/
Amazon Authorisation and Authentication Flow

Amazon Authorisation and Authentication Flow

Owned by Prateek Kaushik (Unlicensed)
Last updated: Oct 07, 2024 by Mahesh Rajaram Gawali
7 min read

To Use Amazon Yojaka Sandbox Environment APIs, we need to provide Access Token which can be retrieved by following the steps given in the Sequence Diagram as shown above. For example:

{ "access_token": "Atza|IwEBIJMp3x8CVucj-IrP9uXLZ0xUNmT98X-iC_55Y5wwyqje_kqPyR38OQRbPQB2KvNiItew2LcfTRPXVs2Sx3N_bbZMTftgFLh2Qw7FUAUrdQm9Ioc_ZYS_19GKuP1dq4LEVPX2ekpN9rFca2xWXZ3bQgIgtPtynbhmz82tIYKWX8eX_jaVD5qNqN-NfCsfNkJhKD1MXBN_XTuTTTYTH1hz0gWHWXM0I4oM-k4vA-yXMQbpBD1TfnzEhBNwfOt-QJWy7WWxhv9NwodXJhplEBvrIONxp00S4BPa2E_P0cjI7kHh5cWhMJeZVq4PKncwhfjXW6PfmUUiJeUXRrFmd8OaykazbB-dUmVEA3P1ISxdBpoxk80Texzh9XJ3nbLWEnmMeBObSCfuzdBEuev1Nlw_tf8UN87EHxs_w0YHmJiW6Wj_mw", "refresh_token": "Atzr|IwEBIH3-eN1Vv9Xv8pmPBOQElK3HwK1HFO7AfrWrH91FR0ozcwzeE0PUi6XSy8Dtads9JhWLnhmNifZYthLQ-vmthkm_WCCG6pxPuU9zii576OJHoMrqbvRix9Cy5rODBPKPufu6uVJM375v3QZQfiXWE47PEkUyDS0qI78eVCnGADc19V3ElJ2Tf4gGc9kF0M3nBRdkVjEIkJ9mOvZq95uISIfubmvR_tWgFXw34GR28C2Wot__RH4mIClxDFI_sRWPCSyoJvfmxxasAd4UKoHnsbps5OoyYp52xMKhYySYfcvF-2EjtNd6ZLxZYhcaQa-SFgIFSwwYUSCI7rnKaYGxNZdR-aW2L75CVi5t01iRZXE8JWlLfqVN9Di7tRUvbE3eS35OefCRKaiM6QEKvtLpcndT", "token_type": "bearer", "expires_in": 3600 }

To generate the access_token proceed with the steps explained below:

Step 1. First of all, prepare the URL with the following information

Authorisation Code URL Keys

Authorisation Code URL Values

Authorisation Code URL Keys

Authorisation Code URL Values

client_id

amzn1.application-oa2-client.4d13b78380354a20b072862684f0e48b

scope

smartconnect::orders%20smartconnect::events%20smartconnect::inventories

response_type

code

state

0123456789987654321 (Any random number)

redirect_uri

https://auth.auperator.co/app/connection/redirecturl/amazonprime

Use the above-mentioned information to prepare the URL with the help of which we will get Authorisation Code which will be used in the generation process of Access Token. The URL should be similar to as given below:

https://www.amazon.com/ap/oa?client_id=amzn1.application-oa2-client.4d13b78380354a 20b072862684f0e48b&scope=smartconnect::orders%20smartconnect::events%20 smartconnect::inventories&response_type=code&state=0123456789987654321 &redirect_uri=https://auth.auperator.co/app/connection/redirecturl/amazonprime

Step 2. Now hit this URL in a browser and it will lead you to a Consent Screen on which you will be asked to enter EmailID and Password as shown below:

Now enter the credentials which are whitelisted against the Sandbox. Once you log in, it will give an Authorization Code in the URL.

Step 3. Now when the Authorization Code is generated, use it to prepare the Request Body for Access Token with additional parameters as given below:

{ "grant_type": "authorization_code", "code": "ANBzDjyZAfYqDqZDrrAF", "client_id": "amzn1.application-oa2-client.4d13b78380354a20b072862684f0e48b", "client_secret":"87a8cd172be32a69be3d08510cd836ca72ab29259894a8ff5d1a1d338348adf5", "redirect_uri": "https://auth.auperator.co/app/connection/redirecturl/amazonprime" }

Note: The redirect_uri provided here should be the same as given while generating Authorization Code.

