This section describes how to edit the DSN configuration and then authenticate and connect to Amazon Marketplace APIs.

DSN Configuration

You can use the Microsoft ODBC Data Source Administrator to edit the DSN configuration. Note that the installation process creates a both a user DSN and a system DSN, as described in Installing the Connector.

Note: The connector stores connection information in the Windows registry. To ensure that the connector can write to the registry, either run Power BI as an administrator or use a User DSN for your connection instead of a System DSN.

User DSN

Complete the following steps to edit the DSN configuration:

1. Select Start > Search, and enter ODBC Data Sources in the Search box.
2. Choose the version of the ODBC Administrator that corresponds to the bitness of your Power BI Desktop installation (32-bit or 64-bit).
3. Select the system data source and click Configure.
4. Edit the information on the Connection tab and click OK.

System DSN

Configure the system DSN the same way as the user DSN, except you will need to switch to the System DSN tab before performing Step 3.

If you're using Power BI's On-Premises Data Gateway with Standard mode, you must use the system DSN.

You must also specify a valid location for OAuthSettingsLocation (a path where OAuth credentials are locally stored to avoid repeated OAuth prompts) and CredentialsLocation (a path where the MFA credentials file is locally stored).

This is because the Standard mode runs on service mode and can only access permitted locations, such as C:\Windows\ServiceProfiles\PBIEgwService\AppData\Local\Microsoft\On-premises data gateway.

Connecting to Amazon Marketplace

The following properties are required:

• Schema: Set this to SellerCentral.
• InitiateOAuth: Set this to GETANDREFRESH.
• Marketplace: Set this to the Marketplace region that you are registered to sell in.

Authenticate to Amazon Marketplace

OAuth

Amazon Marketplace uses the OAuth authentication standard.

To authenticate using OAuth, you must either use the embedded application or create a new custom OAuth app. The embedded application supports desktop applications and headless machines. Web applications require that you create a custom OAuth application.

You can use a custom OAuth application to authenticate with a service account or a user account. See Creating a Custom OAuth App for more information.

Downloading Embedded Credentials

Because Amazon Marketplace requires that embedded credentials rotate every six months, CData credentials are hosted on oa.cdata.com. If you do not specify custom credentials, the embedded credentials are downloaded from our web service and saved in the location specified in OAuthClientLocation by default. NOTE: Make sure your firewall does not block oa.cdata.com.

Desktop Apps

You can use the embedded application or create a custom OAuth application. The key difference is that you must set additional connection properties if you use a custom application.

Get and Refresh the OAuth Access Token

After setting the following, you are ready to connect:

• Marketplace: Set this to the Marketplace region that you are registered to sell in.
• AppId: Set this to the application Id for the Selling Partner application you created.
• Schema: Set this to SellerCentral to connect to Seller Central API.
• AWSAccessKey: This is the Access Key tied to the AWS user that is associated with the OAuthClientId.
• AWSSecretKey: This is the Secret Key tied to the AWS user that is associated with the OAuthClientId.
• OAuthClientId (custom applications only): Set this to the client Id assigned when you registered your app.
• OAuthClientSecret (custom applications only): Set this to the client secret assigned when you registered your app.

When you connect the connector opens the OAuth endpoint in your default browser. Log in and grant permissions to the application.

Headless Machines

To configure the driver, use OAuth with a user account on a headless machine. You need to authenticate on another device that has an internet browser with a user account or serviced account.

1. Choose one of these two options:
   • Option 1: Obtain the OAuthVerifier value as described in "Obtain and Exchange a Verifier Code" below.
   • Option 2: Install the connector on another machine and transfer the OAuth authentication values after you authenticate through the usual browser-based flow, as described in "Transfer OAuth Settings" below.

2. Then configure the connector to automatically refresh the access token from the headless machine.

Option 1: Obtain and Exchange a Verifier Code

Follow these steps to authenticate from another machine and obtain the OAuthVerifier connection property:

1. Choose one of these options:
   • If you are using the Embedded OAuth Application, call the GetOAuthAuthorizationURL stored procedure. Open the URL returned by the stored procedure in a browser.
   • If you are using a custom OAuth application, set the following properties:
     • InitiateOAuth: Set this to OFF.
     • OAuthClientId (custom applications only): Set this to the Client Id in your application settings.
     • OAuthClientSecret (custom applications only): Set this to the Client Secret in your application settings.

       Then call the GetOAuthAuthorizationURL stored procedure with the appropriate CallbackURL. Open the URL returned by the stored procedure in a browser.

2. Log in and grant permissions to the connector. You are then redirected to the callback URL, which contains the verifier code as the value for 'spapi_oauth_code'. Save the value of the verifier code. You must set this in the OAuthVerifier connection property later.

Next, you need to exchange the OAuth verifier code for OAuth refresh and access tokens.

On the headless machine, set the following connection properties to obtain the OAuth authentication values:

• OAuthClientId (custom applications only): Set this to the consumer key in your application settings.
• OAuthClientSecret (custom applications only): Set this to the consumer secret in your application settings.
• OAuthVerifier: Set this to the verifier code.
• OAuthSettingsLocation: Set this to persist the encrypted OAuth authentication values to the specified location.
• InitiateOAuth: Set this to REFRESH.

After the OAuth settings file is generated, set the following properties to connect to data:

• OAuthClientId (custom applications only): Set this to the consumer key in your application settings.
• OAuthClientSecret (custom applications only): Set this to the consumer secret in your application settings.
• OAuthSettingsLocation: Set this to the location containing the encrypted OAuth authentication values. Make sure this location gives read and write permissions to the provider to enable the automatic refreshing of the access token.
• InitiateOAuth: Set this to REFRESH.
• Marketplace: Set this to the Marketplace region that you are registered to sell in.
• Schema: Set this to SellerCentral to connect to Seller Central API.
• AppId: Application Id for Selling Partner application you created.
• AWSAccessKey: This is the Access Key tied to the AWS user that is associated with the OAuthClientId.
• AWSSecretKey: This is the Secret Key tied to the AWS user that is associated with the OAuthClientId.

Option 2: Transfer OAuth Settings

Follow the steps below to install the connector on another machine, authenticate, and then transfer the resulting OAuth values.

On a second machine, install the connector and connect with the following properties set:

• OAuthSettingsLocation: Set this to a writable location.
• OAuthClientId (custom applications only): Set this to the client Id assigned when you registered your app.
• OAuthClientSecret (custom applications only): Set this to the client secret assigned when you registered your app.

Test the connection to authenticate. The resulting authentication values are encrypted and written to a file located in the path specified by OAuthSettingsLocation. After you have successfully tested the connection, copy the OAuth settings file to your headless machine. On the headless machine, set the following connection properties to connect to data:

• InitiateOAuth: Set this to REFRESH.
• OAuthClientId (custom applications only): Set this to the consumer key in your application settings.
• OAuthClientSecret (custom applications only): Set this to the consumer secret in your application settings.
• OAuthSettingsLocation: Set this to the location of your OAuth settings file. Make sure this location gives read and write permissions to the connector to enable the automatic refreshing of the access token.
• Marketplace: Set this to the Marketplace region that you are registered to sell in.
• Schema: Set this to SellerCentral to connect to Seller Central API.
• AppId: Application Id for Selling Partner application you created.
• AWSAccessKey: This is the Access Key tied to the AWS user that is associated with the OAuthClientId.
• AWSSecretKey: This is the Secret Key tied to the AWS user that is associated with the OAuthClientId.