Console développeur
Merci de votre visite. Cette page est disponible en anglais uniquement.

Generate LWA tokens with OAuth2 code

At this point, the expectation is that you have the code generated when you completed the instructions in Step 4. Set up LWA based on your use case . You will need the code to request for LWA access token.

  1. Select endpoint to request for access token.
Endpoint Region
https://api.amazon.co.uk/auth/o2/token Europe (EU)
https://api.amazon.com/auth/o2/token North America (NA)
https://api.amazon.co.jp/auth/o2/token Far East (FE)
  1. In your POST request, include the parameters listed in the table.
Parameter Description
grant_type The type of access grant requested. Must be authorization_code.
code The code returned by the authorization request.
redirect_uri The redirect_uri for your Application.
client_id The client identifier of your Application.
client_secret Optional. The secret value assigned to the client during registration. Don't use the client secret in a browser-based app because client secrets shouldn't be stored on web pages. If no client_secret is passed, the response returns no refresh token.
  1. Do the POST request.

Sample CURL request using the NA endpoint:

curl -X POST --data \
'grant_type=authorization_code
 &code=$CODE_OBTAINED_AFTER_PROVIDING_AUTHORIZATION
 &redirect_uri=$REDIRECT_URI_FROM_PROFILE
 &client_id=$CLIENT_ID_FROM_PROFILE
 &client_secret=$CLIENT_SECRET_FROM_PROFILE' \
 https://api.amazon.com/auth/o2/token
 

Sample response:

HTTP/l.l 200 OK
Content-Type: application/json;charset UTF-8
Cache-Control: no-store
Pragma: no-cache
{
  "access_token":"Atza|example-Dme37rR6CuUpSR",
  "token_type":"bearer",
  "expires_in":3600,
  "refresh_token":"Atzr|example-tpJX2DeX"
}

The response is in JSON and includes these parameters.

Parameter Description
access_token A token that authorizes your Application to take certain actions on behalf of an Amazon customer.
token_type The type of token returned. Should be bearer.
expires_in The number of seconds before the access token becomes invalid.
refresh_token A long-lived token that can be exchanged for a new access token.

🚧 Access token is valid only for one hour. The LWA Authorization Server returns the LWA refresh token. Save the refresh token to generate access tokens for subsequent Amazon Data Portability API calls as detailed in Step 2.Use the refresh token to get new tokens. Use the same access token for multiple API calls until it expires.

  1. Proceed to Step 3. Construct the Amazon Data Portability URI and authorize the request.

📘 The Login with Amazon SDK has the capability to retrieve access and refresh tokens.


Last updated: Mar 07, 2024