How to Create an Access Token for the Galaxy Store Developer API Using Python

Jakia Sultana

Engineer, Samsung Developer Program

Samsung Galaxy device users can buy apps, games, themes, and watch faces from Galaxy Store. To support the developers of these apps for publishing, Samsung has created the Galaxy Store Seller Portal. It offers many features to distribute the content in Galaxy Store more easily. However, your workflows may need more frequent operations in app distribution. An automated system can make your app production and distribution system more efficient for this purpose. To address this, Samsung has introduced the Galaxy Store Developer API.

The Galaxy Store Developer API is a set of REST APIs. It allows you to use the key functions of Seller Portal without having to access the Seller Portal UI. You can perform all tasks related to app publishing and manage in-app items using these APIs. They also allow you to check the app statistics and customize the data however you want it. The Galaxy Store Developer API provides the following two types of APIs to automate your tasks:

  1. The Publishing and Item API allows you to publish your app and manage in-app items.

  2. The GSS (Galaxy Store Statistics) API allows you to get the statistics of your sales.

In this article, we will learn about how to create an access token using Python. Please go through this guide to know more about the access token API.

Get Started

In this example, I assume you already have a seller account in Galaxy Store. If not, then please go through the Galaxy Store Seller Portal User Guide and create a seller account.

The Galaxy Store Developer API uses the OAuth 2.0 server-to-server authentication method. Therefore, you must create an access token to call every API. Creating the access token is the first major step towards automating your app publishing. Since these are REST APIs, you can use any available method to communicate with them. We recommend you to use CURL to test these APIs, and you can find the CURL commands for each API in their respective guides. Nowadays many developers use Python to communicate with the Server APIs. So today, I am going to demonstrate how to implement the Galaxy Store Developer API using this language. We will post a series of blog articles on this topic in the near future.

The access token never expires, but it can be revoked or canceled. There are two prerequisites to create an access token. First, you have to create a service account and then, using this service account, you have to create a JSON Web Token (JWT).

Create a service account

The service account ID is required in every API call, so you must create it first. The service account is also required to create the JWT. Follow the steps below to get the service account ID from Seller Portal.

  1. Log in to Seller Portal.

  2. Click “Assistance > API Service.”

  3. Click “Create Service Account.”

  4. In the “Create Service Account” window, select the APIs that you want to use from this service account and click “Create.” As mentioned earlier, there are two types of Galaxy Store Developer APIs, Publishing and Item and GSS. You can select both if you need both services.

  5. In the “Service Account Created” window, click “Download Key” to save the private key to a file. This private key is needed to create a JWT.

  6. After creating an account, you can copy the account ID from the “Service Account ID” field.

Save the private key in a secure place and treat it like a password. You can read the Create Service Account guide to know more details about it.

Create a JSON Web Token

JWT is an open standard used to share security information between two parties—a client and a server. JWT is commonly used in authorization, and consists of three parts: Header, Payload, and Signature. You can create a JWT using a site which can generate the token by providing the required information. Check out the Create a JSON Web Token guide to know the steps of creating a JWT in this manner. Today, we will learn how to create a JWT programmatically using Python.


We need to install PyJWT, a Python library which allows you to encode and decode JSON Web Tokens. For more information, refer to the official documentation. To use the Galaxy Store Developer API, the RS256 encoding algorithm is required, so we need to install the cryptography library as well. This can be installed explicitly, or we can install PyJWT with the cryptography package as a dependency.

$ install pyjwt[crypto]

Create a JWT in Python

First, we have to import the required modules in a Python script.

# importing the jwt library to create JWT
import jwt
# importing the time library to work with time
import time
# importing the requests library
import requests

We need to provide the values of the following four attributes to create a JWT:

  • iss: The service account ID created in Seller Portal.

  • scopes: List of service account scope IDs. If you have created the service account ID for one API, then enter the scope ID of that API only. Otherwise include both scope IDs.

  • iat: The current time or the issuance time, using the Unix time format.

  • exp: JWT expiration time, not exceeding 20 minutes from the issuance time.

Let's create a dictionary to hold this data.

iat = round(time.time())
exp = iat + 1200
payload = {
"iss": "<your-service-account-id>",
"scopes": ["publishing", "gss"],
"iat": iat,
"exp": exp

The JWT has to be signed by the private key which we have created in the service account. We must use the RS256 encoding algorithm for signing the token. To create and sign the JWT, we call the encode() method and pass the payload, private key, and the name of algorithm.

private_key = """-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----"""

signed_jwt = jwt.encode(payload = payload, key = private_key, algorithm = "RS256")

We have now created the JWT successfully. The created JWT expires after 20 minutes. Next, we can create an access token using this JWT.

Request an access token

Finally, we can request an access token using the accessToken() API. First, define the URL of the accessToken() API.

# defining the API endpoint 

The following headers are required to request an access token.






Required. Must be "application/json"



Required. Use "Bearer <your-jwt>", where "<your-jwt>" is the JWT you just created for the service account.

Let’s create a dictionary using the syntax {key: value}. Here “key” is the attribute name and “value” is the header content. All the headers are case-insensitive.

# Authorization
Authorization = "Bearer " + signed_jwt
# Header to be sent to API
headers = { 
  'Authorization': Authorization

Now, send the post request and save the response as a response object.

response = = API_ENDPOINT, headers = headers)

# get the access token from the response object
data_shows = response.json()
accessToken = data_shows["createdItem"]["accessToken"]

We have now successfully received the access token. This access token has to be included in the authorization header of every Galaxy Store Developer API call. If you want to validate or revoke your access token then please check out the Validate an Access Token guide.


The access token is a prerequisite to call any Galaxy Store Developer API. You need to store this access token in a secure place so that it can’t be exposed to others. Today we have learned how to create a JWT for authorization and request an access token for the Galaxy Store Developer API using Python. We hope you found this article helpful.

If you want to learn more about Galaxy Store Developer API then go through the documentation. You can also ask questions in the Samsung Developer forum.

Blog articles in this series