Support

  • Welcome
  • Video Central
  • Supported features
  • Finances
  • VOD delivery onboarding
  • Business-specific requirements
  • Availability and delivery
  • Prime Video packaging summary
  • Packaging requirements — US/UK/DE/JP (Classic)
  • Packaging requirements — All other territories (Global)
  • One Catalog
  • Technical asset requirements
  • Sample files
  • Ratings, languages, and genres
  • Frequently Asked Questions (FAQs)
  • Video tutorials
  • Video Central API
  • Legal

Your email has been sent

You should receive a response from Customer Service within one business day.

Token requests

Authorization codes are one-use tokens. When used to retrieve an access_token they return a refresh_token that may be used to retrieve the next access_token. The following section takes you through retrieving your first refresh_token.

Initial request

The first time you request a token, you'll need the following:

  • Application's security profile client_id
  • Application's security profile client_secret
  • Application's registered redirect_uri
  • Application authorization code previously created
  • The grant_type to use, which should be authorization_code

  1. Enter the client_id, client_secret, authorization_code, and grant_type as URL encoded form data.
  2. Make an HTTP request.
  3. Curl command to generate tokens from authorization_code:

    
        curl --request POST \
        --url https://api.amazon.com/auth/o2/token \
        --header 'content-type: application/x-www-form-urlencoded' \
        --data 'grant_type=authorization_code' \
        --data 'code=ANxuOkcwmzUHvimjMTAX'
        --data 'client_id=amzn1.application-oa2-client.20534a91be57487e9c3547dada8a7394' \
        --data 'client_secret=c007c411c9657dde807a11a96a3cfd8a2972f9599ac28de241675832f63cac05' \
        --data 'redirect_uri=https://development.amazon.com/ap/ibatest'
      

Two tokens are returned.


{
  "access_token": "Atza|IwEBIPSxTCdGGC-xL-ywFib_lJfg-D7d435Jw739GWa3xy6dHJxXqy2EwddQkIchiDNiqa4kFJ4iTv_
  WcFCPoQ6qNvEIxlwDU9yxadZon9-fWh42Qt-hqB8kL6X1iFaDVsBjt3DSgfbe5DYOn_NCOF_r0Z0c3ArA1ft1g082lKYDC4Lo_qYy
  VhRO0yn3cMEjzvgmiSJREtAg69Ey_7bfbqFycIv4IrPd45RIEnrHR1ovac66U8zeqXMjV6MLE2I-Q_34BmSM3WfdT8DUFsoRtsoZi
  rFAXPZT5BLrUl4iVUsNF3hr8w4-JIw63VG8KpNlg8jsgB8VQUSJe-vhQfGvukIKAkeQ-iReWSd-_8f2XfhZlhNuBBNu0LnpeCPdu7
  e7zJqzgZC3_oDE8wNDd89Z4qHn3fr7",
  "refresh_token": "Atzr|IwEBIDxSD_pLhlNA0Jn8UbGDhcsxEt70JizgXXXaITEwstKSsLO007_pNcQ13H6umgVcLvPiXthZL4
  UJnHv8tYAqbVVnH7CUanaA4MDwY9JMf-CVHltiDYm7uv6lTuBIVe5IgXPvyctGyuu8SQxPtKEgejF0Iyoy_7uWZ8l185XU426Bw1U
  E7CfifWl8NE2a13WmBFZJTnvjj2hkwCEnTAvUDRYHW7inp7REnKMU66EeX36Vv5ZrPl2YAgZe3xwm2bFsC5v8ytY_sBX6nN79AJ7j
  -wYY4EehyCFBgYNqXLLUaGPA4IBFRw3UW5XwR2EJ-VSloGucgINgzIS9tCVK4qg_hkU-XTnuEFOm-P9M4bAvL5oGXQ",
  "token_type": "bearer",
  "expires_in": 3600
}

  • access_token
    This short-lived token is included in HTTP requests to the API. Although short-lived, it's sensitive, so don't share it. New access_tokens can easily be generated.

  • refresh_token
    This indefinite token is used by the client to request all subsequent tokens and is also sensitive. Combined with the client_id and client_secret for your application, more access_tokens can be created. Note: The OAuth2 spec allows the refresh_token to change each time it's used. While the Amazon implementation doesn’t always do so, you should assume that it could happen any time and use a mutable secrets store for this value.

Ordinary token requests

Each subsequent call to get a new short-lived token must use a grant_type of refresh_token and include the refresh_token. The steps below are what your application will request each time it begins a new session. This step uses the refresh_token combined with the existing secrets to issue a new access_token which are short-lived.

