Skip to main content

Set up a token-based HTTP connection to Amazon Vendor Central

Kathyana Rule
  • Updated

Amazon Vendor Central is a supplier platform for first-party vendors selling products in bulk to Amazon. It is used primarily by manufacturers and distributors.

Token-based authentication is stateless, which means that neither the server nor the session stores any information about the user. The token is sent on every request, helping to prevent cross-site request forgery attacks. For added security, the token expires after a set amount of time.

You can build integrations with apps that use HTTP even if the connection is not already provided by Celigo integrator.io.

Before creating the connection, review your app’s API guide. It should provide the information you need, such as the kind of authentication that the app requires and its URI.

Amazon Vendor Central documentation: Amazon GitHub developer API guide
Additional reference: Login with Amazon

Contents

A. Set up a token-based HTTP connection to Amazon Vendor Central

Start establishing an HTTP connection to Amazon Vendor Central in either of the following ways:

  • From the Resources menu, select Connections. Then, click + Create connection at the top right.
        – or –
  • While working in a new or existing integration, you can add an application to a flow simply by clicking Add source or Add destination/lookup.

In the resulting Application list, select HTTP.

The Create connection pane opens with required and advanced settings.

B. Edit HTTP application details

At this point, you’re presented with a series of options for providing HTTP authentication.

Important: This connection requires that you’ve set up an AWS account, registered as a developer, registered an Amazon Vendor Central account, and registered your application for the Selling Partner API. You’ll also need to set up a token-based login using Login with Amazon.

Base URI (required): Provide the base URI for the Amazon Selling Partner API. URIs are divided by region:

Geographic region Endpoint AWS region
North America (Canada, US, Mexico, and Brazil marketplaces) https://sellingpartnerapi-na.amazon.com us-east-1
Europe (Spain, UK, France, Germany, Italy, Turkey, U.A.E, and India marketplaces) https://sellingpartnerapi-eu.amazon.com eu-west-1
Far East (Singapore, Australia, and Japan marketplaces) https://sellingpartnerapi-fe.amazon.com us-west-2

Media type (required): Specify the data format used in the HTTP request and HTTP response bodies. These data formats determine how the information is sent to the API and include JSON, XML, multipart/form-data, and URL encoded.

Configure authentication

Authentication type (required): Select token from the list.

Token (required): Enter your API token. Multiple layers of protection are in place, including AES 256 encryption, to keep your connection’s secret safe. When editing this form later, you must generate this value again; it is stored only when the connection is saved and never displayed as text.

Send token via (required): Select the location where your API expects to find the authentication token:

  • HTTP body: The API requires the token to be embedded in the body structure of your HTTP request. In such cases, place the token in your body template using the handlebars placeholder {connection.http.token.token}.
  • HTTP header: Allows you to specify the header name and authentication scheme to use when constructing the HTTP request.
    • Header name (required, enabled when Send token via is set to HTTP header): Enter the header field name that contains the token, if the API expects a field other than Authorization.
    • Header scheme (optional): Select an HTTP authorization header scheme value. For example, Bearer would be the scheme value for Authorization: Bearer my_secret_api_token.
  • URL parameter: The authentication token is located in the URL. Specify the query string parameter name that holds the token value.
    • Parameter name (required, enabled when Send token via is set to URL parameter): Specify the name of the URL parameter that holds the API token value. For example, if you enter myAPITokenURLParam, then all HTTP requests will be sent in the format ?myAPITokenURLParam=<token>.

Override HTTP status code for auth errors (optional): Provide an alternate status code if the HTTP status code for auth errors returned by this app is not the standard 401. For example, for an API that returns a generic 400 status code, enter 400 and then specify the field in the HTTP response body that indicates auth errors.

Configure token refresh

Refresh token (required): Enter a token that can serve as a refresh expired auth token. You can place this token in the body, headers or URL simply by referencing it with the handlebars placeholder {{connection.http.auth.token.refreshToken}}. Multiple layers of protection are in place, including AES 256 encryption, to keep your connection’s secret safe. When editing this form later, you must generate this value again; it is stored only when the connection is saved and never displayed as text.

HTTP method (required): If the service you’re connecting to supports token request/refresh, select the HTTP method to use in the token call. When you select POST, the setting HTTP request body is revealed, below.

Relative URI (optional): If the service you’re connecting to supports requests to obtain or refresh existing tokens, enter the URL (relative to the base URI) to use in the request token call. Click the handlebars (Open handlebars editor button) button to open the Advanced field editor and create or edit a template. Note that handlebars placeholders, such as {{connection.http.encrypted.password}}, may be used to reference any connection fields. Typically, a username/password or refresh token is required in the request, which you can store in the encrypted field or, if not sensitive, the unencrypted field.

Configure HTTP headers (optional): In some cases, it may be necessary to include custom HTTP headers with your token refresh requests. You can reference dynamic path field names for the connection using handlebars {{placeholders}}.

Override media type (optional): When the HTTP request requires a different media type than what is configured on the connection, select an alternate value.

HTTP request body (optional, enabled when HTTP method is POST): If the service you’re connecting to supports requests to obtain or refresh existing tokens, enter the body to use in the request token call. Click the handlebars (Open handlebars editor button) button to open the Advanced field editor and create or edit a template. You may also use handlebars placeholders to reference any connection fields. Typically, a username/password or refresh token would be passed in the request. You can store these values in the encrypted field or, if not sensitive, the unencrypted field. For example, {{connection.http.encrypted.password}}.

Path to token field in HTTP response body (optional): If the service you’re connecting to supports requests to obtain or refresh tokens, enter the path contained in the HTTP response where the new token can be extracted. If no value is found at this path, then the token request is considered a failure.

Edit common HTTP settings (optional).

C. Save, test, and authorize

Once you have configured the token-based HTTP connection, you have a few options for continuing:

  • Save & authorize – click this button to test the connection, and commit the new connection so that it will be available to all integrations for your account (and applied to the current source or destination app, if you created it within a flow) 
  • Close – click this link to exit connection creation without saving
  • Test connection – click this button to verify that your new connection is free of errors

When you Save & authorize, a new browser window opens to ask you to grant access to integrator.io for the specified scopes. If you allow the request, the refresh token is stored within this connection.

Related articles

Comments

0 comments

Please sign in to leave a comment.