HomeDocumentationCode SamplesAnnouncementsModelsRelease NotesFAQGitHubVideos
Developer HubAPI StatusSupport
Announcements
Developer HubAPI StatusSupport

Reminder and best practices to keep Amazon LWA client credentials secure

Important: Public Exposure of Amazon LWA client credentials will lead to loss of SP-API access.

To protect customer data, any known compromise of Amazon LWA Client credentials or data will result in loss of access to SP-API, that is the ability to make API calls using compromised credentials.

What action is required?

Rotate your LWA client credentials as soon as you are aware of an exposure.

How do I rotate my LWA Client Secret to resume operations?

To generate new LWA credentials (client secrets), refer to the SP-API documentation on Rotating your application's LWA credentials.

Important: After you generate a new LWA credential (client secret), you must update your credentials for any applications that call Amazon Selling Partner APIs.

What more can I do to protect my credentials?

Your security is important to us, and exposure of your application's Amazon LWA client credentials poses a security risk data, for both you and your customer, and is a violation of our Acceptable Use Policy (AUP). You are responsible for keeping the data you retrieve from SP-API secure in accordance with our Data Protection Policy (DPP).

The following is a list of SP-API resources about how to protect your data: