Generate Access Token and STS Token in Ruby on Rails

In my previous articles, I provided a detailed step-by-step procedure on how to generate STS (Security Token Service) and Access Tokens using Postman. In this article, we will explore the process of obtaining these tokens using Ruby on Rails. I will guide you through the necessary steps to seamlessly integrate the token generation process into your Ruby on Rails application, allowing you to interact with the Selling Partner API efficiently and securely.

Let’s dive into the implementation and leverage the power of Ruby on Rails to handle token generation for seamless API communication with Amazon’s Selling Partner platform.

Credentials required to Generate STS token and Access token.

1. Aws_access_key_id and Aws_sceret_access_key You will get these keys while creating Iam User and Iam Role.
2. client_id and client_secret You get these credentials after you register your application on Seller Central.
3. ARN:Role You will get these keys while creating Iam User and Iam Role.
4. LWA refresh_token You get your LWA refresh token from Seller Central after Authorizing Your Application.
5. SP-API endpoint and AWS Region. Refer to SP-API Endpoints for more information.
6. HTTParty gem.
7. aws-sdk-core gem.

Getting Started Using Rails

Step 1: Add the following gems in gem file and run bundle install

gem 'httparty'
gem 'aws-sdk-core'

Step 2: Generate LWA Access Token Using following code

# generate access token request using Httparty
response = HTTParty.post(
  'https://api.amazon.com/auth/o2/token',
  body: {
        grant_type: 'refresh_token',
        client_id: 'CLIENT_ID',
        client_secret: 'CLIENT_SECRET',
        refresh_token: 'REFRESH_TOKEN',
      },
  headers: { 'Content-Type' => 'application/x-www-form-urlencoded' }
)

The response returns the access token that you use to authenticate to SP-API.

"access_token": "Atza|*****",
  "refresh_token": "Atzr|*****"'
  "token_type": "bearer", 
  "expires_in": 3600

Step 2.1 : Generate LWA Access Token for grantless Operations Using following code

# generate access token request using Httparty
response = HTTParty.post(
  'https://api.amazon.com/auth/o2/token',
  body: {
        grant_type: 'client_credentials',
        client_id: 'CLIENT_ID',
        client_secret: 'CLIENT_SECRET',
        scope: sellingpartnerapi::'api_name',
      },
  headers: { 'Content-Type' => 'application/x-www-form-urlencoded' }
)

The response returns the access token that you use to authenticate to SP-API Grantless Operations.

{
    "access_token": "Atc|*****",
    "scope": "sellingpartnerapi::*****",
    "token_type": "bearer",
    "expires_in": 3600
}

Step 3 : Generate LWA STS Token Using following code

# set up AWS credentials
Aws.config.update({
  region: 'region',
  credentials: Aws::Credentials.new('AWS_ACCESS_KEY_ID','AWS_SECRET_ACCESS_KEY'),
}

# set up STS client and request
sts_client = Aws::STS::Client.new

# generate STS token
response = sts_client.assume_role({
  role_arn: 'ROLE_ARN',
  role_session_name: 'sts',
  duration_seconds: 3600,
}

The response returns the STS token that you use to authenticate to SP-API.

{:access_key_id=>"****",
 :secret_access_key=>"*****",
 :session_token=>"*****",
 :expiration=>2023-08-10 13:47:14 UTC}

These Access token and STS token will be used further to call SP API amazon.