HomeDocumentationCode SamplesAPI ReferenceAnnouncementsModelsRelease NotesFAQGitHubVideos
Developer HubAPI StatusSupport
Documentation
Developer HubAPI StatusSupport

Rotate your Application's LWA Credentials

Learn how to rotate your application's Login with Amazon (LWA) credentials (client secrets).

Login with Amazon (LWA) credential rotation is the process of periodically updating your client secrets. Regular and timely rotation of LWA credentials limits the duration of exposed or compromised credentials.

You can rotate your LWA credentials manually or programmatically. You must rotate your LWA credentials (client secrets) for all applications every 180 days. You receive a notification 90 days before your LWA credentials rotation deadline. If you do not update your LWA credentials by the deadline, your application returns an error when it calls the SP-API.

Tip

For a video tutorial about rotating your application's LWA credentials, refer to Rotate Your Application's LWA Credentials

Rotate the LWA credentials for your application

Follow these steps to rotate LWA credentials (only the primary user of the account can complete the process):

  1. Sign in to Solution Provider Portal and navigate to your applications.

    📘

    Note

    For Seller Central users, sign in to Seller Central for your marketplace and navigate to Apps and Services, then Develop Apps.

    For Vendor Central users, sign in to Vendor Central for your marketplace and navigate to Integration, then API Integration.

  2. From the LWA credentials column, find the expiration alert and select View.

  3. (Optional) For ease of reference, you can securely store your existing LWA credentials in an encrypted form.

  4. Choose Rotate secret, read the warning, then choose Rotate secret again.

  5. View the updated target rotation date on the LWA credentials page.

  6. Repeat Steps 2 through Step 6 for every application showing an expiration alert.

Important

After you generate a new LWA credential (client secret), you must update your credentials for any applications that call Amazon APIs. Your old credentials expire seven days after you generate new credentials.

For a list of URLs by marketplace, refer to Seller Central URLs and Vendor Central URLs.

Rotate LWA credential for your application programmatically

To rotate your LWA credentials programmatically, refer to Rotate your application's client secret.

FAQ

For general questions on LWA Credentials Rotation, refer to LWA Credentials FAQ.

Troubleshooting and Error Handling

For troubleshooting and error handling, refer to Troubleshoot LWA Credentials.

Updated 7 days ago