The Galaxy Store Developer API, a set of APIs that consists of the Content Publish API, IAP APIs, and GSS Metric API, uses the OAuth 2.0 server-to-server authentication method. This means you must create an access token.
An access token allows you to use the Galaxy Store Developer API and is sent in the authorization header of every API call. It defines the scope (which APIs you can call) and can only be used from a valid service account. The access token never expires, but it can be revoked or cancelled. See Use the Access Token for more information about how to use the access token.
The following steps are required to create an access token:
sequenceDiagram
participant Server
participant Galaxy Store Server
Server->>+Galaxy Store Server: User login
rect rgb(162,195,249)
Server->>+Galaxy Store Server: 1. Create service account
Galaxy Store Server-->>+Server: ID and private key
Note left of Server: 2. Create JWT
Server->>+Galaxy Store Server: 3. Request access token
Note right of Galaxy Store Server: Verify JWT
Galaxy Store Server-->>+Server: Access token
end
Server->>+Galaxy Store Server: Call APIs
Create a service account
When you create the account, you must specify the scope of the API to be used. Only those APIs within the specified scope can be used. After you create an account, you are issued an ID and key pair of the account. The ID and private key are used to create the JSON Web Token (explained in the next section).
From the Service account created window, click Download Key to save the private key to a file.
WarningThe private key is NOT stored in Seller Portal. After you close this window, you will not be able to display it again.
The private key is used to identify your app and sign your JSON Web Token. If you do not save it or lose it before creating a JWT, you must create another service account to generate a new one.
Save the file in a secure place (not on a public/shared system) and treat it like a password.
After creating an account, copy the Service Account ID which is used to create the JSON Web Token (JWT).
You can create and use up to five service accounts.
Create a JSON Web Token
A JSON Web Token (JWT) is created from a header and registered claims which are encoded and then signed by the private key you created in the service account. You can create a JWT by providing a header and registered claims to a site that generates the token or programmatically using a JavaScript JWT library.
Header
The header consists of the encoding algorithm and token type. To use the Galaxy Store Developer APIs, you must use the RS256 encoding algorithm and JWT token type.
{
"alg": "RS256",
"typ": "JWT"
}
Registered claims
Registered claims are predefined attributes for which you provide values. To use the Galaxy Store Developer APIs, provide the following claims:
Name
Description
iss
Service account ID created in Seller Portal.
scopes
List of service account scope IDs. You can only include the scope IDs of the services that are configured for the service account. For example, if you only selected GSS when configuring the service account in Seller Portal, you should only specify gss for this attribute.
publishing: The service account was created with the Publishing & ITEM service which allows the use of the Content Publish and IAP APIs.
gss: The service account was created with the GSS service which allows the use of the GSS Metric API.
iat
The current or issuance time, using the UNIX time standard.
For example, 1719839022 (July 24, 2024, 06:03:42)
exp
JWT expiration time, not exceeding 20 minutes from the issuance time.
For example, 1719840222 (July 24, 2024, 06:23:42)
Create a JWT using a private site
A site, such as jwt.io, provides an interface which allows you to generate a JWT. Select RS256 as the encoding algorithm and input the payload (claim) and signatures. For example, you might enter the following for the payload:
Finally, request an access token from the Galaxy Store authentication server using the accessToken API. If the token request specifies a scope that is beyond the scope of usage of the service account, the server returns an error.
Request
POST /auth/accessToken
The following header is required to request an access token.
Attribute
Type
Description
content-type
string
Required. Must be application/json
Authorization
string
Required. Use Bearer <your-jwt> where <your-jwt> is the JWT you just created for the service account.
Incorrect authentication information or no authentication information was provided.
NO_PERMISSION
403
The scope you entered is not available for this service account.
REQUEST_VALIDATION_FAILED
422
This JWT is not valid.
Manage Your Cookies
We use cookies to improve your experience on our website and to show you relevant
advertising. Manage you settings for our cookies below.
Essential Cookies
These cookies are essential as they enable you to move around the website. This
category cannot be disabled.
Company
Domain
Samsung Electronics
.samsungdeveloperconference.com
Analytical/Performance Cookies
These cookies collect information about how you use our website. for example which
pages you visit most often. All information these cookies collect is used to improve
how the website works.
Company
Domain
LinkedIn
.linkedin.com
Meta (formerly Facebook)
.samsungdeveloperconference.com
Google Inc.
.samsungdeveloperconference.com
Functionality Cookies
These cookies allow our website to remember choices you make (such as your user name, language or the region your are in) and
tailor the website to provide enhanced features and content for you.
Company
Domain
LinkedIn
.ads.linkedin.com, .linkedin.com
Advertising Cookies
These cookies gather information about your browser habits. They remember that
you've visited our website and share this information with other organizations such
as advertisers.
Company
Domain
LinkedIn
.linkedin.com
Meta (formerly Facebook)
.samsungdeveloperconference.com
Google Inc.
.samsungdeveloperconference.com
Preferences Submitted
You have successfully updated your cookie preferences.