question

TrevorNicholls avatar image
TrevorNicholls asked

INVALID_SCOPE requesting Access Token

I'm requesting an access token from a PHP script on a web server.

This is the code for my HTTP request.

$headers = ['Content-Type:application/x-www-form-urlencoded;charset=UTF-8'];


$body = [
	"grant_type" => "client_credentials",
	"scope" => "messaging:push",
	"client_id" => AMAZON_CLIENT_ID,
	"client_secret" => AMAZON_CLIENT_SECRET
];


$body = http_build_query($body);


ChromePhp::log($body);


$url_opts = [
    CURLOPT_HTTPHEADER => $headers,
    CURLINFO_HEADER_OUT => true,
	CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => $body,
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_RETURNTRANSFER => true
];


//$request = curl_init('localhost/fake-api.php');
$request = curl_init(AMAZON_TOKEN_SERVER);
curl_setopt_array($request, $url_opts);
$result = curl_exec($request);
ChromePhp::log(curl_getinfo($request));
curl_close($request);

ChromePhp::log($result);

If I change the other parameters in the body to cause intentional errors I get an error message from the Amazon API server that relates to the incorrect value. But with the correct values in place and messaging:push for the scope I still get INVALID_SCOPE returned.

I used the commented out localhost/fake-api to test that all the POST fields are transmitting correctly.

My android app is in early development, so is not submitted in "my app's". But I have created a security profile and added an android API_KEY. This worked OK and my android app on a Kindle Fire has registered and saved its registration ID on the web server's database. The Client_ID and Secret I'm using are from the same security profile

Any help is much appreciated.

amazon device messagingapi
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Levon@Amazon avatar image
Levon@Amazon answered

Hi there,

For this to work, you need to submit your application to Developer Portal, and after that please enable ADM settings for that app to start receiving messages.

Login to your Dev Portal account, select your app in the Dashboard, click on the Device Messaging link, then choose your security profile from the drop down box to enable ADM for this app. Normally upon success you should see this:

Device Messaging

Device Messaging successfully enabled for Security Profile

Security Profile successfully linked to app

If you do not enable ADM, any server requests to send messages to the app will fail. Please give it a try and let us know if it worked. Thanks!

3 comments
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

TrevorNicholls avatar image TrevorNicholls commented ·

Okay, I've started the submission process for the app. I see now that I don't need to complete the submission before I could enable Device Messaging. My PHP script has now successfully received a token. Thanks you.

1 Like 1 ·
TrevorNicholls avatar image TrevorNicholls commented ·

Hi, I got the impression from the documentation that it was possible to test this functionality before submitting a completed app. My app is still a way from launching, so I'm assuming would be rejected if I tried to submit now. Also there are required fields for support website and phone that I haven't finished sorting out yet. Have I misunderstood and can I submit an unfinished (early stage) app on the console? Thanks.

0 Likes 0 ·
Levon@Amazon avatar image Levon@Amazon ♦ TrevorNicholls commented ·

I'm glad it worked! And yes, you can submit an unfinished app in draft state, and the support info and privacy links are optional. Thanks!

0 Likes 0 ·