Getting Started for Web

In this guide we will show you how to add Login with Amazon to your website or web service. After completing this guide you should have a working Login with Amazon button on your website to allow users to log in with their Amazon credentials.

In order to integrate Login with Amazon with your website or app, you must first sign up.

Expand all

1Register Your Application

First, you will need to register your website as an Application on the App Console.

Register Your Login with Amazon Application

  1. In the App Console register a new application by clicking the Register new Application button. The Register Your Application form will appear.
    Note: You will be redirected to Seller Central, which handles application registration for Login with Amazon. If this is your first time using Seller Central, you will be asked to setup a Seller Central account.

  2. In the application details page, add basic details about your product. These details will be used on your website and mobile apps (if applicable).
    1. Name Shown to Users. This is the name displayed on the consent screen when the users agree to share the information with your application. This name applies to Android, iOS, and website versions of your application.
    2. Description. A description of your application for Login with Amazon users.
    3. Privacy Notice URL. The Privacy URL is the location of your company or application's privacy policy. It is also displayed on the consent screen. This link is displayed to users when they first login to your application (for example, http://www.example.com/privacy.html).
    4. Logo Image File. This logo will represent your business or website on Amazon. The logo will be displayed as a 150x150 pixel image; if you upload a file of a different size, it will be scaled to fit.

    When you are finished, click Save to save your changes. Your sample registration should look similar to this:

Add a Website to your Application

  1. From the Application screen, click Web Settings. You will automatically be assigned values for Client ID and Client Secret. The client ID identifies your website, and the client secret is used in some circumstances to verify your website is authentic. The client secret, like a password, is confidential. To view the client secret, click Show Secret.

  2. To add Allowed JavaScript Origins or Allowed Return URLs to your application, click Edit.

    Note: To use Login with Amazon with a website, you must specify either an allowed JavaScript origin (for the Implicit grant) or an allowed return URL (for the Authorization Code grant). If you are using Pay with Amazon, you must specify an allowed JavaScript origin.

    1. If your website will use the Login with Amazon SDK for JavaScript, add your website origin to Allowed JavaScript Origins. An origin is the combination of protocol, domain name and port (for example, https://www.example.com:8443). Allowed origins must use the HTTPS protocol. If you are using a standard port (port 443) you need only include the domain name (for example, https://www.example.com).

      Adding your domain here allows the SDK for JavaScript to communicate with your website directly during the login process. Web browsers normally block cross-origin communication between scripts unless the script specifically allows it.

      To add more than one origin, click Add Another.

    2. If your website will be making HTTPS calls to the Login with Amazon authorization service and specifying a redirect_uri for replies, add those redirect URIs to Allowed Return URLs. The return URL includes the protocol, domain, path, and query string(s) (for example, https://www.example.com/login.php).

      To add more than one return URL, click Add Another.

  3. Click Save
  4. Close Section

2Add the Login with Amazon Button

Next, add the Login with Amazon button to your website. You can pick from a variety of buttons and choose the image that best fits your website. See the Login with Amazon Style Guidelines for best practices and a list of images to choose from.

  1. Add the following code to your website where you would like the button to appear. For the purposes of this guide, this must be an HTTPS website:

    <a href="#" id="LoginWithAmazon">
      <img border="0" alt="Login with Amazon"
        src="https://images-na.ssl-images-amazon.com/images/G/01/lwa/btnLWA_gold_156x32.png"
        width="156" height="32" />
    </a>
    
  2. Optional. Add the following link to your website where you would like a "Logout" prompt to appear:
    <a id="Logout">Logout</a>
  3. Refresh the page to confirm that the button now appears on your website.
Close Section

3Add the SDK for JavaScript

The Login with Amazon SDK for JavaScript will handle all of the difficult parts of integrating Login with Amazon into your website.

  1. Add the following code after the opening <body> in your page to load the JavaScript into your page:
    <div id="amazon-root"></div>
    <script type="text/javascript">
    
      window.onAmazonLoginReady = function() {
        amazon.Login.setClientId('YOUR-CLIENT-ID');
      };
      (function(d) {
        var a = d.createElement('script'); a.type = 'text/javascript';
        a.async = true; a.id = 'amazon-login-sdk';
        a.src = 'https://api-cdn.amazon.com/sdk/login1.js';
        d.getElementById('amazon-root').appendChild(a);
      })(document);
    
    </script>
  2. Replace YOUR-CLIENT-ID with your Client ID from the Register Your Application section above.
  3. Add the following JavaScript after the Login with Amazon button on your site.
    <script type="text/javascript">
    
      document.getElementById('LoginWithAmazon').onclick = function() {
        options = { scope : 'profile' };
        amazon.Login.authorize(options, 'https://www.example.com/handle_login.php');
        return false;
      };
    
    </script>
    
  4. Replace www.example.com with the domain of your website.

    Note: Once the user has logged in and consented to share the specified data, the current window will be redirected to the given URI and the authorization response will be added to the query string. The URI must use the HTTPS protocol and be on the same domain as the current window.

  5. Optional. After users are authorized, you should add access to a Logout hyperlink or button on your site so they can logout.

    Add the following JavaScript to enable users to logout:

    <script type="text/javascript">
      document.getElementById('Logout').onclick = function() {
        amazon.Login.logout();
    };
    </script>
    

You will be handling the response from Amazon with /handle_login.php on your website in the next section. You can change this path to one of your choosing at a later time.