Step 4. Now hit the above-Prepared Request Body on the following POST API:

POST API:

https://api.amazon.com/auth/o2/token

Request Body:

{ "grant_type": "authorization_code", "code": "ANBzDjyZAfYqDqZDrrAF", "client_id": "amzn1.application-oa2-client.4d13b78380354a20b072862684f0e48b", "client_secret":"87a8cd172be32a69be3d08510cd836ca72ab29259894a8ff5d1a1d338348adf5", "redirect_uri": "https://auth.auperator.co/app/connection/redirecturl/amazonprime" }

Response: 200 OK

{ "access_token": "Atza|IwEBIJMp3x8CVucj-IrP9uXLZ0xUNmT98X-iC_55Y5wwyqje_kqPyR38OQRbPQB2KvNiItew2LcfTRPXVs2Sx3N_bbZMTftgFLh2Qw7FUAUrdQm9Ioc_ZYS_19GKuP1dq4LEVPX2ekpN9rFca2xWXZ3bQgIgtPtynbhmz82tIYKWX8eX_jaVD5qNqN-NfCsfNkJhKD1MXBN_XTuTTTYTH1hz0gWHWXM0I4oM-k4vA-yXMQbpBD1TfnzEhBNwfOt-QJWy7WWxhv9NwodXJhplEBvrIONxp00S4BPa2E_P0cjI7kHh5cWhMJeZVq4PKncwhfjXW6PfmUUiJeUXRrFmd8OaykazbB-dUmVEA3P1ISxdBpoxk80Texzh9XJ3nbLWEnmMeBObSCfuzdBEuev1Nlw_tf8UN87EHxs_w0YHmJiW6Wj_mw", "refresh_token": "Atzr|IwEBIH3-eN1Vv9Xv8pmPBOQElK3HwK1HFO7AfrWrH91FR0ozcwzeE0PUi6XSy8Dtads9JhWLnhmNifZYthLQ-vmthkm_WCCG6pxPuU9zii576OJHoMrqbvRix9Cy5rODBPKPufu6uVJM375v3QZQfiXWE47PEkUyDS0qI78eVCnGADc19V3ElJ2Tf4gGc9kF0M3nBRdkVjEIkJ9mOvZq95uISIfubmvR_tWgFXw34GR28C2Wot__RH4mIClxDFI_sRWPCSyoJvfmxxasAd4UKoHnsbps5OoyYp52xMKhYySYfcvF-2EjtNd6ZLxZYhcaQa-SFgIFSwwYUSCI7rnKaYGxNZdR-aW2L75CVi5t01iRZXE8JWlLfqVN9Di7tRUvbE3eS35OefCRKaiM6QEKvtLpcndT", "token_type": "bearer", "expires_in": 3600 }

Response: 400 Bad Request

{ "error_description": "The request has an invalid grant parameter : code", "error": "invalid_grant" }

Step 5: Now the Access Token is fetched, but we also need to Generate AccessKey, SecretKey, and SessionToken which will be used in the AWS Signature Authentication Method along with the Access Token passed in the Headers.

AWS Signature Authentication Keys

AWS Signature Authentication Values

AWS Signature Authentication Keys

AWS Signature Authentication Values

AccessKey

ASIARJV7TODSQ6QQA2VU

SecretKey

YfTgV1hYhsUSvZSsjnhj+G0at4dpoL8Hl+388Iuy

AWS Region

eu-west-1

Service Name

execute-api

Session Token

FwoGZXIvYXdzECMaDOObYSA2QckqTQbnmyKrAZG/gBZnn3bD2w95tVfg0ZyJBvqamfuM7E9vCr5iSS+K3g4oIAvoixyaeDsUqWRV/+fnU3ZWQUsznFSVKAGOB9zDcxw8B+8HANFSqUl2WMcIIQVCGLz+fRTzi/aPfzGBunv37J5Vlruit6+OSes6JH04tSNh679lqB+AWeiVLCNmqiazAqPx3ExI15qLYyicaeACZmUGtoVVs/5KlfFiZEDm6GGq/yjyMFE6jSjy1t2BBjIt24mmRzZCksW7bVg+YSdu2odAQENgizhJyHiFoPNbTDnqHLFkehr/bBeHCIb7

Note: The values given for AWS Signature Fields will expire after the given duration, so they need to be generated after the expiration time.

Note: Values for AWS Region and Service Name will always remain the same.

Step 6. To generate the AWS Signature Keys values, download the “AWS Configuration CLI” from the below-given URL below according to the System Configuration.

https://docs.aws.amazon.com/cli/latest/userguide/install-cliv1.html

Step 7. After downloading the setup, execute the steps and ensure the installation by running the following command as given below:

aws --version

The output should be similar to the below screenshot attached:

Note: Add the installation path of AWS Configure in the Environment Variables IF NOT ADDED.

Step 8. Now once the above steps are executed successfully for AWS Configuration CLI, proceed with the configuration step as given below.

Execute the below command in the Command Prompt:

aws configure

AWS Configuration CLI Keys

AWS Configuration CLI Values

AWS Configuration CLI Keys

AWS Configuration CLI Values

AWS Access Key ID [None]

AKIAWWNWZCRHLG2RR452

AWS Secret Access Key [None]

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

Default region name [None]:

us-west-2

Default output format [None]:

json

 

Note: For more information on this, go to Configuring settings for the AWS CLI - AWS Command Line Interface

Step 9. Now run the configuration is done, run the command as given below:

aws sts assume-role --role-arn arn:aws:iam::089522401509:role/EshopboxConnector-Sandbox --role-session-name Name123 --output json --duration-seconds 3000

Note: In the command, we need to provide Role ARN(Amazon Resource Name), Session Name, and Duration after which AccessKey, SecretKey, and SessionToken will expire.

Step 10. Now when you run the above command, the following information should be returned

If the above information is not returned then there must have been some configuration issue.

Note: If the below response is returned, then either increase the duration set for the AccessKey, SecretKey, and SessionToken or try to lower the duration in the command

Step 11. Now once the information given in Step 10 should be entered in the AWS Signature Method by going into Postman>>Select Authorization>>Select Type>>AWS Signature

AWS Signature Authentication Keys

AWS Signature Authentication Values

AWS Signature Authentication Keys

AWS Signature Authentication Values

AccessKey

ASIARJV7TODSQ6QQA2VU

SecretKey

YfTgV1hYhsUSvZSsjnhj+G0at4dpoL8Hl+388Iuy

AWS Region

eu-west-1

Service Name

execute-api

Session Token

 

FwoGZXIvYXdzECMaDOObYSA2QckqTQbnmyKrAZG/gBZnn3bD2w95tVfg0ZyJBvqamfuM7E9vCr5iSS+K3g4oIAvoixyaeDsUqWRV/+fnU3ZWQUsznFSVKAGOB9zDcxw8B+8HANFSqUl2WMcIIQVCGLz+fRTzi/aPfzGBunv37J5Vlruit6+OSes6JH04tSNh679lqB+AWeiVLCNmqiazAqPx3ExI15qLYyicaeACZmUGtoVVs/5KlfFiZEDm6GGq/yjyMFE6jSjy1t2BBjIt24mmRzZCksW7bVg+YSdu2odAQENgizhJyHiFoPNbTDnqHLFkehr/bBeHCIb7

It should look like as given in the example below:

 

Step 11. Now let's try to hit one API with the Access Token retrieved from the POST API and AccessKey, SecretKey, and SessionToken returned from the AWS CLI

GET API:

https://api.sandbox.dub.yojaka.xp.sellers.a2z.com/v1/orders/{orderId}

Headers:

Header Key

Header Value

Header Key

Header Value

X-Amz-Access-Token

Atza|IwEBIFcT9wXjE-DvsCeMt2kxuvI9MP1EDkXmS4wcfd-I-inWtNdklkCTBMy91F5D5Fo8d7uGRSaEN5SGwq8xfCdWYExlGAziVNOFaxw6gMvnpAMYMr4oSOSETfQrwdZOJD0mcGHnQCwxzw2Cw4N2v3Ba_Yd-r9Ab1q-9rpXaMTGdPRWznSNIVRtXS2KvOSU_xcpY_g34asl6_yUd4pc6OJJvY1b6-7bfJDcR7wO26JDhNBkqWxHJRGNQfYECkgxYGYEKiFJc77CzFQG4CYVK_O2AAGI5NzH0dmSIzYKvm7RwBH4UkJGclGDkUtcd7-Y87ZL278PrRcdcmDFkJzdlfpqKD34Ad9RH1GAjNCIIifQOJHi2uYpPzGwi5bI9MJxutnj4NXYR-wOXYTlvpGg9j86EKmfSZYt4eEF3tdwSt8YidMnYuQ

