文档中心 > Lazada Open Platform

Seller authorization introduction

更新时间:2022/07/11 访问次数:6765

If your application needs to access the business data of Lazada sellers (like product and order information) through Lazada Open Platform, you need to get the authorization from sellers, that is, the “Access Token” required for accessing the sellers’ data. You need to guide the sellers to complete the flow of “using Lazada seller account to log in and authorize the application”. This process uses the international OAuth2.0 standard protocol for user authentication and authorization.

Lazada Open Platform adopts the “Code for token” mode, described as follows.

Service address

Environment Service address
Central: for all countries (SG/MY/TH/VN/ID/PH) https://auth.lazada.com/rest

Authorization steps

The figure below shows the authorization steps:
image | center

1. Concatenate authorization URL

Sample link for authorization:

https://auth.lazada.com/oauth/authorize?response_type=code&force_auth=true&redirect_uri=${app call back url}&client_id=${appkey}

Note that the “client_id” and “redirect_uri” should be replaced with the ones of your own application.

The following table lists the parameters and their description.

Parameter Required? Value Parameter
client_id Yes The App Key of your application, assigned by Lazada Open Platform.
redirect_uri Yes The callback URL you provided when creating the application. The “redirect_uri” is used for receiving the code when a seller completes the authorization. It must be the same with the callback URL you provided when creating the application on Lazada Open Platform.
response_type Yes code The authorization type, with the value of “code”.
force_auth No true Refresh the web browser cookie for a new authorization session.
state No Customizable, like 1212. The status of the application; the same for input and response.
uuid No This field is currently unavailable, please do not use it, otherwise an error will be reported.
country No sg,my,th,vn,ph,id,cb Specify the options of countries that are available in the “Country” drop-down list. For example, specifying “country=sg” means that only “Singapore” is available for choose; specifying “cb” means that the authorization is for “Crossborder” sellers only. Multiple values can be separated by comma. By default, all countries are listed.

2. Guide sellers to authorize

Guide a seller to open the above authorization URL through the web browser. The following window with the login panel is displayed. The permissions to be granted to the application after the authorization are listed on the left. The seller selects the country, enters seller account and password, and clicks the “Sign in And Authorize” button to complete the authorization of the application.

Note:
For Cross Border sellers, you only need to authorize once for all the 6 ventures. Take the following steps to complete the authorization:
1. Select “Crossborder” from the Country dropdown list.
2. Authorize using the seller account and password for the MY site.
3. Use the code returned to the callback URL to get the access token. This access token can be used for all 6 ventures.

See the screen capture below.

20180204220608.png | center | 830x433

3. Retrieve authorization code

After the seller completes the authorization, Lazada Open Platform will return the authorization code to the callback URL address. Your application can retrieve the code and use it to get the Access Token. The sample authorization code is shown below.

code.png | center | 561x36
Note: Note: The authorization code is valid for half an hour and can only be used once. Once it expires, it needs to be re-authorized

4. Get the access_token

Use the /auth/token/create API to get the Access Token (access_token).

Code sample:

LazopClient client = new LazopClient("https://api.lazada.com/rest", "${appkey}", "${app_secret}");
LazopRequest request = new LazopRequest("/auth/token/create");
request.addApiParam("code", "0_TryzT8Vd9T1pwS7VWZ2qlMOS5");
LazopResponse response = client.execute(request);
System.out.println(response.getBody());

5. Save the token

The access token will expire in a specific period (expires_in). Before it expires, the seller does not need to authorize the application again. You need to save the latest token properly.

6. Sample of the token

Notes:
1. The “access_token” and “refresh_token” in this sample are for reference only.
2. For cross border sellers, the returned access token can be used for multiple sites. Therefore, the “country_user_info” section contains multiple country values.

{
	"access_token": "50000601c30atpedfgu3LVvik87Ixlsvle3mSoB7701ceb156fPunYZ43GBg",
	"refresh_token": "500016000300bwa2WteaQyfwBMnPxurcA0mXGhQdTt18356663CfcDTYpWoi",
	"country": "cb",
	"refresh_expires_in": 259200,
	"account_platform": "seller_center",
	"expires_in": 259200,
	"account": "xxx@126.com"
    "country_user_info":
    [
    	{
    	 	"country":"sg",
          	"seller_id": "1001",
          	"user_id": 10101
    	},
    	{
    	 	"country":"my",
          	"seller_id": "2001",
          	"user_id": 20101
    	}
    ]
}

The following table lists the parameters in the token and their description.

Key
Type
Sample
Description
access_token
string
50000601c30atpedfgu3LVvik87Ixlsvle3mSoB7701ceb156fPunYZ43GBg
Access token.
refresh_token
string
500016000300bwa2WteaQyfwBMnPxurcA0mXGhQdTt18356663CfcDTYpWoi
Refresh token, used to refresh the token when “refresh_expires_in”>0.
expires_in
number
25920 (expires in 25920 seconds)
The expiring time of the access token, in seconds. For APPs in "Test" status, the value is 7 days. For APPs in "Online" status, the value is 30 days.
refresh_expires_in
number
25920 (expires in 25920 seconds)
The expiring time of the refresh token. For APPs in "Test" status, the value is 30 days. For APPs in "Online" status, the value is 180 days.
country
string
sg
The country ID (sg: Singapore, my: Malaysia, ph: Philippines, th: Thailand, id: Indonesia, vn: Vietnam).
account_id
string
706388888
User ID, which can be ignored when “account_platform” = “seller_center”.
account
string
User account.
account_platform
string
seller_center
User platform, supporting multiple platforms.
country_user_info
json
[
	{
      	"country":"sg",
      	"seller_id": "1001",
      	"user_id": 10101
	},
	{
      	"country":"my",
      	"seller_id": "2001",
      	"user_id": 20101
	}
]
Matching with the parent field “country”.
if(country != 'cb'){
	for(userInfo user_info : country_user_info){ 
		if(user_info.country==country){
			get user_info.user_id;
			get user_info.seller_id;
			break;
		}
	}
} elseif(country != 'cb'){
	for(userInfo user_info : country_user_info){ 
		get user_info.user_id;
		get user_info.seller_id; 
	}
}

Refresh authorization steps

1. Use “/auth/token/refresh” to refresh the access token

See the following code sample.

LazopClient client = new LazopClient("https://api.lazada.com/rest", "${appkey}", "${app_secret}");
LazopRequest request = new LazopRequest("/auth/token/refresh");
request.addApiParam("refresh_token", "50000601c30atpedfgu3LVvik87Ixlsvle3mSoB7701ceb156fPunYZ43GBg");
LazopResponse response = client.execute(request);
System.out.println(response.getBody());

The returned data structure by “/auth/token/refresh” is the same with that by getting the access token with authorization code. You will get new “access_token” and “refresh_token”. You must save the latest “refresh_token” for getting the new “access_token”. Note that the duration of the access token will be reset, but the duration of the refresh token will not be reset. After the refresh token expires, sellers need to re-authorize your application to generate new access token and refresh token.

Usage notes

  1. Sellers do not need to authorize again before the token expires.
  2. If “refresh_expires_in” = 0, the access token cannot be refreshed. Only when “refresh_expires_in” > 0, you can call the /auth/token/refresh API to refresh the access token.
  3. If token needs to be refreshed, it is recommended to refresh it 30 minutes before the token expires.

FAQ

关于此文档暂时还没有FAQ
返回
顶部