Developer Console

FAQ

The following are frequently asked questions about Login with Amazon.

General Login with Amazon Questions

What is Login with Amazon?
Login with Amazon allows Amazon customers to login to registered third-party websites or mobile apps ("clients") using their Amazon user name and password. Clients may ask the customers to share some personal information from their Amazon profile, including name, email address, and zip code.
Who uses Login with Amazon?
Developers who integrate with Login with Amazon to reduce registration and authentication friction, and Amazon customers who use Login with Amazon to login to websites and mobile apps with their Amazon credentials instead of creating a new password.
Why would a website or app use Login with Amazon?
Login with Amazon is a free service that allows developers to quickly and easily integrate a login solution to their websites and mobile apps. The service makes it convenient for over 250 million Amazon customers to login to these websites and mobile apps securely, and without hassles, using their Amazon account. It also allows customers to seamlessly share profile data, such as their email address, with a client.
After you’ve implemented Login with Amazon, your customers will have one less username and password to remember in an environment where password reuse can compromise their information on multiple sites if an attacker finds a vulnerability in just one of them.
Why did Amazon create Login with Amazon?
Login with Amazon helps introduce sellers and developers to other Amazon services. Amazon has a suite of services for sellers and developers to build, monetize and market their websites and mobile apps (learn more about them in our Developer Portal). Login with Amazon also addresses the customer pain of forgotten passwords by enabling them to use the credentials they use almost every day across the web.

Using Login with Amazon

How do Amazon customers use Login with Amazon to login to a website or mobile app?
Users will see a Login with Amazon button that starts the login process. After clicking the button, the user will be presented a secure login screen (hosted by Amazon) to enter their email and password.
After authentication, they will then be asked to consent to share the data requested by the website or mobile app, which can include their name, email address and zip code. The consent screen will inform the user of what information was requested and what will be shared.
If they do not consent, they will be redirected back to the website or app. If they do consent, they will be redirected back to the website or app and the client will receive a token or code to access authorized user data.
In using the Login with Amazon SDKs for iOS and Android, you can also provide your users with a single sign-on experience, allowing them to skip the login screen if they are already authenticated to Amazon. To learn more, see Customer Experience Overview for Android/Fire apps, and Customer Experience Overview for iOS apps.
Can I use Login with Amazon on Internet of Things (IoT) devices or apps?
Yes, you can use Login with Amazon as an authentication gateway for any IoT device or app capable of integrating with one of our SDKs. In fact, Login with Amazon currently provides a secure and scalable authentication gateway for the Amazon Echo and Dash Buttons. On Fire TV, Login with Amazon is supported through the Silk web browser and single sign-on (SSO) is auto-enabled.

On any device which is not capable of launching a web browser, such as smart TVs and watches, you may use a authorization method known as Code-Based Linking in which your device displays an alphanumeric user code to allow the user to Login with Amazon on your device using a secondary device such as their mobile phone or laptop. To learn more, see LWA for TVs and other Devices.

Can I use Login with Amazon on Fire TV and Fire tablet apps?
Yes, the Login with Amazon for Android instructions can also be used to add Login with Amazon to Fire TV and Fire tablet applications. Learn more about creating apps for Amazon Fire TV and Amazon Fire Tablets at developer.amazon.com.
How do Amazon customers see information on sites they have logged into?
Users can visit the Manage Login with Amazon section of the Your Account page on Amazon.com to view the list of websites or mobile apps they’ve consented to share data with.
What if an Amazon customer no longer wishes to share information with a third-party website or app via Login with Amazon?
Users can remove the third-party site's access to their information from the Manage Login with Amazon section of the Your Account page on Amazon.com. Removing permissions only prevents the third-party from accessing updates to the information already shared. The third-party may retain the information already shared, and the usage of that information is subject to that site’s privacy policy.
If a third-party site using Login with Amazon is a subsidiary of Amazon, we may continue to share the information with the third-party site as described in the Amazon.com privacy policy.

Transferring Apps from Seller Central to Amazon Developer Portal

What happens to my existing applications when I transfer my account from SellerCentral to Amazon Developer?
Your applications/websites will not be affected by the migration to Amazon Developer, and will work just like they did before. Transferring your applications to developer console will not reset API keys of any application. Also the client Id and client secret for these applications will remain the same. There should be no code changes required on your end.
Are my customers impacted or will they see any changes?
No, your customers will see no changes and will not be impacted by the transfer of your applications/websites from Seller Central to Amazon Developer Portal.
What if I have an existing Amazon Developer account when transferring applications?
If you have active applications on Amazon Developer, there may be conflicts related to the associated profile user ID data. Please contact us lwa-migration-support@amazon.com and we will assist you with the transfer of your applications from Seller Central to Amazon Developer account.
Do I need to transfer my MWS applications?
This migration is only for your Login With Amazon Applications and it does not relate to your MWS Applications.