  1. Enter the client_id, client_secret, redirect_url, and authorization_code, and grant_type as URL encoded form data.
  2. Make an HTTP request (using either Curl or Reference Implementation application).
  3. Use the following Curl command to generate access tokens using a refresh token:

    
        curl --request POST \
        --url https://api.amazon.com/auth/o2/token \
        --header 'content-type: application/x-www-form-urlencoded' \
        --data 'grant_type=refresh_token' \
        --data 'client_id=amzn1.application-oa2-client.20534a91be57487e9c3547dada8a7394' \
        --data 'client_secret=c007c411c9657dde807a11a96a3cfd8a2972f9599ac28de241675832f63cac05' \
        --data 'refresh_token=Atzr|IwEBIPw8sQi6vSq67a0QeWDjRp4DJusAHG9kg-707e9PVbCbFTD3mU3H9ztkXppkSfeIgGsq
        d4zDnwr5y5hbFZvqyEQPsPRPNspT4cyWNhS6teaQsgyQa6CDTEejwYksDC4rQCi77p67zAkVzh6vHAuVJwkmaXH8IFFouRvR5gp
        qrffASpNv1eZwLTyqJzMNyU2CNJrIgurqJmByJN3u-smxLkshqMej0anoykw8qyNTmNxrzYRZJR2KdZLH6Kcw9mO41zHJKVWKi_
        My4_bevVGd8viCGUeXeaRgOONI-GtGoQOZV7NwERLFkjT8Imw_yu4AeZ9lXEomFTy61RhieWvpxJmHNDb6MRuJcywFhx-h2fw1I
        jxP-W3J6HuVME69UMdapNkgk3bfgpWCsfkxDP3Qq1MddDkYvoTuJPAtqq12X4hvmlM1OZWsy8uG0Pckb9S3D1rh4g06pWcx-VaW
        GXQr2hbP58DWWQYIbLW-kZHD0eakoqNdrOtj56IMZZTz7RAPdmHiiHScDkgu6PyiBFBDBV7V'
      

Two tokens are returned.


{
  "access_token": "Atza|IwEBIPSxTCdGGC-xL-ywFib_lJfg-D7d435Jw739GWa3xy6dHJxXqy2EwddQkIchiDNiqa4kFJ4iTv_
  WcFCPoQ6qNvEIxlwDU9yxadZon9-fWh42Qt-hqB8kL6X1iFaDVsBjt3DSgfbe5DYOn_NCOF_r0Z0c3ArA1ft1g082lKYDC4Lo_qYy
  VhRO0yn3cMEjzvgmiSJREtAg69Ey_7bfbqFycIv4IrPd45RIEnrHR1ovac66U8zeqXMjV6MLE2I-Q_34BmSM3WfdT8DUFsoRtsoZi
  rFAXPZT5BLrUl4iVUsNF3hr8w4-JIw63VG8KpNlg8jsgB8VQUSJe-vhQfGvukIKAkeQ-iReWSd-_8f2XfhZlhNuBBNu0LnpeCPdu7
  e7zJqzgZC3_oDE8wNDd89Z4qHn3fr7",
  "refresh_token": "Atzr|IwEBIDxSD_pLhlNA0Jn8UbGDhcsxEt70JizgXXXaITEwstKSsLO007_pNcQ13H6umgVcLvPiXthZL4
  UJnHv8tYAqbVVnH7CUanaA4MDwY9JMf-CVHltiDYm7uv6lTuBIVe5IgXPvyctGyuu8SQxPtKEgejF0Iyoy_7uWZ8l185XU426Bw1U
  E7CfifWl8NE2a13WmBFZJTnvjj2hkwCEnTAvUDRYHW7inp7REnKMU66EeX36Vv5ZrPl2YAgZe3xwm2bFsC5v8ytY_sBX6nN79AJ7j
  -wYY4EehyCFBgYNqXLLUaGPA4IBFRw3UW5XwR2EJ-VSloGucgINgzIS9tCVK4qg_hkU-XTnuEFOm-P9M4bAvL5oGXQ",
  "token_type": "bearer",
  "expires_in": 3600
}

  • access_token
    This short-lived token is included in HTTP requests to the API. Although short-lived, it's sensitive, so don't share it. New access_tokens can easily be generated.

  • refresh_token
    This indefinite token is used by the client to request all subsequent tokens and is also sensitive. Combined with the client_id and client_secret for your application, more access_tokens can be created. Note: The OAuth2 spec allows the refresh_token to change each time it's used. While the Amazon implementation doesn’t always do so, you should assume that it could happen any time and use a mutable secrets store for this value.


An unexpected error occurred. Please try again later.
Your session has expired

Please sign in to continue

Sign In
edit