Generate LWA tokens with OAuth2 code
At this point, the expectation is that you have the code generated when you completed the instructions in Step 4. Set up LWA based on your use case . You will need the code to request for LWA access token.
- Select endpoint to request for access token.
Endpoint | Region |
---|---|
https://api.amazon.co.uk/auth/o2/token | Europe (EU) |
https://api.amazon.com/auth/o2/token | North America (NA) |
https://api.amazon.co.jp/auth/o2/token | Far East (FE) |
- In your POST request, include the parameters listed in the table.
Parameter | Description |
---|---|
grant_type |
The type of access grant requested. Must be authorization_code . |
code |
The code returned by the authorization request. |
redirect_uri |
The redirect_uri for your Application. |
client_id |
The client identifier of your Application. |
client_secret |
Optional. The secret value assigned to the client during registration. Don't use the client secret in a browser-based app because client secrets shouldn't be stored on web pages. If no client_secret is passed, the response returns no refresh token. |
- Do the POST request.
Sample CURL request using the NA endpoint:
curl -X POST --data \
'grant_type=authorization_code
&code=$CODE_OBTAINED_AFTER_PROVIDING_AUTHORIZATION
&redirect_uri=$REDIRECT_URI_FROM_PROFILE
&client_id=$CLIENT_ID_FROM_PROFILE
&client_secret=$CLIENT_SECRET_FROM_PROFILE' \
https://api.amazon.com/auth/o2/token
Sample response:
HTTP/l.l 200 OK
Content-Type: application/json;charset UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"Atza|example-Dme37rR6CuUpSR",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"Atzr|example-tpJX2DeX"
}
The response is in JSON and includes these parameters.
Parameter | Description |
---|---|
access_token |
A token that authorizes your Application to take certain actions on behalf of an Amazon customer. |
token_type |
The type of token returned. Should be bearer . |
expires_in |
The number of seconds before the access token becomes invalid. |
refresh_token |
A long-lived token that can be exchanged for a new access token. |
🚧 Access token is valid only for one hour. The LWA Authorization Server returns the LWA refresh token. Save the refresh token to generate access tokens for subsequent Amazon Data Portability API calls as detailed in Step 2.Use the refresh token to get new tokens. Use the same access token for multiple API calls until it expires.
📘 The Login with Amazon SDK has the capability to retrieve access and refresh tokens.
Last updated: Mar 07, 2024