Generate STS Token for SP API Amazon

When working with the Selling Partner API, whether through Postman or any other development language, the key element in the process is the STS (Security Token Service).

Generate temporary AWS access keys using AWS Security Token Service (STS): Request temporary, limited-privilege credentials for the Identity and Access Management (IAM) user that you will use to sign SP-API requests.

You can proceed if your application ID is associated with an IAM role ARN.

Credentials required to Access Token

1. Aws_access_key_id and Aws_sceret_access_key You will get these keys while creating Iam User and Iam Role.

Generate a Login with Amazon (LWA) STS token using Postman

Open Postman and sign in to your account.

• For Workspaces, choose your workspace.
• Choose New.
• On the Create New dialog box, choose HTTP Request.
• For Request, choose GET.

Choose GET

• Copy and paste the following link into the text box.

https://sts.amazonaws.com/?Version=2011-06-15&Action=AssumeRole&RoleSessionName=Test&RoleArn=arn:aws:iam::XXXXXXXXXXXX:role/SellingParSellingPart&DurationSeconds=3600

Add ARN and URL

• Replace arn:aws:iam::XXXXXXXXXXXX:role/SellingParSellingPart with your IAM role ARN provided when registering your application.
• Choose the Authorization tab, for Type choose AWS Signature.
• Enter your AWS AccessKey and SecretKey in the corresponding fields. AWS access keys are received after configuring your IAM policies and entities for SP-API. Refer to Creating and configuring IAM policies and entities for more information.

Enter your information on the Authorization tab

• For AWS Region, enter the AWS Region for your SP-API endpoint (for example, us-east-1 for North America). Refer to SP-API Endpoints to find the AWS Region for your SP-API endpoint.
• For Service name, entersts.
• Choose Send.

The response returns the STS token that you use to authenticate to SP-API.

<AssumeRoleResponse xmlns="https:sts.amazonaws.com/doc/2011-06-15">
  <AssumeRoleResult>
    <AssumedRoleUser>
      <AssumedRoleId>xxxxxxxxxxxx</AssumedRoleId>
      <Arn>arn:aws:sts xxxxxxxxx</Arn>
    </AssumedRoleUser>
    <Credentials>
      <AccessKeyId>xxxxxxxxxx</AccessKeyId>
      <SecretAccessKey>xxxxxxxxxxxxxx</SecretAccessKey>
      <SessionToken>xxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxx
        xxxxxxxxxxxxxxxxxxxxxxx</SessionToken>
      <Expiration>xxxxxxxxxxxx</Expiration>
    </Credentials>
  </AssumeRoleResult>
  <ResponseMetadata>
    <RequestId>xxxxxxxxxxxxxxxxxxxxx</RequestId>
  </ResponseMetadata>
</AssumeRoleResponse>