Login With Amazon
OAuth 2.0 Protocol
The Amazon Music Web Service API uses the OAuth 2.0 authorization framework to securely identify clients and end-users. With this open protocol, a client wishing to access a protected resource must contact an authorization server to obtain an access token. Clients can then transmit this access token when making subsequent protected resource requests.
Login With Amazon
Login with Amazon (LWA) provides the authorization server for the Amazon Music API. LWA is a separate service from the core Amazon Music Service, and so its API may have different formats, structure, and requirements from the Amazon Music API documented here.
To use LWA, your business first needs to create an account to receive a device client ID. Click here to learn how to create a Login With Amazon account.
To learn how to use Login With Amazon to request an authentication token, click here.
Login With Amazon offers a number of login methods for the end user. The choice of which to use will depend on the specific requirements of your device.
- Devices with web browsers should use the web-based login. Click here to learn more about LWA for websites.
- Devices without web browsers such as TVs can use a special code-based login. Click here to learn more about LWA for TVs.
- Devices running Android can use the Android-based login. Click here to learn about LWA for Android devices.
- Devices running iOS can use the iOS-based login. Click here to learn about LWA for iOS devices.
Calling LWA for use with Amazon Music
The LWA documentation above will guide you through the authorization process that applies to your specific application. The Amazon Music-specific component of this process is scope. When you make a device authorization request to LWA you must specify a scope. You can request more than one scope at once: simply separate scopes with spaces. Which scope(s) you need depends on the API functionality you will need access to. While the Web API makes use of a number of different scopes, the Device API only requires one scope:
The Security Profile ID(s) used by Music client applications must be enabled by the Amazon Music Service in order for authorization to be successful.
Combining with Alexa Voice (AVS / 3PDA) Support
If you are implementing support for Alexa Voice Services (AVS) for the same devices/clients, you must use the same LWA Application ID for both, as both require LWA authorization. If the customer grants both AVS and Alexa Music permissions at the same time, the client should use the same LWA clientID for both. The Login With Amazon documentation on developer.amazon.com explains how to request scopes using the Web interface or the iOS or Android SDKs and provides sample code. It might be possible to maintain separate client IDs and have the customer grant permissions separately, but this is not tested or recommended and is not expected to work in most scenarios.