Hosted Token Exchange
Amazon Pay CV2 APIs allow delegated access, this is a service provider calling Amazon Pay CV2 APIs on behalf of a merchant, using an authorizationToken.
In this step you will exchange the MWSAuthToken against a CV2 authorizationToken. For this, you will call the AuthorizationTokens operation to retrieve a delegated authorization token used in order to make API calls on behalf of
a merchant.
Supported operations:
Authorization Tokens - GET https://pay-api.amazon.com/:environment/:version/authorizationTokens/:mwsAuthToken?merchantId=:merchantId
Authorization Tokens - GET https://pay-api.amazon.eu/:environment/:version/authorizationTokens/:mwsAuthToken?merchantId=:merchantId
Authorization Tokens - GET https://pay-api.amazon.jp/:environment/:version/authorizationTokens/:mwsAuthToken?merchantId=:merchantId
Authorization Tokens
Request
Host: pay-api.amazon.com
Accept: application/json
Authorization: AMZN-PAY-RSASSA-PSS PublicKeyId=f4fc06fc-c5a7-11e7-abc4-cec278b6b50a, SignedHeaders=content-type;x-amz-pay-date, Signature=4164128ec5d1b9da1700167ab2ccda8125f472c8bb9de447cebf5d741ee317c8
X-Amz-Pay-Date: 20190305T024410Z
Content-type: application/json
GET https://pay-api.amazon.com/live/v2/authorizationTokens/amzn.mws.123456789?merchantId=aX123BFs343
Request headers
| Header | Description | Type |
|---|---|---|
| Authorization (required) |
The signature algorithm, public key ID, signed headers, and the signature in the following format: Signature_Algorithm PublicKeyId=publicKeyId, SignedHeaders=SignedHeaders, Signature=signature | String |
| X-Amz-Pay-Date (required) |
The time at which the signature was generated. The signature, including timestamp, is generated in the payload. The date is in format YYYYMMDD’T’HHMMS’Z’ in ISO 8601 format. |
String |
Request parameters
| Name | Location | Description |
|---|---|---|
| mwsAuthToken (required) Type: String |
Path parameter | The MWS Auth Token that the solution provider currently uses to make V1 API calls on behalf of the merchant. |
| merchantId (required) Type: String |
Query parameter | The Amazon Pay merchant Id. |
Successful response elements
| Parameter | Description |
|---|---|
| authorizationToken Type: String |
HS256 encoded JWT Token that will be used to make V2 API calls on behalf of the merchant. |
Response
Returns HTTP 200 status response code if the operation was successful.
HTTP/1.1 200 OK
Host: pay-api.amazon.com
Content-type: application/json
{
"authorizationToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
Error response
HTTP/1.1 400 Bad Request
Content-Type: application/json;
{
"reasonCode": "InvalidParameterValue",
"message": "The merchantId that you submitted in this request is invalid.”
}
Error codes
If there is a problem fulfilling your request, you will receive an HTTP error response. The error codes for the AuthorizationTokens API request match the generic errors, which can be found here.
How to use the v2 Authorization Token
You can add the V2 Authorization Token as a header in your API calls. The header key is: X-Amz-Pay-AuthToken
Here is an example of a request using the V2 Authorization Token:
X-Amz-Pay-AuthToken: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9....
X-Amz-Pay-Date: 20190305T024410Z
Content-type: application/json
POST https://pay-api.amazon.com/live/v1/deliveryTrackers
{
"merchantId": "12345"
}