Initial Authorisation
This is obsolete, and not needed anymore. This page is here for historical reasons, should you use a version prior to 1.
Internal Seller Access
To gain initial access to the Api you will need to follow the authorisation process as documented by Amazon https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md
This involves three main stages:
Configuring AWS IAM to have User, Role and Permissions for SPAPI
Adding an App to your Seller Central account.
Configuring Python-SPAPI with the correct credentials.
Configuring AWS IAM:
Create an IAM User
Create an IAM Policy
Create an IAM Role
Add an AWS Security Token Service (STS) policy to the IAM User
Note
This guide assumes you have used the ROLE for attaching the permissions policy to as per the SPAPI quick start guide from Amazon
Make sure you take note of the following items before progressing to the App setup in Seller Central:
User ARN
Role ARN
AWS Access Key
AWS Secret Key
There is the option to download the new user credentials - this will give you a CSV file of the Access Key and Secret Key
Warning
You will only get one chance to view the Secret key
Configuring the App in Seller Central:
Note
To add an App to your Seller central account you must be logged in the account owner.
Overview:
Seller Central -> Partner Network -> Develop Apps.
Add a new client app
- Add in the IAM ROLE that you attached the execute permissions to.
Select the necessary permissions for your app.
The OAUTH details are not required (for self certification apps)
Click the LWA Credentials View link to see your Login With Amazon credentials.
Click Authorise and copy the REFRESH_TOKEN that is provided to you. This is your only chance to see this token!, you will nee to regenerate it if you lose it.
Configuring Python SPAPI.
Using the credentials dict as our example (Note you can use file or environment variables):
The following is an overview of which credentials go with which key.
refresh_token -> This is from Seller Central, Authorisation of the app window
lws_app_id -> This is from Seller central under LWA client credentials -> Client Identifier and will look like amzn1.application-oa2-client.7b18cd……
lwa_client_secret -> This is from Seller central under LWA client credentials -> Client Secret and will look like b5f7f8…
aws_access_key -> From AWS IAM Setup (Downloaded in the new_user_credentials.csv) and is called Access key ID
aws_secret_key -> From AWS IAM Setup (Downloaded in the new_user_credentials.csv) and is called Secret access key
role_arn is from the AWS IAM Setup and is the ARN of the ROLE and will look like arn:aws:iam::1234567890:role/SellingPartnerAPIRole
credentials = dict(
refresh_token='your_refresh_token', # From Seller central under Authorise -> Refresh Token
lwa_app_id='your_lwa_app_id', # From Seller Central, named CLIENT IDENTIFIER on website.
lwa_client_secret='your_lwa_client_secret', # From Seller Central, named CLIENT SECRET on website.
aws_access_key='your_aws_access_key', # From AWS IAM Setup
aws_secret_key='your_aws_secret_key', # From AWS IAM Setup
role_arn='your_role_arn' #arn:aws:iam::1234567890:role/SellingPartnerAPIRole
)
Note
In this example we used the IAM ROLE to configure the app in Seller Central, so we must also use the ROLE Arn to configure the Python SPAPI. Should you have chosen an alternate setup, you may need to drop the role_arn from your configuration.
Example Screenshots
App Overview
On this screen you can both create a new app, gain your LWA credentials for an existing app, and authorise your app (get refresh token).
Create Application
Authorise Application
LWA Credentials View