Developer Console
Sign In
Sign In
Developer Console

Mobile App Entry

Overview

The Scan Key Code is a two- dimensional QR code that you, as a customer, can use in your mobile apps to authenticate shoppers in your store. The Scan Key Code works in conjunction with the Amazon integration layer. Your mobile app will include a Scan Key screen that will generate Scan Key Codes. Shoppers will use this generated code to authenticate at the JWO gate. When the shopper navigates to the Scan Key screen, your mobile app sends a request to your backend service to request a Recognition Token.

If the shopper doesn’t meet the prerequisites you have defined, the app should ask them to resolve those conditions before generating a Scan Key Code. Once all of your pre-validations pass successfully, you should generate a new Scan Key Code and display it on your mobile app’s Scan Key screen.

Examples of the types of prerequisites you can consider:

  • Ensuring the shopper has a valid payment method selected.
  • Making sure the shopper has not exceeded your fraud threshold.

  • Ensuring the shopper’s card has not expired.

  • The Scan Key Code and Identity Connector work together to give you granular control over who you allow into your store to shop using Amazon’s JWO technology

QR code spec


Design considerations

Scancode generation

You must also make the following validations before generating a Scan Key Code:

  • Ensure the payload only contains alphanumeric characters.
  • Verify the Scan Key Code’s timestamp is not older than 30 to 90 seconds from the scan timestamp you received in your Identity Connector’s authEvent.timestamp field
  • Ensure your Customer Prefix is correct.
  • Ensure the Recognition Token maps to a valid recognition record in the database.
  • Check to see if you have flagged the shopper’s account for any reason.
  • Perform whatever validations you need to on your Custom Customer Information data if you chose to include information in this field.

Scancode validations

Before handing the Scan Key Code payload to your Identity Connector, Amazon will:

  • Ensure the payload only contains alphanumeric characters.
  • Check that the payload is a minimum of 49 characters long (no custom customer information) and a maximum of 154 characters long (includes custom customer information).
  • Look at the first three characters in the payload and verify that they are JWO.
  • Ensure the characters from position 4 to position 7 match your Customer Prefix.
  • Check the Recognition Token field to make sure it is 32 characters long.
  • Look at the _Scan Key Timestamp and make sure it is an integer.
  • Check the Custom Customer Information and make sure it doesn’t exceed the maximum length of 105 characters.

Latency

When you check the Scan Key Code’s timestamp, we recommend including a 15-second buffer to account for network delays. For example, if you chose to refresh your Scan Key Codes every 30 seconds, you would check that each Scan Key Code timestamp is greater than authEvent.timestamp - 30 seconds - 15 seconds and less than authEvent.timestamp + 15 seconds

For the Scan Key Code functionality to work correctly and provide a great shopper experience, you must provide an SLA based on your contract for processing Scan Key Codes at the JWO gate. You also must ensure that requests to your Identity Connector for Scan Key Code validation return within 2 seconds

Idempotency

You must ensure that all calls to your Identity Connector are idempotent. Amazon may send multiple requests for the same shopper scan to your Identity Connector. Your Identity Connector should always respond the same way regardless of how many times Amazon makes the same request.