HomeDocumentationCode SamplesAPI ReferenceAnnouncementsModelsRelease NotesFAQGitHubVideos
Developer HubAPI StatusSupport
Documentation
Developer HubAPI StatusSupport

Rotate your application's client secret

Learn how to rotate your client secrets using the rotateApplicationClientSecret operation.

This tutorial describes how to use the rotateApplicationClientSecret operation to rotate your client secrets.

Prerequisites

To successfully complete this tutorial, you must have:

  • Access to the Developer Console
  • Access to Amazon SQS (and a new SQS queue)
  • The application's current client credentials

Step 1. Register your SQS queue to receive new credentials

  1. Sign in to your developer account on the Solution Provider Portal. Navigate to the Developer Console page that lists all your applications.

    📘

    Note

    For Seller Central users, sign in to Seller Central for your marketplace and navigate to Apps and Services, then Develop Apps.

    For Vendor Central users, sign in to Vendor Central for your marketplace and navigate to Integration, then API Integration.

  2. Select Notification Preferences.

  3. On the Subscription page, find the application for which you want to receive the expiring credential notification.

  4. In the Application Client New Secret row, enter the SQS queue where you want to receive the new credential.

Step 2. Call the rotateApplicationClientSecret operation

Call the rotateApplicationClientSecret operation with the application credential that you want to rotate. The following steps show the workflow, with screenshots from the Postman tool.

  1. Generate an LWA Access Token by calling the token's API endpoint (https://api.amazon.com/auth/O2/token) using client_id, client_sceret, grant_type, and scope in the POST call body as x-www-form-urlencoded parameters.

    The Generate an LWA Access Token screen.

  2. Use the LWA Access Token from Step 1 in the x-amz-access-token header of the rotateApplicationClientSecret with the endpoint URL https://sellingpartnerapi-na.amazon.com/applications/2023-11-30/clientSecret.

    The Use the LWA Access Token screen.

❗️

Important

The credential you use to call rotateApplicationClientSecret expires after seven days. If you don't update your credential before it expires, your application will stop working.

Step 3. Get the latest client secret from your SQS queue

Use an Amazon SQS client to receive the message from your pre-registered queue. Follow the ReceiveMessage documentation for receiving messages in your SQS queue.

Updated about 14 hours ago