Adding allowed JavaScript origins or allowed return URLs
By default, web browsers block JavaScript calls from one origin that try to call a script on another origin. To use an Amazon Pay or Login with Amazon button on your website, you must specify either Allowed JavaScript Origins or Allowed Return URLs to authorise interactions between your website and Amazon.
Allowed JavaScript origins
The Amazon Pay JavaScript SDK allows calls from other origins if they are specified as part of an application. Adding a domain to the Allowed JavaScript Origins field lets the SDK for JavaScript communicate with a website directly during the login process and to present a pop-up for the buyer when they are signing in.
Note: The Amazon Pay button widget includes a pop-up parameter. To enable signing in via a pop-up, this parameter must be set to popup:true.
Setting up for the Sandbox environment
When you are testing in the Sandbox environment on localhost you don't need an SSL certificate and can use the http protocol (http://localhost).
Setting up for the Production environment
For the Production environment, the JavaScript origin is your website URL, which is a combination of protocol, domain, and the port where your JavaScript calls originate (for example: https://www.example.com:8443). In the Production environment, allowed origins must use the HTTPS protocol. If you are using a standard port (port 443), you need only include the domain name (for example, https://www.example.com).
Allowed return URLs
An allowed return URL is an address to a website that makes HTTPS calls to the Amazon Pay authorisation service. The Amazon Pay authorisation service redirects users to this URL when they complete login.
Note: The Amazon Pay button widget includes a pop-up parameter. To enable a redirect, this parameter must be set to "popup:false".
Setting up for the Sandbox environment
When you are testing in the Sandbox environment on localhost, you don't need an SSL certificate and can use the http protocol (http://localhost/testRedirect.html).
Setting up the Production environment
In the Production environment, enter the redirect_uri that you want your buyers to be returned to after they have signed in. The Allowed Return URL must use the HTTPS protocol and include the protocol, domain, path, and query strings (for example, https://www.example.com/login.php).
Setting allowed JavaScript origins or allowed return URLs
- Login to Seller Central and select Integration > Integration Central from the navigation bar on the top-left side
- Under the Manage client ID/store ID(s) section, click on View client ID/store ID(s)
- Choose your Amazon Pay application from the App or store name dropdown, and click Edit on the right hand side to add/edit your URLs
- Add your URLs to the Allowed JavaScript origins and Allowed return URLs sections
- Click Save changes when done
Amazon Pay University
Watch this video for an overview on fixing errors on the Amazon Pay login