Generate Access Token and STS Token in Ruby on Rails
In my previous articles, I provided a detailed step-by-step procedure on how to generate STS (Security Token Service) and Access Tokens using Postman. In this article, we will explore the process of obtaining these tokens using Ruby on Rails. I will guide you through the necessary steps to seamlessly integrate the token generation process into your Ruby on Rails application, allowing you to interact with the Selling Partner API efficiently and securely.
Let’s dive into the implementation and leverage the power of Ruby on Rails to handle token generation for seamless API communication with Amazon’s Selling Partner platform.
Credentials required to Generate STS token and Access token.
Aws_access_key_id
andAws_sceret_access_key
You will get these keys while creating Iam User and Iam Role.client_id
andclient_secret
You get these credentials after you register your application on Seller Central.ARN:Role
You will get these keys while creating Iam User and Iam Role.- LWA
refresh_token
You get your LWA refresh token from Seller Central after Authorizing Your Application. - SP-API endpoint and AWS Region. Refer to SP-API Endpoints for more information.
- HTTParty gem.
- aws-sdk-core gem.
Getting Started Using Rails
Step 1: Add the following gems in gem file and run bundle install
gem 'httparty'
gem 'aws-sdk-core'
Step 2: Generate LWA Access Token Using following code
# generate access token request using Httparty
response = HTTParty.post(
'https://api.amazon.com/auth/o2/token',
body: {
grant_type: 'refresh_token',
client_id: 'CLIENT_ID',
client_secret: 'CLIENT_SECRET',
refresh_token: 'REFRESH_TOKEN',
},
headers: { 'Content-Type' => 'application/x-www-form-urlencoded' }
)
The response returns the access token that you use to authenticate to SP-API.
"access_token": "Atza|*****",
"refresh_token": "Atzr|*****"'
"token_type": "bearer",
"expires_in": 3600
Step 2.1 : Generate LWA Access Token for grantless Operations Using following code
# generate access token request using Httparty
response = HTTParty.post(
'https://api.amazon.com/auth/o2/token',
body: {
grant_type: 'client_credentials',
client_id: 'CLIENT_ID',
client_secret: 'CLIENT_SECRET',
scope: sellingpartnerapi::'api_name',
},
headers: { 'Content-Type' => 'application/x-www-form-urlencoded' }
)
The response returns the access token that you use to authenticate to SP-API Grantless Operations.
{
"access_token": "Atc|*****",
"scope": "sellingpartnerapi::*****",
"token_type": "bearer",
"expires_in": 3600
}
Step 3 : Generate LWA STS Token Using following code
# set up AWS credentials
Aws.config.update({
region: 'region',
credentials: Aws::Credentials.new('AWS_ACCESS_KEY_ID','AWS_SECRET_ACCESS_KEY'),
}
# set up STS client and request
sts_client = Aws::STS::Client.new
# generate STS token
response = sts_client.assume_role({
role_arn: 'ROLE_ARN',
role_session_name: 'sts',
duration_seconds: 3600,
}
The response returns the STS token that you use to authenticate to SP-API.
{:access_key_id=>"****",
:secret_access_key=>"*****",
:session_token=>"*****",
:expiration=>2023-08-10 13:47:14 UTC}
These Access token and STS token will be used further to call SP API amazon.