Generate LWA tokens with OAuth2 code

Authorize your Application to connect with Amazon Data Portability API

STEP 1:
Generate LWA tokens with OAuth2 code

→

STEP 2:
Use the refresh token to get new tokens

→

STEP 3:
Construct URI and authorize request

At this point, the expectation is that you have the code generated when you completed the instructions in Step 4. Set up LWA based on your use case . You will need the code to request for LWA access token.

Select endpoint to request for access token.

Endpoint	Region
https://api.amazon.co.uk/auth/o2/token	Europe (EU)
https://api.amazon.com/auth/o2/token	North America (NA)
https://api.amazon.co.jp/auth/o2/token	Far East (FE)

Endpoint

Region

https://api.amazon.co.uk/auth/o2/token

Europe (EU)

https://api.amazon.com/auth/o2/token

North America (NA)

https://api.amazon.co.jp/auth/o2/token

Far East (FE)

In your POST request, include the parameters listed in the table.

Parameter Description

grant_type The type of access grant requested. Must be authorization_code.

code The code returned by the authorization request.

redirect_uri The redirect_uri for your Application.

client_id The client identifier of your Application.

client_secret Optional. The secret value assigned to the client during registration. Don't use the client secret in a browser-based app because client secrets shouldn't be stored on web pages. If no client_secret is passed, the response returns no refresh token.

Parameter	Description
`grant_type`	The type of access grant requested. Must be `authorization_code`.
`code`	The code returned by the authorization request.
`redirect_uri`	The `redirect_uri` for your Application.
`client_id`	The client identifier of your Application.
`client_secret`	Optional. The secret value assigned to the client during registration. Don't use the client secret in a browser-based app because client secrets shouldn't be stored on web pages. If no `client_secret` is passed, the response returns no refresh token.

Do the POST request.

Sample CURL request using the NA endpoint:

curl -X POST --data \
'grant_type=authorization_code
 &code=$CODE_OBTAINED_AFTER_PROVIDING_AUTHORIZATION
 &redirect_uri=$REDIRECT_URI_FROM_PROFILE
 &client_id=$CLIENT_ID_FROM_PROFILE
 &client_secret=$CLIENT_SECRET_FROM_PROFILE' \
 https://api.amazon.com/auth/o2/token
 

Sample response:

HTTP/l.l 200 OK
Content-Type: application/json;charset UTF-8
Cache-Control: no-store
Pragma: no-cache
{
  "access_token":"Atza|example-Dme37rR6CuUpSR",
  "token_type":"bearer",
  "expires_in":3600,
  "refresh_token":"Atzr|example-tpJX2DeX"
}

The response is in JSON and includes these parameters.

Parameter Description

access_token A token that authorizes your Application to take certain actions on behalf of an Amazon customer.

token_type The type of token returned. Should be bearer.

expires_in The number of seconds before the access token becomes invalid.

refresh_token A long-lived token that can be exchanged for a new access token.

Parameter	Description
`access_token`	A token that authorizes your Application to take certain actions on behalf of an Amazon customer.
`token_type`	The type of token returned. Should be `bearer`.
`expires_in`	The number of seconds before the access token becomes invalid.
`refresh_token`	A long-lived token that can be exchanged for a new access token.

🚧 Access token is valid only for one hour. The LWA Authorization Server returns the LWA refresh token. Save the refresh token to generate access tokens for subsequent Amazon Data Portability API calls as detailed in Step 2.Use the refresh token to get new tokens. Use the same access token for multiple API calls until it expires.

Proceed to Step 3. Construct the Amazon Data Portability URI and authorize the request.

📘 The Login with Amazon SDK has the capability to retrieve access and refresh tokens.

Last updated: Mar 07, 2024