amazon-sp-api: CustomError: Client authentication failed - on every operation

CustomError: Client authentication failed at SellingPartner.refreshAccessToken (E:\Web Development Repos\sp-api\node_modules\amazon-sp-api\lib\SellingPartner.js:378:13) at processTicksAndRejections (internal/process/task_queues.js:93:5) at async SellingPartner._validateAccessTokenAndRoleCredentials (E:\Web Development Repos\sp-api\node_modules\amazon-sp-api\lib\SellingPartner.js:242:9) at async SellingPartner.callAPI (E:\Web Development Repos\sp-api\node_modules\amazon-sp-api\lib\SellingPartner.js:453:5) at async E:\Web Development Repos\sp-api\index.js:12:17 { code: 'invalid_client', type: 'error' }

We’re receiving this regardless of operation called. I’m guessing this means that there’s an issue with one of our environmental variables, but I’ve double checked everything.

Just to clarify: SELLING_PARTNER_APP_CLIENT_ID= this is the LWA client id? SELLING_PARTNER_APP_CLIENT_SECRET= this is the LWA client secret? AWS_ACCESS_KEY_ID= The access key ID from the IAM user? AWS_SECRET_ACCESS_KEY= the secret access key from the IAM user? AWS_SELLING_PARTNER_ROLE= This is the full ARN for the IAM role?

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 23 (8 by maintainers)

Most upvoted comments

Brilliant! It turns out our client did give us the refresh token from a different app. Thank you for all of your help!

+2
cs-pellsoftware on May 5, 2021

Hi @cs-pellsoftware,

the error happens when the client tries to receive an access_token via https://api.amazon.com/auth/o2/token inside the refreshAccessToken function by using the LWA credentials and the refresh_token. The error unauthorized_client here probably means that the refresh_token isn’t valid in combination with the LWA credentials. Are you sure you are using the correct refresh_token for the credentials or maybe still the old one?

+1
amz-tools on Apr 28, 2021

@amz-tools Hey again - we started over because I realized we entered the User ARN instead of the Role ARN in the app settings. We have now created a second App using the Role ARN. We kept the same User and Role, but have new LWA credentials and Refresh token.

We’re now receiving this error:

CustomError: Not authorized for requested operation at SellingPartner.refreshAccessToken (E:\Web Development Repos\sp-api\node_modules\amazon-sp-api\lib\SellingPartner.js:378:13) at processTicksAndRejections (internal/process/task_queues.js:93:5) at async SellingPartner._validateAccessTokenAndRoleCredentials (E:\Web Development Repos\sp-api\node_modules\amazon-sp-api\lib\SellingPartner.js:242:9) at async SellingPartner.callAPI (E:\Web Development Repos\sp-api\node_modules\amazon-sp-api\lib\SellingPartner.js:453:5) at async E:\Web Development Repos\sp-api\index.js:24:17 { code: 'unauthorized_client', type: 'error' }

This is a different error than what we received before. Let me know if you have any ideas

+1
cs-pellsoftware on Apr 28, 2021

Hi @cs-pellsoftware,

the first error is definetly an issue with the client id or client secret being incorrect. You are right that you have to use the complete client id, including the “amzn1.application-oa2-client.” part.

The second error is a step forward, it means that your configuration seems to be correct. This rather seems like an issue with the operation you are calling. Have you tried the getMarketplaceParticipations operation? That would be the easiest to test:

let res = await sellingPartner.callAPI({
  operation:'getMarketplaceParticipations'
});

Is that call working or do you receive the same error?

+1
amz-tools on Apr 21, 2021
Read more comments on GitHub
← znc-push: Can't get push to work; not receiving test messages
amazon-sp-api: Keep getting Unauthorized using sample requests →