Lazada Open Platform
Registration and Authorization process for newly registered ISVs
1. First register an open platform account
1.1 Registration link
https://open.lazada.com/apps/user/register?spm=a1zq7z.27197301.login_form.1.1db47c73kmujqv
1.2 Precautions for account registration
1.2.1 Registered Email and Password Conditions
a. The password needs English+number+symbol, and the symbol cannot use "!" "<" 、">";
b. The registered mailbox should not have a "+".
1.2.2 After registration, you need to fill in profile information first, and wait for review after submission
1.2.3 After the profile information is approved, the app can be created
a. There are two steps to create an app.
First, click Apply and wait for the approval before clicking Create App. After the approval, an app in test status will be automatically obtained;
Step 2: Click Create APP.
b. It is recommended to select ERP System or Seller in house APP. Their differences are as follows:
The number of authorized sellers is different: the default number of authorized sellers in the ERP system is 300, and can be increased according to the needs of the project;
The number of authorized sellers of the Seller in house APP is 20 by default, and the maximum number is 60;
Different authorization methods:
ERP System: for users who do not need to add white list of sellers;
Seller in house APP: for sellers who need to add white list.
You can find more details below
c. If the app of type seller in house is not whitelisted, the following error messages will appear
1.2.4 The newly created app is in test status
a. The APP is in the test status: the maximum call amount is ten thousand per days; The validity of the token is 7 days, and the validity of the refresh token is 14 days;
b. Online status: the maximum call volume is 10 million per day; The validity of the token is 30 days, and the validity of the refresh token is 180 days;
If you can ensure that the success rate of app calls is above 85%, you can apply for the app to go online.
C.offline: If you want to Offine the app, you can click manage>Apply offine on the app console
d. Delete: If you want to delete an app, you can only delete it in test status.
1.2.5 Retrieve App Key and App Secret
App Key is the unique identity of an application on Lazada Open Platform. The App Key is one of the parameters that must be included in the request of API calls, and the application will be identified with the App Key by Lazada Open Platform.
App Secret is the key that is assigned to an application by Lazada Open Platform, which ensures the security and reliability of the application source. You must keep the App Secret properly and should not share it with any third party.
Once your application is registered, the App Key and App Secret are assigned to the application automatically. You can view the App Key and App Secret or reset the App Key on the application overview page.
1. Open the home page of the open platform, click App Console, and enter App Management.
2. From the list of your applications, click Manage to open the overview page of an application.
3. Under the Advanced Information section, click View to view the App Secret of your application.
4. Click Reset to reset the App Secret of your application. For the Old Secret Expires In field, select the time (in hours) for the old App Secret to expire.After resetting the App Secret, you must update the related information in your application.
2. app authorization
2.1 Seller authorization introduction
https://open.lazada.com/apps/doc/doc?nodeId=10777&docId=108260
2.1.1 Concatenate authorization URL
Sample link for authorization:
https://auth.lazada.com/oauth/authorize?response_type=code&force_auth=true&redirect_uri=${app call back url}&client_id=${appkey}
Demo:
Authorization links need to be spliced by yourself. Using the above example of authorization links, replace "${appkey}" with app key, and replace "${app call back url}" with callback URL
2.1.2 uuid optional
If the uuid is not used during authorization, then the next step to generate access_ token, no uuid needs to be passed in the request parameters
2.1.4 Cross border authorization description
a. The authorization page Crossborder represents the authorized cross-border stores, and the tokens can call the APIs of six sites;
b. When you select Crossborder authorization, you need to ensure that stores in the six sub sites can log in; Otherwise, you can only use single site authorization.
2.1.5 Generate Token with Generated Code
Note: The code can only be used once. You need to call the GenerateAccessToken API to generate a token within half an hour of code generation
The following is an example of a test tool:
a. Click API Testing Tool
b.For users using the test tool, Malaysia can be selected as the region. No matter which country is selected when generating the authorization code in the previous step, Malaysia is selected as the region
Select Malaysia as the region (because there is only one service address of the GenerateAccessToken API https://auth.lazada.com/rest )
c. Pass in the code and uuid (if the uuid is not set in the authorization link, it will not should be filled in, otherwise an error will be reported)
d. Response Field Description
Country: on behalf of the authorized country;
refresh_ expires_ In: The expiration time of "refresh_token", in seconds (it will be refreshed when refreshing). If "refresh_token" expires, you need to re authorize the generation of a new token;
expires_ In: "access_token" expiration time, in seconds (when the token is refreshed, it will not be refreshed).
When the "access_token" fails, you can call the RefreshAccessToken API to refresh the token (it is recommended to refresh the token 48 hours in advance)
