Update to LWA credentials rotation deadline

On February 6, 2023, we announced that you must rotate your Login With Amazon (LWA) credentials (client secrets) for all applications every 180 days. After gathering feedback from developer partners worldwide, we have extended the deadline to rotate LWA credentials older than 180 days from March 27, 2023 to May 22, 2023.

Which marketplaces are affected?

This change applies to all marketplaces.

Which applications are affected?

All SP-API applications that have credentials older than 180 days.

What action is required?

All SP-API integrations with credentials older than 180 days must rotate (update) their credentials by May 22, 2023.

What will happen if credentials aren't rotated every 180 days?

If you do not update LWA credentials before their target rotation date, your API integration will lose access to SP-API, including the ability to make successful API calls, which may directly impact any customers that authorize your application by restricting business critical functions. We will provide updates to all impacted developers with a notice of changes to their access 24 hours prior to implementation.

Why do I need to rotate the LWA client secret on my SP-API application(s)?

Regular and timely rotation of LWA client credentials limits the duration of your application’s credentials in the event that credentials are exposed or compromised.

How do I rotate my LWA credentials?

Follow these steps to rotate LWA credentials (client secrets).

  1. Sign in to your developer account on Seller Central, Vendor Central, or Developer Central and navigate to the Developer Console page that lists all your applications.
  2. From the LWA credentials column, find the expiry alert and select View.
  3. (Optional) For ease of reference, you can store your existing LWA credentials securely in an encrypted form.
  4. Choose Rotate secret, read the warning, then choose Rotate secret again.
  5. Repeat Steps 2 through Step 5 for every application showing an expiry alert.

Note: After you generate a new LWA credential (client secret), you must update your credentials for any applications that call the Amazon APIs. Your old credentials expire 7 days after you generate new credentials.

More information

For more information, refer to Rotating your application's LWA credentials in the SP-API documentation.

For a list of URLs by marketplace, refer to Seller Central URLs and Vendor Central URLs.