Setting up Login with Amazon

How do I sign up for Login with Amazon?
Before you can use Login with Amazon on a website, you must register a Security Profile through the Developer Console.
  • If you plan to implement Amazon Pay at launch, register using these instructions provided by Amazon Pay.
  • If you don’t plan to use Amazon Pay at launch, or if you’re not sure whether you’ll use Amazon Pay now or in the future, we recommend registering through the Developer Console. Next, use our instructions for Websites, iOS, and, Android to finish setting up Login with Amazon.
I have websites and/or mobile apps registered in both Seller Central (App Console) and the Developer Portal. Can I manage all my websites/apps in one place?
You can link your App Console and Developer Portal accounts to get a consolidated view of all your Login with Amazon websites and/or mobile apps in both places. With the accounts linked, you get the flexibility of visiting either the App Console or the Developer Portal to manage all your websites and/or mobile apps.
For example, you’ll want to link accounts if you’ve enabled Login with Amazon on an Android/Kindle application distributed through the Amazon Appstore (as these must be registered through the Developer Portal), and also on the website version of the same application registered through the App Console in Seller Central.
In this example, the website registered through Seller Central won’t appear in the Developer Portal, and the Android/Kindle app registered in the Developer Portal won’t appear in Seller Central. In addition, because the application is registered in two different places, your customers would need to provide consent twice – once when they Login with Amazon through the website, and a second time when they Login with Amazon through the Android/Kindle app. Linking your App Console and Developer Portal accounts enables a more seamless experience for your customers, as they’ll only need to provide their consent once per application.
Seller Central (App Console) has been deprecated. If you had existing applications on Seller Central, they will continue to work as expected. Account Linking could be done in order to transfer these applications to a Developer account. Contact Amazon Developer Support in order to request this transfer. If you have any additional questions, please refer to our Forums.
What should I do if I have multiple versions of the same app (e.g. free vs paid)?
If you have multiple versions of the same app, open the iOS or Kindle/Android settings for the app in your Developer Console, then click the Add an API Key button at the bottom right. After you register the new settings, you can use the resulting API Key value for the other version of the app. This will prevent your users from having to consent to Login with Amazon on multiple versions of the same app. Remember to label your new settings appropriately so you can tell them apart.
Can I use one developer account for multiple websites and mobile apps?
Yes, Amazon's Developer Console allows you to add and manage multiple Login with Amazon application for Web, iOS and Android/Kindle.
If you’ve registered applications on both the App Console and the Developer Portal, and would like to manage them all in one place, review our the earlier FAQ ("I have websites and/or mobile apps registered in both…").
What profile information can Amazon users share with me?
Customers can consent to share their name, email address, and ZIP Code when using Login with Amazon. If the customer uses Login & Pay with Amazon, they can also share their shipping address.

About Amazon Pay

What is Amazon Pay?
Amazon Pay is a service that provides customers with the ability to send and receive payments for goods or services by using the payment methods already stored in their Amazon.com account. To make a payment, they can use a credit card, bank account, or Amazon Pay Account balance. Amazon Pay is available for websites only. Learn more.
What is Login and Pay with Amazon?
Login and Pay with Amazon combines Amazon Pay with Login with Amazon. It allows hundreds of millions of Amazon buyers to login and pay on your website with the information already stored in their Amazon account. It's fast, easy and trusted. It can help you add new customers, increase sales and turn browsers into buyers. Leverage the trust of Amazon to grow your business. Learn more.
How do I add Amazon Pay to my website?
Review the Amazon Pay documentation for step-by-step instructions.

Technical Questions & Troubleshooting

Does Login with Amazon use the OAuth protocol?
Yes, Login with Amazon uses the OAuth 2.0 protocol for authorizing access to customer profile data. More extensive documentation of our Oauth implementation is available in the Understanding Login with Amazon section of our Login with Amazon for Websites documentation.
Why does the Allowed Return URL for my website need to be secure (https)?
When you register your website for Login with Amazon, you’ll be asked to enter either Allowed Return URLs or Allowed JavaScript Origins. The Return URL protocol must be HTTPS. There is a security risk in allowing HTTP return URLs if you are using the Implicit Grant (learn more). A man-in-the-middle would have the ability to view Access Tokens passing between the redirect URL and the user's browser, allowing an attacker to illegitimately obtain customer profile data using those Access Tokens.
If you do not have HTTPS available on your site, you can use the Authorization Code Grant to query Amazon's customer profile endpoint directly from your server. This communication will be over HTTPS and will be authorized with your client identifier and client secret for authentication. There is sample code available in our Getting Started Guide for Web to show you how to use the Authorization Code Grant.
We highly recommend that sites that will have authenticated customer sessions also have the ability to communicate over HTTPS to avoid eavesdropping attacks which may result in credentials being stolen and replayed by an attacker. All secure data, including tokens, should pass over an HTTPS connection.
I’m seeing an error in the Developer Portal when I enter an Allowed JavaScript Origin: One of your Allowed JavaScript Origins is invalid.
Login with Amazon today supports origin URLs to be a combination of protocol, domain name and port (for example - https://www.example.com:8443, http://localhost:8080). One common reason for encountering this error is due to using an unsupported top-level domain. Login with Amazon currently supports all original, infrastructure, and country code top-level domains. If you need to register an unsupported URL for your application, contact us for assistance.
I’ve added the Login with Amazon button to my website, but am getting an error when I click it: 400 Bad Request - the domain on which you are using the JavaScript SDK has not been added to the allow list for your application.
The URL of the webpage that invokes the Login with Amazon JavaScript SDK needs to be listed as an Allowed JavaScript Origin in the Web Settings of your application. Open your security profile in the Developer Console , hover over the actions button icon, select Web Settings, and then click Edit to add Allowed JavaScript Origins. Make sure the URL exactly matches the one that invokes the SDK, including the protocol (http vs https).

Last updated: Jul 09, 2021