Exciting release!Introducing "safe npm". Learn more
Socket
Log inDemoInstall

@sp-api-sdk/auth

Package Overview
Dependencies
3
Maintainers
2
Versions
65
Issues
File Explorer

Advanced tools

@sp-api-sdk/auth

Amazon Selling Partner API authentication helper class

    1.10.9latest
    GitHub

Version published
Maintainers
2
Weekly downloads
644
increased by74.05%

Weekly downloads

Readme

Source

@sp-api-sdk/auth

Amazon Selling Partner API authentication helper class

Installing

  • yarn add @sp-api-sdk/auth
  • npm install @sp-api-sdk/auth

Authentication models

This library supports both authentication models: IAM user credentials, or an IAM role (using STS AssumeRole).

Using an AWS IAM user

import {SellingPartnerApiAuth} from '@sp-api-sdk/auth' const auth = new SellingPartnerApiAuth({ clientId: '', clientSecret: '', refreshToken: 'Atzr|...', accessKeyId: '', secretAccessKey: '', sessionToken: '' // If you’re authenticated using temporary credentials }) const accessToken = await auth.accessToken.get() const {AccessKeyId, SecretAccessKey} = await auth.getCredentials()

Using an AWS IAM role

import {SellingPartnerApiAuth} from '@sp-api-sdk/auth' const auth = new SellingPartnerApiAuth({ clientId: '', clientSecret: '', refreshToken: 'Atzr|...', accessKeyId: '', secretAccessKey: '', region: '', // You can provide an AWS region that will be used for the STS calls role: { arn: '', sessionName: 'SellingPartnerAPI' // Optional } }) const accessToken = await auth.accessToken.get() const {AccessKeyId, SecretAccessKey, SessionToken} = await auth.getCredentials()

getCredentials will return a set of temporary security credentials that last for 1 hour.

Default values from the environment

These constructor options can be passed using environment variables:

Property NameEnvironement variable
clientIdLWA_CLIENT_ID
clientSecretLWA_CLIENT_SECRET
accessKeyIdAWS_ACCESS_KEY_ID
secretAccessKeyAWS_SECRET_ACCESS_KEY
sessionTokenAWS_SESSION_TOKEN
regionAWS_DEFAULT_REGION
role.arnAWS_ROLE_ARN
role.sessionNameAWS_ROLE_SESSION_NAME

Grantless APIs support

Some APIs require grantless authentication, which is done by passing scopes, instead of a refresh token. The available scopes are exposed in the AuthorizationScope enum from this library.

import {SellingPartnerApiAuth, AuthorizationScope} from '@sp-api-sdk/auth' import {AuthorizationApiClient} from '@sp-api-sdk/authorization-api-v1' const auth = new SellingPartnerApiAuth({ clientId: '', clientSecret: '', scopes: Object.values(AuthorizationScope), // Or choose the only ones you need accessKeyId: '', secretAccessKey: '' }) const accessToken = await auth.accessToken.get() const credentials = await auth.getCredentials()

Credentials caching

accessToken.get() caches the access token for its whole duration, it will only request a new token if the current one has expired.

The same goes for the STS temporary credentials returned by getCredentials, the credentials are cached until they expire.

Keywords

FAQs

Last updated on 11 Feb 2023

Did you know?

Socket installs a Github app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.

Install Socket
Socket
support@socket.devSocket SOC 2 Logo

Product

  • Package Issues
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc