From 3dfa7ef66dda394ea8814b0066b6354f9d18a6bb Mon Sep 17 00:00:00 2001 From: Mendy Wolosow Date: Tue, 28 Mar 2023 19:34:43 -0400 Subject: [PATCH 1/2] Add refresh token to documentation --- README.md | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/README.md b/README.md index 9b927b846..e836b7008 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,48 @@ report.force_encoding($1) if headers['Content-Type'] =~ /charset *= *([^;]+)/ CSV.parse(report, headers: true, col_sep: "\t", liberal_parsing: true) # if it's a CSV report type ``` +## Getting refresh token + +### 1. Ask your customers to authorize your app: + +Create an authorization URL and share it with your customers. Replace `YOUR_APPLICATION_ID` and `YOUR_REDIRECT_URI` with the appropriate information. + +``` +url = https://sellercentral.amazon.com/apps/authorize/consent?application_id=YOUR_APPLICATION_ID&state=&redirect_uri=YOUR_REDIRECT_URI +``` + +```markdown +Authorize +``` + +The `state` parameter is optional, but useful for maintaining the state between the request and callback. The `redirect_uri` should be a URL-encoded endpoint that the user will be redirected to after granting consent. + +### 2. Get the authorization code: + +After your customer authorizes your app, they'll be redirected to the `redirect_uri`, and the authorization code will be appended to it as a query parameter named `spapi_oauth_code`. You should capture this code from the callback request at your `redirect_uri`. + +### 3. Exchange the authorization code for a refresh token: + +Write a Ruby function to exchange the authorization code for a refresh token. + +```ruby +def request_refresh_token(spapi_oauth_code) + body = { + code: spapi_oauth_code, + grant_type: 'authorization_code', + client_id: ENV['SP_API_CLIENT_ID'], + client_secret: ENV['SP_API_CLIENT_SECRET'], + redirect_uri: ENV['SP_API_REDIRECT_URI'] + } + + Faraday.post('https://api.amazon.com/auth/o2/token', body.to_json, {"Content-Type" => "application/json"}); +end +``` + +This response will contain a refresh token that you can use to make API calls on behalf of the customer. + +--- + ## Thanks to https://github.com/patterninc/muffin_man as the basis for [sp_api_client.rb](lib/sp_api_client.rb) From f3c07aa07a19bf9b9ee972404dfc7efc9bd3217c Mon Sep 17 00:00:00 2001 From: Mendy Wolosow Date: Tue, 28 Mar 2023 19:40:21 -0400 Subject: [PATCH 2/2] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e836b7008..3cb2dff52 100644 --- a/README.md +++ b/README.md @@ -78,9 +78,9 @@ CSV.parse(report, headers: true, col_sep: "\t", liberal_parsing: true) # if it's ## Getting refresh token -### 1. Ask your customers to authorize your app: +### 1. Create an authorization URL: -Create an authorization URL and share it with your customers. Replace `YOUR_APPLICATION_ID` and `YOUR_REDIRECT_URI` with the appropriate information. +Replace `YOUR_APPLICATION_ID` and `YOUR_REDIRECT_URI` with the appropriate information. ``` url = https://sellercentral.amazon.com/apps/authorize/consent?application_id=YOUR_APPLICATION_ID&state=&redirect_uri=YOUR_REDIRECT_URI @@ -94,7 +94,7 @@ The `state` parameter is optional, but useful for maintaining the state between ### 2. Get the authorization code: -After your customer authorizes your app, they'll be redirected to the `redirect_uri`, and the authorization code will be appended to it as a query parameter named `spapi_oauth_code`. You should capture this code from the callback request at your `redirect_uri`. +After authorizing your, you'll be redirected to the `redirect_uri`, and the authorization code will be appended to it as a query parameter named `spapi_oauth_code`. You should capture this code from the callback request at your `redirect_uri`. ### 3. Exchange the authorization code for a refresh token: