1. CData Virtuality
  2. Community
  3. Connector Updates

Amazon Selling Partner API: rotating credentials

Follow
0
Avatar
Eugene Bykov

Amazon announced a new security measure to rotate login-with-amazon (LWA) credentials every 180 days. As this never happened before, we cannot guarantee that sources can continue using the original refresh token, as such, it is possible that Seller Central and Vendor Central data sources would have to be re-authenticated within 7 days after rotation, for all our SaaS customers. The rotation deadline is March 27, 2023, and we will announce the rotation in the first days of March.

Customers of Data Virtuality Platform need to rotate the LWA and acquire new credentials following the original process to acquire them, by March 27, 2023.

More details can be found at this link: https://developer-docs.amazon.com/sp-api/changelog/important-you-must-rotate-your-login-with-amazon-lwa-credentials-client-secrets-for-all-applications-every-180-days

Comments

3 comments

Sort by Date Votes
  • Comment actions Permalink
    Official comment
    Avatar
    Eugene Bykov

    Upon discussions with Amazon, we can confirm that Amazon sellers do not have to re-authenticate the data access, however a client secret needs to be swapped within 7 days after rotation.

    For SaaS customers of Data Virtuality no action is required, however we will send a notification when we execute the key rotation.

    Data Virtuality customers, using their own LWA credentials, will have to rotate them, and modify the client secret to the newly generated one, stored in the data source properties, within 7 days after rotation. 

  • 0
    Comment actions Permalink
    Avatar
    Eugene Bykov

    We plan to rotate the credentials on the week of 20-26th March 2023. There is no action required for the  SaaS customers, however the servers will need to be restarted for the changes to take effect. We will apply maximum effort to execute the restart during the idle time when no jobs are executed, however we cannot guarantee this in case the servers are extensively used.

  • 0
    Comment actions Permalink
    Avatar
    Eugene Bykov

    We just rotated our LWA credentials. The change will affect all SaaS customers, using Data Virtuality Pipes Amazon application, however is expected to be rolled out transparently by our experts within the next 7 days. During this period both the new and old credentials will remain functional. There is no action required to be executed by the customers.

Please sign in to leave a comment.

Didn't find what you were looking for?

New post
Powered by Zendesk