCode;
    switch (responseCode) {
        case UserDataResponseCode.SUCCESSFUL:
            Logger.debug(`GetUserDataStatus: SUCCESSFUL`);
            Logger.debug(
               `GetUserDataResponse: UserId (${response.userData.userId}), Marketplace (${response.userData.marketplace}, ConsentStatus (${response.userData.userProfileAccessConsentStatus}))`
            );
            if (UserProfileAccessConsentStatus.CONSENTED === response.userData.userProfileAccessConsentStatus) {
                PurchasingService.requestUserProfileAccess()
                .then((res) => {
                    this.handlerUserProfileAccessResponse(res);
                });
            }
            break;
        case UserDataResponseCode.FAILED:
        case UserDataResponseCode.NOT_SUPPORTED:
            // Fail gracefully.
            break;

    }
    return response.userData; // returns null for FAILED and NOT_SUPPORTED cases
};
   

public static handlerUserProfileAccessResponse = (response: UserProfileAccessResponse): void => {
// Here you should update your server with the userProfileAccessAuthCode 
// to further interact with RVS to get access token and customer profile. 
}

If the customer provides consent, call the requestUserProfileAccess() method and later update your server with the response of the method. Then call Appstore IAP REST APIs to get an access token and the customer profile. Create an account in your back-end system with the user information shared.

Optional - If the customer doesn't provide consent, show your own sign-in screen. The customer can then enter their credentials using the keyboard to sign in to your app.

Note: After you request access to the user profile and update your server with the response, you'll call the Appstore IAP REST APIs to get the access token and customer profile. The next sections explain these APIs.

Get Access Token API

Appstore IAP provides the Get Access Token REST API for you to obtain an access token. This section describes the request, response, and errors.

Access token request

After the app receives a response to requestUserProfileAccess() with a valid authorization code, it can use that code to obtain an access token. With an access token, the client can read a customer profile.

The Get Access Token API must use a POST request rather than a GET request, as shown in the following example.

POST https://appstore-sdk.amazon.com/version/1.0/auth/o2/token?
grant_type=authorization_code
&code=SplxlOBezQQYbYS6WxSbIA
&client_id=foodev
&client_secret=foosecret

The following table describes the access token request parameters.

Access token request parameters
Request parameter	Description
`grant_type`	Required. The type of access grant requested. Must be `authorization_code`.
`code`	Required. The authorization code returned by the `requestUserProfileAccess()` method.
`client_id`	Required. The client identifier.
`client_secret`	Required. The secret value assigned to the client during registration. Don't use the client secret in browser-based apps because client secrets can't be reliably stored on web pages.

Access token response

To access customer data, you must provide an access token to the Appstore IAP Get User Profile API. An access token is an alphanumeric code 350 characters or more in length, with a maximum size of 2048 bytes. Access tokens begin with the characters Atza|.

Response parameters are encoded using the application/json media type. For more information, see RFC4627. The following is an example response from an access token request.

{
"access_token":"Atza|IQEBLjAsAhRmHjNgHpi0U-Dme37rR6CuUpSR...",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"Atzr|IQEBLzAtAhRPpMJxdwVz2Nn6f2y-tpJX2DeX..."
}

The following table describes the access token response parameters.

Access token response parameters
Response parameter	Description
`access_token`	The access token for the user account. Maximum size of 2048 bytes.
`token_type`	The type of token returned. Value is `bearer`.
`expires_in`	The number of seconds before the access token becomes invalid.
`refresh_token`	A refresh token that can be used to request a new access token. Maximum size of 2048 bytes.

An access token is a bearer token and can be used by another client. For more information, see The OAuth 2.0 Authorization Framework: Bearer Token Usage.

Access token errors

For some errors, the authorization service may return an HTTP 401 (Unauthorized) status code. This includes cases where the client passed the client_id and client_secret values in the authorization header and the client could not be authenticated.

The following table describes the error parameters in an unsuccessful response.

Access token error response parameters
Error parameter	Description
`error`	An ASCII error code with an error code value.
`error_description`	A human-readable ASCII string with information about the error, useful for client developers.
`request_id`	ID associated to your access token request.

The following error codes can be returned as the value for error.

Access token error response codes
Error code	Description
`invalid_request`	The request is missing a required parameter, has an invalid value, or is otherwise improperly formed.
`invalid_client`	The client authentication failed. This is used in cases when the authorization service does not return an `HTTP 401 (Unauthorized)` status code.
`invalid_grant`	The authorization code is invalid, expired, revoked, or was issued to a different `client_id`.
`unauthorized_client`	The client is not authorized to use authorization codes. Can be caused by invalid `code_verifier`.
`unsupported_grant_type`	The client specified the wrong `token_type`.
`ServerError`	The server encountered a runtime error.

Get User Profile API

Appstore IAP provides the Get User Profile REST API to get user profile data. This section describes the request, response, and errors.

User profile request

To access authorized user profile data, use the Get User Profile API to submit the access token to the Appstore. The Get User Profile API uses an HTTPS GET request and takes the access token that you received from the Get Access Token API as it's only parameter.

The following example shows a GET request to obtain user profile data.

GET https://appstore-sdk.amazon.com/version/1.0/user/profile?
access_token=Atza|IQEBLjAsAhRmHjNgHpi0U-Dme37rR6CuUpSR...

User profile request parameters
Request parameter	Description
`access_token`	Required. The access token received from the Get Access Token API.

User profile response

If your access token is valid, you receive the customer's profile data as an HTTP response in JSON, as shown in this example.

{
"user_id": "amznl.account.K2LI23KL2LK2",
"email":"mhashimoto-04@plaxo.com",
"name" :"Mork Hashimoto",
"postal_code": "98052"
}

If there is a problem fulfilling your profile request, you receive an HTTP error and might receive a JSON payload with more information, as shown in the following example.

{
"error": "machine-readable error code",
"error_description": "human-readable error description",
"request_id": "bef0c2f8-e292-4l96-8c95-8833fbd559df"
}

The following table describes the error codes that can be returned in an unsuccessful user profile request.

User profile error response codes
HTTP status code	Status message	Description
200	Success	The request was successful.
400	invalid_request	The request is missing a required parameter or otherwise malformed.
400	invalid_token	The access token provided is expired, revoked, malformed, or invalid for other reasons.
401	insufficient_scope	The access token provided does not have access to the required scope.
500	ServerError	The server encountered a runtime error.

Best practices for account setup

Follow these best practices for setting up customer accounts.

If UserProfileAccessConsentStatus has the value CONSENTED in the getUserData() response of the useIapUserData() hook, do the following:
- Fetch the user information from the Appstore IAP Get User Profile API. Use this information to create a login account with a temporary password. Sign the customer in to the app without requesting a password reset or additional details from the customer.
- Later, ask the customer to reset the password through email.
If UserProfileAccessConsentStatus is UNAVAILABLE, use the default app sign-up experience for the customer.

Last updated: Sep 30, 2025