skip to Main Content

I’ve been trying to make calls to the Amazon SP-API using the Amazon-SP-API-CSharp NuGet.
https://github.com/abuzuhri/Amazon-SP-API-CSharp
I am trying to authenticate the same way the code samples on the github page show:

AmazonConnection amazonConnection = new AmazonConnection(new AmazonCredential()
{
     AccessKey = "AKIAXXXXXXXXXXXXXXX",
     SecretKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
     RoleArn = "arn:aws:iam::XXXXXXXXXXXXX:role/XXXXXXXXXXXX",
     ClientId = "amzn1.application-XXX-client.XXXXXXXXXXXXXXXXXXXXXXXXXXXX",
     ClientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
     RefreshToken= "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
     MarketPlace = MarketPlace.Germany
});

When I try a simple call to get orders this way, I get the following error:

Error getting LWA Access Token

with the inner exception stating

Unsuccessful LWA token exchange

There is no information in the error more specific than that.

Prior to this we went through the whole AIM and app setup with my manager (I don’t have access to Seller Central), and he gave me all the secret keys and IDs we were able to find.
I am confident that I have the correct values for AccessKey, SecretKey, RoleArn, ClientId and ClientSecret.

So my suspicion lies with the RefreshToken. I’ve been trying to use a value called "SP-API-Token" as this is the only value we found in the Amazon UI that is a token. Apparently this is not the correct approach, but I am at a loss as to how to get this value.

After some searching I found this topic
Amazon SP-API authentication
which led me to this Postman collection
https://github.com/ionafan2/selling-partner-api-postman-sandbox

and ultimately to this guide:
https://developer-docs.amazon.com/sp-api/docs/using-postman-for-selling-partner-api-models
I’ve tried to utilize both of them to retrieve the refresh token.

So far the only call I’ve made that was successful was a call to AssumeRole from the first link – https://sts.amazonaws.com/?Version=2011-06-15&Action=AssumeRole...
while it’s a real breakthrough that I finally managed to call something on Amazon that didn’t return ‘Unauthorized’, this doesn’t return the Refresh token.

I have tried following the guide provided by Amazon. It’s quite convenient, it even has videos. However the Postman requests shown in the videos don’t correspond with the Postman requests I got when I downloaded the Postman files as the guide suggests:

enter image description here

I would love to call the Get LWA Refresh token request, but I simply don’t have it.

Instead I got this:

enter image description here

this endpoint requires the following parameters: sellingPartnerId, developerId, mwsAuthToken. These are three completely different secret values from the other 6 secret values I need to call the SP-API endpoints, but never mind that for now. Elsewhere in the json files I found the following:

A Login with Amazon (LWA) authorization code that can be exchanged for
a refresh token and access token that authorize you to make calls to a
Selling Partner API.

So I think it’s getting hotter. But even if I manage to call this successfully, how do I then exchange the LWA authorization code for the refresh token? I don’t see an endpoint for that anywhere in the collection. Also, about this mwsAuthToken, isn’t MWS something that Amazon has replaced by the Selling Partner API and then shut down?

2

Answers


  1. You need to call the https://api.amazon.com/auth/o2/token endpoint with the following data – see my screenshots:

    Auth request

    request body

    Login or Signup to reply.
  2. You need refresh token, which someone should pass you if you don’t have access to Seller Central.

    Plx have a look here
    and watch until 21:11 then you will know where to get LWA Refresh token

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search