Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@sp-api-sdk/auth

Package Overview
Dependencies
Maintainers
1
Versions
91
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@sp-api-sdk/auth

Amazon Selling Partner API authentication package

  • 1.11.6
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
282
decreased by-28.79%
Maintainers
1
Weekly downloads
 
Created
Source

@sp-api-sdk/auth

Amazon Selling Partner API authentication package

Installing

  • npm install @sp-api-sdk/auth

Authentication models

This library supports both authentication models: IAM user credentials, or an IAM role (using STS AssumeRole).

Using an AWS IAM user

import { SellingPartnerApiAuth } from "@sp-api-sdk/auth";

const auth = new SellingPartnerApiAuth({
  clientId: "",
  clientSecret: "",
  refreshToken: "Atzr|...",
  accessKeyId: "",
  secretAccessKey: "",
  sessionToken: "", // If you’re authenticated using temporary credentials
});

const accessToken = await auth.accessToken.get();
const { AccessKeyId, SecretAccessKey } = await auth.getCredentials();

Using an AWS IAM role

import { SellingPartnerApiAuth } from "@sp-api-sdk/auth";

const auth = new SellingPartnerApiAuth({
  clientId: "",
  clientSecret: "",
  refreshToken: "Atzr|...",
  accessKeyId: "",
  secretAccessKey: "",
  region: "", // You can provide an AWS region that will be used for the STS calls
  role: {
    arn: "",
    sessionName: "SellingPartnerAPI", // Optional
  },
});

const accessToken = await auth.accessToken.get();
const { AccessKeyId, SecretAccessKey, SessionToken } = await auth.getCredentials();

getCredentials will return a set of temporary security credentials that last for 1 hour.

Default values from the environment

These constructor options can be passed using environment variables:

Property NameEnvironement variable
clientIdLWA_CLIENT_ID
clientSecretLWA_CLIENT_SECRET
accessKeyIdAWS_ACCESS_KEY_ID
secretAccessKeyAWS_SECRET_ACCESS_KEY
sessionTokenAWS_SESSION_TOKEN
regionAWS_DEFAULT_REGION
role.arnAWS_ROLE_ARN
role.sessionNameAWS_ROLE_SESSION_NAME

Grantless APIs support

Some APIs require grantless authentication, which is done by passing scopes, instead of a refresh token. The available scopes are exposed in the AuthorizationScope enum from this library.

import { SellingPartnerApiAuth, AuthorizationScope } from "@sp-api-sdk/auth";
import { AuthorizationApiClient } from "@sp-api-sdk/authorization-api-v1";

const auth = new SellingPartnerApiAuth({
  clientId: "",
  clientSecret: "",
  scopes: Object.values(AuthorizationScope), // Or choose the only ones you need
  accessKeyId: "",
  secretAccessKey: "",
});

const accessToken = await auth.accessToken.get();
const credentials = await auth.getCredentials();

Credentials caching

accessToken.get() caches the access token for its whole duration, it will only request a new token if the current one has expired.

The same goes for the STS temporary credentials returned by getCredentials, the credentials are cached until they expire.

Keywords

FAQs

Package last updated on 28 Sep 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc