LWA Integration for Account Linking Offer Code
LWA Onboarding
For the account linking offer code construct there are few things that needs to be done in a specific manner for Prime to take consent on behalf of client. In this section we will discuss about those aspect and the overall LWA integration. A client is supposed to first complete the standard LWA on-boarding process through LWA public portal. Clients will do following steps:
- Sign up for an LWA specific profile to access LWA. Link = https://developer.amazon.com/docs/login-with-amazon/register-web.html
- Clients need to provide the redirect url of Prime cobranded page. This is required as Prime will be taking responsibility of getting customer consent on behalf of the 3P client. Clients need to check with Prime team for details regarding the url.
https://www.amazon.com/prime/offer/<clientStoreType>/<clientName>/<offerType>
- After the signup process, clients will receive LWA ApplicationId, LWA Client and LWA secret key. Please store the key in a secure location.
Note: The consent invocation process will be initiated by Prime itself for the client to ease integration on 3P end and once customer provides the consent, Prime will share the generated authCode embedded in the Prime Offer Code. Prime will need the Client’s LWA clientId which will be used for taking the consent on behalf of client.
Backend Integration
After the signup process is done, clients can start the LWA backend integration with their flow for:
- Generating the tokenPair (accessToken and refreshToken) from the authCode.
- Generating the accessToken from refreshToken for subsequent visits.
Following section provides details of the backend integrations required as part of the CX. For a detailed documentation on LWA, please refer: developer.amazon.com/docs/login-with-amazon/documentation-overview.html
Access Token Request using Auth Code
LWA public documentation link: https://developer.amazon.com/docs/login-with-amazon/authorization-code-grant.html#access-token-request
After client receives authorization code as explained in Account Linking offer code construct, they should use that code to obtain an access token by calling LWA APIs. With an access token, the client can read the details related to customer profile and also access Prime public APIs.
To request an access token, the client makes a secure HTTP POST request to one of the following regional endpoints:
- North America (NA) - https://api.amazon.com/auth/o2/token
- European Union (EU) - https://api.amazon.co.uk/auth/o2/token
- Far East (FE) - https://api.amazon.co.jp/auth/o2/token
Use the parameters listed in the table below for your POST request.
Request Parameters
| Parameter Name | Description |
|---|---|
| grant_type | REQUIRED. The type of access grant requested. Must be Authorization_code. |
| code | REQUIRED. The code obtained through the Prime offer code. |
| redirect_uri | REQUIRED. The redirect uri needs to be of Prime cobranded page https://www.amazon.com/prime/offer/clientStoreType/clientName/offerType |
| client_id | REQUIRED. The type of access grant requested. Must be Authorization_code. |
| client_secret | RECOMMENDED. The secret value assigned to the client during registration. We recommend this as it provide an option to get the long lived refreshToken as well which will help in minimizing the friction for customer’s subsequent visit. When no client_secret is passed, no refresh token will be returned. Access token will still be returned if the code_verifier is valid. |
| code_verifier | NOT-RECOMMENDED. This is recommended from LWA but due to the delegated nature of integration Prime don’t recommend adding this for the reason that part of the flow is triggered by Prime whereas the backend aspect to get access and refresh token is handled at the client end. |
Once you obtain the Access and Refresh Token, please continue the integration
Access Token Response
Access Token Errors
For generating access token from stored refresh token
Obtain Customer Profile
To obtain customer profile data using the generated accessToken. Client must onboard to LWA customer profile api to get the customer data corresponding to the scopes for which the consent was provided. Scope details for getting the specific user information are as follow:
| Customer Info | Scope |
|---|---|
| Name, Email | “profile” |
| Prime Status | “prime:benefit_status” |
| Phone Number | “profile:contact“ |
The required scopes will be configured and allowlisted on Prime end and Prime will use it to get consent from customer for those information. Integration details can be found here: https://developer.amazon.com/docs/login-with-amazon/obtain-customer-profile.html