Amazon Pay and Login with Amazon integration guide

Adding allowed JavaScript origins or allowed return URLs

By default, web browsers block JavaScript calls from one origin that try to call a script on another origin. To use an Amazon Pay or Login with Amazon button on your website, you must specify either Allowed JavaScript Origins or Allowed Return URLs to authorize interactions between your website and Amazon.

Allowed JavaScript origins

The Login with Amazon SDK for JavaScript allows calls from other origins if they are specified as part of an application. Adding a domain to the Allowed JavaScript Origins field allows the SDK for JavaScript to communicate with a website directly during the login process and to present a pop-up for the buyer when they are signing in.

Note: The Amazon Pay button widget includes a pop-up parameter. To enable signing in via a pop-up, this parameter must be set to popup:true.

Setting up for the Sandbox environment

When you are testing in the Sandbox environment on localhost, you don't need an SSL certificate and can use the http protocol (http://localhost).

Setting up for the Production environment

For the Production environment, the JavaScript origin is your website URL, which is a combination of protocol, domain, and the port where your JavaScript calls originate (for example: https://www.example.com:8443). In the Production environment, allowed origins must use the HTTPS protocol. If you are using a standard port (port 443), you need only include the domain name (for example, https://www.example.com).

Allowed return URLs

An allowed return URL is an address to a website that makes HTTPS calls to the Login with Amazon authorization service. The Login with Amazon authorization service redirects users to this URL when they complete login.

Note: The Login and Pay with Amazon button widget includes a pop-up parameter. To enable a redirect, this parameter must be set to "popup:false."

Setting up for the Sandbox environment

When you are testing in the Sandbox environment on localhost, you don't need an SSL certificate and can use the http protocol (http://localhost/testRedirect.html).

Setting up the Production environment

In the Production environment, enter the redirect_uri that you want your buyers to be returned to after they have signed in. The Allowed Return URL must use the HTTPS protocol and include the protocol, domain, path, and query strings (for example, https://www.example.com/login.php).

Setting allowed JavaScript origins or allowed return URLs

  1. Sign in to your Seller Central account, and then choose Login with Amazon from the Marketplace Switcher drop-down list near the top of the page.
  2. In the Web Settings section, click the Edit button.
  3. In either the Allowed JavaScript Origins field or the Allowed Return URLs field, enter the requested information.
  4. If you want to add another Allowed JavaScript Origins or Allowed Return URLs field, click the applicable Add Another link, and then enter information in the field that appears.
  5. When you have finished entering information, click Save.

For a detailed explanation of these options and to learn more about registering an application with Login with Amazon, see "Step 1: Register Your Application" in the Login with Amazon Getting Started for Web guide.


Copyright © 2009-2017 Amazon.com, Inc. or its affiliates. Amazon and Amazon.com are registered trademarks of Amazon.com, Inc. or its affiliates. All other trademarks are the property of their respective owners.