HomeDocumentationCode SamplesAPI ReferenceAnnouncementsModelsRelease NotesFAQGitHubVideos
Developer HubAPI StatusSupport
Documentation
Developer HubAPI StatusSupport

Rotate your Application's LWA Credentials

Learn how to rotate your application's Login with Amazon (LWA) credentials (client secrets).

Login with Amazon (LWA) credential rotation is the process of periodically updating your client secrets. Regular and timely rotation of LWA credentials limits the duration of exposed or compromised credentials.

You can rotate your LWA credentials manually or programmatically. You must rotate your Login with Amazon (LWA) credentials (client secrets) for all applications every 180 days. You receive a notification 90 days before your LWA credentials rotation deadline. If you do not update your LWA credentials by the deadline, your application returns an error when it calls the SP-API.

Tip

For a video tutorial on rotating your application's LWA credentials, refer to Rotate Your Application's LWA Credentials

Rotate the Login with Amazon (LWA) credentials for your application in the Developer Console

Follow these steps to rotate LWA credentials (only the primary user of the account can complete the process):

  1. Sign in to your developer account on Seller Central, Vendor Central, or Developer Central. Navigate to the Developer Console page that lists all your applications.
  2. From the LWA credentials column, locate the expiration alert and select View.
  3. (Optional) You can securely store your existing LWA credentials in an encrypted form to refer to them later.
  4. Choose Rotate secret, read the warning, then choose Rotate secret again. The system displays a new rotation date when you successfully rotate the LWA credentials.
  5. Select View in the LWA credentials column to view this updated date.
  6. Repeat Steps 2 through Step 5 for every application showing an expiration alert.
  7. Update your SP-API application code to use the new LWA credentials.
    You must use the new credentials within seven days of the update. Your old credentials expire after this time. If you do not update your application's code to use the new LWA credentials, your application returns an error when you call SP-API.
    For a list of URLs by marketplace, refer to Seller Central URLs and Vendor Central URLs.

Rotate LWA credential for your application programmatically

To rotate your LWA credentials programmatically, refer to Rotate your application's client secret.

FAQ

For general questions on LWA Credentials Rotation, refer to LWA Credentials FAQ.

Troubleshooting and Error Handling

For troubleshooting and error handling, refer to Troubleshoot LWA Credentials.

Updated 3 days ago