@sp-api-sdk/auth
Advanced tools
@sp-api-sdk/auth
Amazon Selling Partner API authentication package
npm install @sp-api-sdk/auth
The SellingPartnerApiAuth class handles OAuth token acquisition from Login with Amazon (LWA). You must provide exactly one of refreshToken or scopes.
import { SellingPartnerApiAuth } from "@sp-api-sdk/auth";
// `clientId` and `clientSecret` default to the `LWA_CLIENT_ID` and
// `LWA_CLIENT_SECRET` environment variables.
const auth = new SellingPartnerApiAuth({
refreshToken: await getRefreshTokenForSeller(sellerId),
});
const accessToken = await auth.getAccessToken();
The following constructor options default to environment variables when omitted. You can still pass them explicitly to override the defaults.
| Property Name | Environment variable |
|---|---|
clientId | LWA_CLIENT_ID |
clientSecret | LWA_CLIENT_SECRET |
refreshToken | LWA_REFRESH_TOKEN |
Some APIs (e.g. Notifications API) require grantless authentication, which is done by passing scopes instead of a refresh token.
The available scopes are exposed in the AuthorizationScope enum from this library.
import { SellingPartnerApiAuth, AuthorizationScope } from "@sp-api-sdk/auth";
import { NotificationsApiClient } from "@sp-api-sdk/notifications-api-v1";
// `clientId` and `clientSecret` default to the `LWA_CLIENT_ID` and
// `LWA_CLIENT_SECRET` environment variables.
const auth = new SellingPartnerApiAuth({
scopes: [AuthorizationScope.NOTIFICATIONS],
});
const client = new NotificationsApiClient({
auth,
region: "eu",
});
Available scopes:
AuthorizationScope.NOTIFICATIONS - For the Notifications APIAuthorizationScope.CLIENT_CREDENTIAL_ROTATION - For client credential rotationgetAccessToken() caches the access token in memory for its whole duration, it will only request a new token if the current one has expired.
You can subclass SellingPartnerApiAuth to add custom logic, for example, caching the access token in an external store.
The protected accessTokenExpiration getter provides the current token's expiration date, which is useful for setting TTLs in your cache.
import { SellingPartnerApiAuth } from "@sp-api-sdk/auth";
import { storeToken, getToken } from "./token-store";
class StoredSellingPartnerApiAuth extends SellingPartnerApiAuth {
async getAccessToken() {
let token = await getToken();
if (token) {
return token;
}
token = await super.getAccessToken();
await storeToken(token, { ttl: this.accessTokenExpiration });
return token;
}
}
Authentication errors are thrown as SellingPartnerApiAuthError instances, which extend AxiosError.
import { SellingPartnerApiAuth, SellingPartnerApiAuthError } from "@sp-api-sdk/auth";
try {
const accessToken = await auth.getAccessToken();
} catch (error) {
if (error instanceof SellingPartnerApiAuthError) {
console.error(error.message); // e.g. "access-token error: Response code 401"
}
}
MIT
╚⊙ ⊙╝
╚═(███)═╝
╚═(███)═╝
╚═(███)═╝
╚═(███)═╝
╚═(███)═╝
╚═(███)═╝
FAQs
Amazon Selling Partner API authentication package
The npm package @sp-api-sdk/auth receives a total of 2,304 weekly downloads. As such, @sp-api-sdk/auth popularity was classified as popular.
We found that @sp-api-sdk/auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 11.5 now recognizes npm staged publish approvals in release metadata, preventing those releases from being mistaken for lower-trust package publishes.
Security News
Federal audit finds NIST lacked a plan to clear the NVD backlog, wasted funds on duplicate work, and delayed use of CISA data.
Research
/Security News
A mini Shai-Hulud campaign compromised Red Hat Cloud Services npm packages to steal developer and CI/CD secrets during installation.