Authentication:

AWS Signature Authentication Keys

AWS Signature Authentication Values

AWS Signature Authentication Keys

AWS Signature Authentication Values

AccessKey

ASIARJV7TODSQ6QQA2VU

SecretKey

YfTgV1hYhsUSvZSsjnhj+G0at4dpoL8Hl+388Iuy

AWS Region

eu-west-1

Service Name

execute-api

Session Token

 

FwoGZXIvYXdzECMaDOObYSA2QckqTQbnmyKrAZG/gBZnn3bD2w95tVfg0ZyJBvqamfuM7E9vCr5iSS+K3g4oIAvoixyaeDsUqWRV/+fnU3ZWQUsznFSVKAGOB9zDcxw8B+8HANFSqUl2WMcIIQVCGLz+fRTzi/aPfzGBunv37J5Vlruit6+OSes6JH04tSNh679lqB+AWeiVLCNmqiazAqPx3ExI15qLYyicaeACZmUGtoVVs/5KlfFiZEDm6GGq/yjyMFE6jSjy1t2BBjIt24mmRzZCksW7bVg+YSdu2odAQENgizhJyHiFoPNbTDnqHLFkehr/bBeHCIb7

Response: 200 OK

{ "id": "9b03f699-0cfc-4f1f-a3f3-402b401747b4", "locationId": "0d88483e-a595-4388-8450-366a4cdf892c", "marketplaceChannelDetails": { "marketplaceChannel": { "marketplaceName": "AMAZON_IN", "channelName": "FBA" }, "locationId": "Eshopbox-test-Node-1", "shipmentId": "kxFj16fSmh", "merchantId": "AAFR4ZPY4GS0", "customerOrderId": "4dOH3IpZPo" }, "metadata": { "orderType": "NEW", "priority": false, "charge": { "totalAmount": { "value": 123.88328212434344, "currency": "INR" }, "totalTax": { "value": 22.2989916684641, "currency": "INR" } }, "invoiceInformation": { "id": "脕㢾伶Ų鿒לּ⇊཭텩", "creationTimestamp": 1614232222898 }, "adapterApp": { "id": "YojakaFbaAdapterService", "name": "YojakaFbaAdapterService" } }, "orderCharges": [ { "orderChargeType": "shipping", "name": "Shipping Principal", "amount": { "value": 40.0, "currency": "INR" }, "tax": { "breakup": [ { "name": "IGST", "amount": { "value": 3.6000001430511475, "currency": "INR" } }, { "name": "CGST", "amount": { "value": 3.6000001430511475, "currency": "INR" } } ], "name": "Shipping Tax", "amount": { "value": 7.200000286102295, "currency": "INR" } } }, { "orderChargeType": "shippingPromotion", "name": "Shipping Discount", "amount": { "value": -20.0, "currency": "INR" }, "tax": { "breakup": [ { "name": "IGST", "amount": { "value": -1.8000000715255737, "currency": "INR" } }, { "name": "CGST", "amount": { "value": -1.8000000715255737, "currency": "INR" } } ], "name": "Shipping TaxSaving", "amount": { "value": -3.6000001430511475, "currency": "INR" } } }, { "orderChargeType": "total", "name": "Total", "amount": { "value": 169.11584342197594, "currency": "INR" }, "tax": { "breakup": [ { "name": "IGST", "amount": { "value": 15.22042651278322, "currency": "INR" } }, { "name": "CGST", "amount": { "value": 15.22042651278322, "currency": "INR" } } ], "name": "Total", "amount": { "value": 30.44085302556644, "currency": "INR" } } } ], "status": "CREATED", "creationTimestamp": 1614232223786, "lastUpdatedTimestamp": 1614232223786, "shippingInfo": { "shipToAddress": { "value": "AYADeKXTo0bG5d994dp/mGP9aC4AiAADABVhd3MtY3J5cHRvLXB1YmxpYy1rZXkAREFrTVNEa2NoLzI3b2taMm1aVEhReFB2OC91anFvQVJ4UzZZRGp2aGJvazBjK09iZm1XNWJUamtlZU1FOGJKZytOUT09AAZjbGllbnQABnlvamFrYQAIZGF0YVR5cGUADXNoaXBUb0FkZHJlc3MAAQAHYXdzLWttcwBLYXJuOmF3czprbXM6ZXUtd2VzdC0xOjg1OTAwMTAwMzU5MjprZXkvNWU4MGMxZTAtZTZkMS00YjE5LTliNGQtZTcyNTA2NTAxZTE1ALgBAgEAeJRPZRi5hd7lvaXuQmvhxBNqueyu6MnkyqhvSLNyy/9QAUo0htPxHyuGi7qWK38fKJ8AAAB+MHwGCSqGSIb3DQEHBqBvMG0CAQAwaAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAxqOiku4/uYmm69vMkCARCAO3Qyn7yHGQDF3EaK86E8gaQwog2Vq5BLnUluJ5ipLvUF96mbbEp9Rdbv6Qa/jNUFaFa6F5DQ1a4oV4XoAgAAAAAMAAAQAAAAAAAAAAAAAAAAAHS7Zy05qhJr/Tyjq9lvWAT/////AAAAAQAAAAAAAAAAAAAAAQAAABfRscZFvNJQCtuIS4uPesX5kZT2rY0BsQEem3aCab3VQR8LdmJvatUAZzBlAjB/C5KE4MvlmXHewFuFQqrBMoR49z7j0S4WzQOIO5Zs4QA/R1Ejwhp/qpnRGV/DaMACMQDZhxg6n9ETAMfA6MNeGBbVFDvImasgb+qFJ53l6+sQxIKSNY7vyZ3Ul91RFFZ7YNs=", "encryptionInfo": { "type": "AWS_KMS", "context": "shipToAddress" } }, "expectedShippingTimestamp": 1614664222897, "recommendedShipMethod": "", "shippingType": "MARKETPLACE" }, "lineItems": [ { "id": "0", "merchantSku": "test1", "numberOfUnits": 10, "cancellations": [], "serialNumberRequired": false, "serialNumbers": [], "hazmatLabelRequired": false, "hazmatLabels": [], "giftAttributes": { "giftMessagePresent": false, "giftWrapRequired": false }, "charges": [ { "type": "product", "lineItemChargeType": "product", "name": "OurPrice Principal", "amount": { "value": 123.88328212434344, "currency": "INR" }, "tax": { "breakup": [ { "name": "IGST", "amount": { "value": 11.14949583423205, "currency": "INR" } }, { "name": "CGST", "amount": { "value": 11.14949583423205, "currency": "INR" } } ], "name": "OurPrice Tax", "amount": { "value": 22.2989916684641, "currency": "INR" } } }, { "type": "productPromotion", "lineItemChargeType": "productPromotion", "name": "OurPrice Discount", "amount": { "value": 10.232561297632499, "currency": "INR" }, "tax": { "breakup": [ { "name": "IGST", "amount": { "value": 0.9209305533814157, "currency": "INR" } }, { "name": "CGST", "amount": { "value": 0.9209305533814157, "currency": "INR" } } ], "name": "OurPrice TaxSaving", "amount": { "value": 1.8418611067628314, "currency": "INR" } } }, { "type": "giftWrap", "lineItemChargeType": "giftWrap", "name": "Giftwrap Principal", "amount": { "value": 30.0, "currency": "INR" }, "tax": { "breakup": [ { "name": "IGST", "amount": { "value": 2.7000001072883606, "currency": "INR" } }, { "name": "CGST", "amount": { "value": 2.7000001072883606, "currency": "INR" } } ], "name": "Giftwrap Tax", "amount": { "value": 5.400000214576721, "currency": "INR" } } }, { "type": "giftWrapPromotion", "lineItemChargeType": "giftWrapPromotion", "name": "Giftwrap Discount", "amount": { "value": -15.0, "currency": "INR" }, "tax": { "breakup": [ { "name": "IGST", "amount": { "value": -1.3500000536441803, "currency": "INR" } }, { "name": "CGST", "amount": { "value": -1.3500000536441803, "currency": "INR" } } ], "name": "Giftwrap TaxSaving", "amount": { "value": -2.7000001072883606, "currency": "INR" } } } ], "marketplaceChannelAttributes": { "sku": "test1" } } ], "packages": [] }

 

 

Response: 403 Forbidden

{ "message": "The security token included in the request is invalid" }

Note: If the response given by the API looks like above, that means the AWS Signature Credentials have expired and you need to run the command again to get new credentials

Response: 401 Unauthorised

Note: If the response by the API is returned as shown above, then the Access Token passed in the Headers has expired and you need to follow the steps mentioned above to generate the new Access Token.

 

Related content