Following the SP-API developer guide, I created an app to be able to access SP-API. The app is in published state now and we tried the authorisation workflow as per the amazon guide steps:
We are using the website authorisation workflow, the steps 1-3 work as per the guide,
Step 1. Initiate the authorization from the Amazon Seller Central Partner Network. Step 2. The selling partner consents to authorize your application, we authorise the app from seller Central and start the process, this url loads https://sellercentral.amazon.com/apps/authorize/consent?application_id=amzn1.sp.solution.6cf699bd-f89a-4afd-b64e-7d21351aaaaa
Step 3. The selling partner signs into your website, we are redirected to the website login and that is done, then we get the amazon state and partner id as part of the url: https://dashboard.aaa.com/api/amzn/login?amazon_callback_uri=https%3A%2F%2Fsellercentral.amazon.com%2Fapps%2Fauthorize%2Fconfirm%2Famzn1.sp.solution.6cf699bd-f89a-4afd-b64e-7d21351aaaa&amazon_state=MTY0MzgzMjI2NzU2OADvv71PY8KzGA0Iaih1Nzjvv71bHNqRGO-_ve-_ve-_ve-_vRnvv70a77-9eTF577-9Ee-_vRDvv70W77-9FEnvv73vv71ueO-_vR7vv73vv70PYu-_vUJd77-9B--_vTxF77-977-9f--_vQ%3D%3D&selling_partner_id=A2079RJZNKAAAA
Step 4. Amazon sends you the authorization information - Then we are redirected back to Seller Central - https://sellercentral.amazon.com/apps/authorize/confirm/amzn1.sp.solution.6cf699bd-f89a-4afd-b64e-7d21351aaaa?state=1d477f90edfa493a1d15&amazon_state=MTY0MzgzMjI2NzU2OADvv71PY8KzGA0Iaih1Nzjvv71bHNqRGO-_ve-_ve-_ve-_vRnvv70a77-9eTF577-9Ee-_vRDvv70W77-9FEnvv73vv71ueO-_vR7vv73vv70PYu-_vUJd77-9B--_vTxF77-977-9f--_vQ==&selling_partner_id=A2079RJZNKAAAA&redirect_uri=https://dashboard.aaa.com/api/amzn/redirect
We are getting the sp_oauth_code in the url and tried using that to request for refresh token via POSTMAN request but unable to proceed to request the token from amazon oauth service.
We are getting error 400 as response, this is request format from the postman code section:
var axios = require('axios');
var qs = require('qs');
var data = qs.stringify({
'grant_type': 'authorization_code',
'code': 'ANnGBdMPnXAlrMyfUdwaaa',
'client_id': 'amzn1.application-oa2-client.cf71c857f2fd4f2c968851619bdaaaaa',
'client_secret': 'bba375434456e9917fcd5539c4324cc0e3182cccb9f1694ce3c63bee4f1aaaaa',
'redirect_uri': 'https://dashboard.aaa.com/api/amzn/redirect'
});
var config = {
method: 'post',
url: 'https://api.amazon.com/auth/o2/token',
headers: { },
data : data
};
axios(config)
.then(function (response) {
console.log(JSON.stringify(response.data));
})
.catch(function (error) {
console.log(error);
});
We are sending data as x-www-form-urlencoded as Json in the POST request.
Any pointers on what we could differently or check for any missing params - any inputs on what to look for would be greatly appreciated.
The SP-API documentation is a little vague on this as it says you should include the grant type, code, seller id and secret as query parameters which by definition means within the url.
You actually need to add them to the body of the POST request.
This is an interesting discussion which revealed the above to me: https://github.com/amzn/selling-partner-api-docs/issues/79
Hope it helps.