search

amzn / selling-partner-api-models

This repository contains OpenAPI models for developers to use when developing software to call Selling Partner APIs.
Apache License 2.0
585 stars 730 forks source link

Do multi-region sellers need to re-authorize? #1275

Closed vazmin closed 3 years ago

vazmin commented 3 years ago

  1. If the seller has stores in two regions, does it need to be authorized separately on https://sellercentral.amazon.com and https://sellercentral-europe.amazon.com ?

  2. If multiple authorizations are required, is the rate shared or independent?

AmandeepSingh179 commented 3 years ago

I'm also looking for the answer.

marconline commented 3 years ago

@vazmin : in past (using MWS) they needed to authorize twice. I don't know exactly in SP-API, but I guess it's the same, since the Authorization URL changes. The rate, at least in the past, was a combination of seller and application, so - since they were two different users (even if they were on the same account), they were indipendent. Hope this is the same for SP-API.

vazmin commented 3 years ago

@marconline

  1. I tried to use the authorization of a store in North America to request data in Europe, but it didn't deny me access. It returned the payload of an empty list normally.

  2. After authorized by the US store, you can see the authorization information in my application list, but you can't find the authorized application information after switching to Mexico or Singapore.

I didn’t find the relevant clear instructions, nor did I have enough data to verify, only the existing data was guessed, and the results were a bit ambiguous, which made me feel confused.

marconline commented 3 years ago

I really don't know. On the docs there is just this sentence: Important. If you have a hybrid Selling Partner API applications, your calls to Amazon Marketplace Web Service (Amazon MWS) endpoints have the same restrictions as an Amazon MWS application. That is, when you call an Amazon MWS endpoint, you must use Amazon MWS Access Keys associated with the region that the endpoint comes from.

So it seems that:

  1. if you call a MWS endpoint, you must use the correct token (and this is as I know)
  2. if you call a SP-API endpoint, you just use the token you have (so it may be like you said)

Who knows! I'll discover as soon as we migrated some of our customers. I'll keep you posted.

vazmin commented 3 years ago

@marconline Looking forward to your good news.

I don't know much about MWS. Do I need to authorize twice or three times in North America, Europe and the Far East?

SP API has two authorization endpoints, one in exchange for tokens, and three regional endpoints.

marconline commented 3 years ago

@vazmin Yes, with MWS you need to authorize twice or three times, even because application ids are different for each region. But I supposed that the SP-API token was different as well for each of the three regions as well. I'll let you know.

marconline commented 3 years ago

Hi @vazmin, right now I can tell that the MWS Token behavior it's the same as before (i.e. 1 token for the same region, while different for different regions). I will get into this more in the next days, will keep you posted on my discoveries.

vikingcodes commented 3 years ago

@vazmin Amazon oauth_code, refresh_token and access_token valid for a region.

Amazon post following parameters to your return_uri in hybrid app case.

mws_auth_token=amzn.mws.7cbb909e-yiiss-3333 spapi_oauth_code=ANSeLgKaDneaSVGeqBRuDj&state=Test selling_partner_id=A36ECEDAZHEJK6

You need Exchange oauthcode with refresh_token and access_token.

marconline commented 3 years ago

@vikingcodes, sounds good because it reflects what's the actual behavior on MWS. But there is a strange thing: how is it possible that @vazmin suceeded in calling the EU endpoint using a NA token? Isn't it a strange behavior?

vikingcodes commented 3 years ago

@marconline It's not possible. I tested that many times. I will try that flow today again. Will confirm with you.

marconline commented 3 years ago

@vikingcodes , oh nice! Thanks, I'll test tomorrow as well with a EU token going on NA endpoint and will double check. Thanks

vikingcodes commented 3 years ago

getting the following error when using NA acess_token to access EU API .

{ "errors": [ { "message": "Access to requested resource is denied.", "code": "Unauthorized", "details": "" } ]

vazmin commented 3 years ago

getting the following error when using NA acess_token to access EU API .

{ "errors": [ { "message": "Access to requested resource is denied.", "code": "Unauthorized", "details": "" } ]

Using an access token will definitely be rejected. Have you tried to use refresh_token to get access tokens in different region to access again?

Have you modified the region of AWSAuthenticationCredentials?

marconline commented 3 years ago

@vazmin , there is no marketplace / region connection when you refresh token, as far as I know. So the link between token and marketplace / region is probably written inside the token. This means that a seller, selling on multiple regions (eg. EU and NA) will have to authorize you at least twice, as he does today with MWS. @vikingcodes , is my assumption correct?

vikingcodes commented 3 years ago

@marconline You received an authentication code when amazon posts parameters to app's return_URI.

That means posted parameters belongs specific to any regions

mws_auth_token=amzn.mws.7cbb909e-yiiss-3333 spapi_oauth_code=ANSeLgKaDneaSVGeqBRuDj&state=Test selling_partner_id=A36ECEDAZHEJK6

Later you exchange that authentication code to refresh the token.

But it still belongs to specific regions.

But if you exchanging authentication code to another region's refresh token then you will receive the following error

{ "error_description": "The request has an invalid grant parameter : code", "error": "invalid_grant" }

vazmin commented 3 years ago

Re-run the previous test case found that it could not pass