HomeDocumentationCode SamplesAnnouncementsModelsRelease NotesFAQVideos
Developer HubAPI StatusSupport
Announcements
Developer HubAPI StatusSupport
Back to All

Urgent: Login with Amazon rotation deadline is May 22, 2023

May 16th, 2023 by AliH_Amazon

On February 6, 2023, we announced that you must rotate your Login with Amazon (LWA) credentials (client secrets) for all applications every 180 days. Regular and timely rotation of LWA credentials limits the duration of your application’s credentials in the event that credentials are exposed or compromised. LWA credentials older than 180 days must be rotated by May 22, 2023.

What action will be taken if my credentials aren't rotated by May 22, 2023?

If you do not update your LWA credentials by May 22, 2023, your API integration will lose access to the Amazon Services API, including the ability to make successful API calls. This may directly impact business critical functions, including any customers that previously authorized your application. Any API calls that you make will fail with the following error message. 

 {
    "errors": [
        {
            "code": "Unauthorized",
            "message": "Access to requested resource is denied.",
            "details": "The LWA secret token you provided has expired."
        }
    ]
}

You can regain API access by generating new credentials and using the new credentials to make API requests.

Will rotating my LWA credentials break my application?

The action of rotating your LWA credentials (client secrets) will not break your application or impact end users. End users will not have to re-authorize any related applications. Note that your old credentials expire 7 days after you generate new credentials.

After you generate new credentials, you must update your credentials for any applications that call Amazon Services APIs. Failure to update your application with the new credentials before this expiry may impact its business critical functions.

What action is required to rotate my LWA credentials?

Use the following procedure to generate new LWA credentials (client secrets).

  1. Sign in to your developer account on Seller Central, Vendor Central, or Developer Central and navigate to the Developer Console page that lists all your applications.
  2. From the LWA credentials column, find the expiration alert and select View.
  3. (Optional) For ease of reference, you can securely store your existing LWA credentials in an encrypted form.
  4. Choose Rotate secret, read the warning, then choose Rotate secret again.
  5. Repeat Steps 2 through Step 5 for every application showing an expiration alert.

More information

For more information, refer to to Rotating your application's LWA credentials in the SP-API documentation, which includes a video overview of the requirement and process.