zero-to-prod / spapi-tokens-cli
A CLI for getting a Restricted Data Token (RDT) for Amazon Selling Partner API (SPAPI).
Fund package maintenance!
Github
Requires
- php: >=8.1
- ext-json: *
- symfony/console: ^7.2
- zero-to-prod/data-model: ^81.9
- zero-to-prod/package-helper: ^1.1.3
- zero-to-prod/spapi-lwa: ^4.0
- zero-to-prod/spapi-tokens: ^2.0
Requires (Dev)
- phpunit/phpunit: <12.0
README
Contents
- Introduction
- Requirements
- Installation
- Documentation Publishing
- Usage
- Docker Image
- Local Development
- Image Development
- Contributing
Introduction
A CLI for getting a Restricted Data Token (RDT) for Amazon Selling Partner API (SPAPI).
Requirements
- PHP 8.1 or higher.
Installation
Install Zerotoprod\SpapiTokensCli via Composer:
composer require zero-to-prod/spapi-tokens-cli
This will add the package to your project's dependencies and create an autoloader entry for it.
Documentation Publishing
You can publish this README to your local documentation directory.
This can be useful for providing documentation for AI agents.
This can be done using the included script:
# Publish to default location (./docs/zero-to-prod/spapi-tokens-cli) vendor/bin/zero-to-prod-spapi-tokens-cli # Publish to custom directory vendor/bin/zero-to-prod-spapi-tokens-cli /path/to/your/docs
Automatic Documentation Publishing
You can automatically publish documentation by adding the following to your composer.json:
{
"scripts": {
"post-install-cmd": [
"zero-to-prod-spapi-tokens-cli"
],
"post-update-cmd": [
"zero-to-prod-spapi-tokens-cli"
]
}
}
Usage
Run this command to see the available commands:
vendor/bin/spapi-tokens-cli list
Available Commands
spapi-tokens-cli:src
Displays the project's GitHub repository URL.
Usage:
vendor/bin/spapi-tokens-cli spapi-tokens-cli:src
Arguments: None
Example:
vendor/bin/spapi-tokens-cli spapi-tokens-cli:src
Output:
https://github.com/zero-to-prod/spapi-tokens-cli
spapi-tokens-cli:rdt
Get a Restricted Data Token (RDT) for restricted resources using an existing access token.
Usage:
vendor/bin/spapi-tokens-cli spapi-tokens-cli:rdt <access_token> <path> <dataElements> <targetApplication> [options]
Arguments:
access_token(required): The access token to get a restricted resourcepath(required): The path in the restricted resourcedataElements(required): Comma separated list of data elements. Indicates the type of Personally Identifiable Information requestedtargetApplication(required): The application ID for the target application to which access is being delegated
Options:
--user_agent: User Agent (optional)--response: Returns the full response--expiresIn: The expiresIn value for the restrictedDataToken
Example:
vendor/bin/spapi-tokens-cli spapi-tokens-cli:rdt \ "Atza|IwEBIExampleAccessToken" \ "/orders/v0/orders/123-4567890-1234567/buyerInfo" \ "buyerInfo" \ "amzn1.sp.solution.12345678-1234-1234-1234-123456789012"
Example Response (default - token only):
Atzr|IwEBIB6MHXJl5sLqTf_3n2e7TJQ4a3X7hZ2Y9k8N3F1R6Q5E4P2A9S8D7G6H5J4K3L2M1
Example Response (with --response flag):
{
"response": {
"restrictedDataToken": "Atzr|IwEBIB6MHXJl5sLqTf_3n2e7TJQ4a3X7hZ2Y9k8N3F1R6Q5E4P2A9S8D7G6H5J4K3L2M1",
"expiresIn": 3600
},
"info": {
"http_code": 200
}
}
Example Response (with --expiresIn flag):
3600
spapi-tokens-cli:rdt-from-token
Get a Restricted Data Token (RDT) for restricted resources from a refresh token. This command first exchanges the refresh token for an access token, then uses that access token to obtain the RDT.
Usage:
vendor/bin/spapi-tokens-cli spapi-tokens-cli:rdt-from-token <refresh_token> <client_id> <client_secret> <path> <dataElements> <targetApplication> [options]
Arguments:
refresh_token(required): The LWA refresh tokenclient_id(required): Get this value when you register your applicationclient_secret(required): Get this value when you register your applicationpath(required): The path in the restricted resourcedataElements(required): Comma separated list of data elements. Indicates the type of Personally Identifiable Information requestedtargetApplication(required): The application ID for the target application to which access is being delegated
Options:
--user_agent: User Agent (optional)--response: Returns the full response--expiresIn: The expiresIn value for the restrictedDataToken
Example:
vendor/bin/spapi-tokens-cli spapi-tokens-cli:rdt-from-token \ "Atzr|IwEBIExampleRefreshToken" \ "amzn1.application-oa2-client.12345678901234567890123456789012" \ "your-client-secret-here" \ "/orders/v0/orders/123-4567890-1234567/buyerInfo" \ "buyerInfo" \ "amzn1.sp.solution.12345678-1234-1234-1234-123456789012"
Example Response (default - token only):
Atzr|IwEBIB6MHXJl5sLqTf_3n2e7TJQ4a3X7hZ2Y9k8N3F1R6Q5E4P2A9S8D7G6H5J4K3L2M1
Example Response (with --response flag):
{
"response": {
"restrictedDataToken": "Atzr|IwEBIB6MHXJl5sLqTf_3n2e7TJQ4a3X7hZ2Y9k8N3F1R6Q5E4P2A9S8D7G6H5J4K3L2M1",
"expiresIn": 3600
},
"info": {
"http_code": 200
}
}
Example Response (with --expiresIn flag):
3600
Example Error Response (invalid credentials):
{
"response": {
"error": "invalid_client",
"error_description": "Client authentication failed"
},
"info": {
"http_code": 401
}
}
spapi-tokens-cli:rdt-from-scope
Get a Restricted Data Token (RDT) for restricted resources from a scope using client credentials. This command uses client credentials flow to obtain an access token, then uses that access token to obtain the RDT.
Usage:
vendor/bin/spapi-tokens-cli spapi-tokens-cli:rdt-from-scope <scope> <client_id> <client_secret> <path> <dataElements> <targetApplication> [options]
Arguments:
scope(required): The LWA scope for the client credentials flowclient_id(required): Get this value when you register your applicationclient_secret(required): Get this value when you register your applicationpath(required): The path in the restricted resourcedataElements(required): Comma separated list of data elements. Indicates the type of Personally Identifiable Information requestedtargetApplication(required): The application ID for the target application to which access is being delegated
Options:
--user_agent: User Agent (optional)--response: Returns the full response--expiresIn: The expiresIn value for the restrictedDataToken
Example:
vendor/bin/spapi-tokens-cli spapi-tokens-cli:rdt-from-scope \ "sellingpartnerapi::notifications" \ "amzn1.application-oa2-client.12345678901234567890123456789012" \ "your-client-secret-here" \ "/orders/v0/orders/123-4567890-1234567/buyerInfo" \ "buyerInfo" \ "amzn1.sp.solution.12345678-1234-1234-1234-123456789012"
Example Response (default - token only):
Atzr|IwEBIB6MHXJl5sLqTf_3n2e7TJQ4a3X7hZ2Y9k8N3F1R6Q5E4P2A9S8D7G6H5J4K3L2M1
Example Response (with --response flag):
{
"response": {
"restrictedDataToken": "Atzr|IwEBIB6MHXJl5sLqTf_3n2e7TJQ4a3X7hZ2Y9k8N3F1R6Q5E4P2A9S8D7G6H5J4K3L2M1",
"expiresIn": 3600
},
"info": {
"http_code": 200
}
}
Example Response (with --expiresIn flag):
3600
Example Error Response (invalid scope):
{
"response": {
"error": "invalid_scope",
"error_description": "The scope sellingpartnerapi::notifications is not valid for this application"
},
"info": {
"http_code": 400
}
}
Docker Image
You can also run the cli using the docker image:
docker run --rm davidsmith3/spapi-tokens-cli
Contributing
Contributions, issues, and feature requests are welcome! Feel free to check the issues page if you want to contribute.
- Fork the repository.
- Create a new branch (
git checkout -b feature-branch). - Commit changes (
git commit -m 'Add some feature'). - Push to the branch (
git push origin feature-branch). - Create a new Pull Request.