Close Section

4Obtain Profile Information

Next, obtain the user's profile information from Amazon using the Access Token returned by the SDK.

  1. In your server-side application, handle the request made to /handle_login.php, and obtain profile information using the access token and the Profile REST API. If you use the following code sample, replace YOUR-CLIENT-ID with your Client ID from the Register Your Application section above.

    Select a language:
    // verify that the access token belongs to us
    $c = curl_init('https://api.amazon.com/auth/o2/tokeninfo?access_token=' . urlencode($_REQUEST['access_token']));
    curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
     
    $r = curl_exec($c);
    curl_close($c);
    $d = json_decode($r);
     
    if ($d->aud != 'YOUR-CLIENT-ID') {
      // the access token does not belong to us
      header('HTTP/1.1 404 Not Found');
      echo 'Page not found';
      exit;
    }
     
    // exchange the access token for user profile
    $c = curl_init('https://api.amazon.com/user/profile');
    curl_setopt($c, CURLOPT_HTTPHEADER, array('Authorization: bearer ' . $_REQUEST['access_token']));
    curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
     
    $r = curl_exec($c);
    curl_close($c);
    $d = json_decode($r);
     
    echo sprintf('%s %s %s', $d->name, $d->email, $d->user_id);
    

    You must download the pycurl library to use this sample code.

    import pycurl
    import urllib
    import json
    import StringIO
     
    ...
     
    b = StringIO.StringIO()
     
    # verify that the access token belongs to us
    c = pycurl.Curl()
    c.setopt(pycurl.URL, "https://api.amazon.com/auth/o2/tokeninfo?access_token=" + urllib.quote_plus(access_token))
    c.setopt(pycurl.SSL_VERIFYPEER, 1)
    c.setopt(pycurl.WRITEFUNCTION, b.write)
     
    c.perform()
    d = json.loads(b.getvalue())
     
    if d['aud'] != 'YOUR-CLIENT-ID' :
        # the access token does not belong to us
        raise BaseException("Invalid Token")
     
    # exchange the access token for user profile
    b = StringIO.StringIO()
     
    c = pycurl.Curl()
    c.setopt(pycurl.URL, "https://api.amazon.com/user/profile")
    c.setopt(pycurl.HTTPHEADER, ["Authorization: bearer " + access_token])
    c.setopt(pycurl.SSL_VERIFYPEER, 1)
    c.setopt(pycurl.WRITEFUNCTION, b.write)
     
    c.perform()
    d = json.loads(b.getvalue())
     
    print "%s %s %s"%(d['name'], d['email'], d['user_id'])
    

    You must download the Jackson and HttpComponents libraries to use this sample code.

    import com.fasterxml.jackson.core.type.TypeReference;
    import com.fasterxml.jackson.databind.ObjectMapper;
    import org.apache.http.client.fluent.Content;
    import org.apache.http.client.fluent.Request;
     
    import java.net.URLEncoder;
    import java.util.Map;
     
    ...
     
    // verify that the access token belongs to us
    Content c = Request.Get("https://api.amazon.com/auth/o2/tokeninfo?access_token=" + URLEncoder.encode(access_token, "UTF-8"))
                       .execute()
                       .returnContent();
     
    Map m = new ObjectMapper().readValue(c.toString(), new TypeReference>(){});
     
    if (!"YOUR-CLIENT-ID".equals(m.get("aud"))) {
        // the access token does not belong to us
        throw new RuntimeException("Invalid token");
    }
     
    // exchange the access token for user profile
    c = Request.Get("https://api.amazon.com/user/profile")
               .addHeader("Authorization", "bearer " + access_token)
               .execute()
               .returnContent();
     
    m = new ObjectMapper().readValue(c.toString(), new TypeReference>(){});
     
    System.out.println(String.format("%s %s %s", m.get("name"), m.get("email"), m.get("user_id")));
    
    require "rubygems"
    require "net/https"
    require "json"
    require "uri"
     
    ...
     
    # verify that the access token belongs to us
    uri = URI.parse("https://api.amazon.com/auth/o2/tokeninfo?access_token=" + URI.encode(access_token))
    req = Net::HTTP::Get.new(uri.request_uri)
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = true
    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
     
    response = http.request(req)
    decode = JSON.parse(response.body)
     
    if decode['aud'] != 'YOUR-CLIENT-ID'
      # the access token does not belong to us
      raise "Invalid token"
    end
     
    # exchange the access token for user profile
    uri = URI.parse("https://api.amazon.com/user/profile")
    req = Net::HTTP::Get.new(uri.request_uri)
    req['Authorization'] = "bearer " + access_token
    http = Net::HTTP.new(uri.host, uri.port)
    http.use_ssl = true
    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
     
    response = http.request(req)
    decode = JSON.parse(response.body)
     
    puts sprintf "%s %s %s", decode['name'], decode['email'], decode['user_id']
    
  2. Launch your website and confirm you can log in with your Amazon.com credentials.
Close Section

Finish Integration with Your Website

Now you know how to add Login with Amazon to your website. The next steps are to integrate Amazon user accounts into your account management system and use these to personalize your website for Amazon customers. For more information, see:

Need more help? Check out our forums