Developer Console

Obtain Credentials

To use Amazon Device Messaging (ADM), you must be able to uniquely identify your app to Amazon. Amazon provides you with credentials for this purpose:

  • API key(s). ADM uses an API key to verify your app's identity.
  • OAuth Credentials ("Client ID" and "Client Secret"). ADM uses OAuth credentials to verify your server's identity. Your server presents these credentials to obtain access tokens for sending messages using ADM.

For more information on using OAuth credentials and API keys, see Overview of Amazon Device Messaging, Integrate Your App, and Request an Access Token.

Getting your OAuth credentials and API key

To obtain credentials and enable your app to use ADM:

  1. Create an account on the Developer Console and add your app, if you haven't already done so.

  2. Go to Apps & Services > My Apps, and then select the app with which you want to use ADM.

  3. In the sidebar, click App Services.

  4. In the Device Messaging section, click Select existing security profile or create new. (If you have already assigned a security profile to your app, expand the Attached security profile and related details section and proceed to step 7.)

  5. To assign a security profile to your app, choose an existing security profile from the Security Profile drop-down menu, or click Create Security Profile to create a new profile. A security profile provides the OAuth credentials that you use when sending messages with ADM.

  6. After selecting an existing security profile, click Enable Security Profile to save your changes.

    A success message appears that says, "Device messaging was successfully enabled on your app using Security Profile Name security profile."

  7. Click the View Security Profile link. Then under Security Profile Management, click Android/Kindle Settings.

  8. Click the Add an API Key button to create an API key. Your app requires one or more API keys.

    • Debug application signature: In all cases, you must create an API key for the debug version of your app to test your app with ADM.

    • Release application signature: If your app uses the Appstore SDK, you must create an additional API key for the release version of your app. If using the older IAP SDK v2.0 and you sign your app using your own certificate, you must also create an API key for the release version of your app. In contrast, if using the IAP SDK v2.0, or no in-app purchasing SDK at all, and you allow Amazon to sign your app on your behalf, you do not need to create an additional API key. For a summary, see the following table.

      Determine if you're required to create an API key for your release app.
      App uses the Appstore SDK App signed with your own certificate API key required?

    To create an API key, you must provide a name for the API key, your app's the package name (for example, com.mycompany.bestapplication), and the MD5 and SHA-256 values of your app's signature:

    • Debug application signature (used for pre-release version of your app): You can obtain the MD5 or SHA-256 signature of the certificate used to sign the debug version of your app by doing one of the following:

      • Locate the keystore file that is used to sign your app, as well as the alias of the certificate within the keystore file used for signing. For example, if the keystore file is named my_key_store and the certificate within the keystore that is used for signing is called my_certificate_alias, you would run the following command:

        {JAVA_HOME}/bin/keytool -list -v -alias my_certificate_alias -keystore my_keystore_file

        The output should contain an MD5 or SHA-256 value similar to the following. This is your application signature.

        MD5: 2E:0B:46:F8:D0:4A:06:AC:18:7A:2E:B0:42:95:58:FE`
        SHA-256: 34:A3:65:30:3E:B2:9B:30:DD:10:E8:87:79:16:DF:4C:61:77:BC:1F:80:BD:3F:12:39:A3:31:E6:68:19:1C:6F
      • Or, if your app is in the form of a signed APK and you are developing on a Unix-like system, you can run the following command instead. Note that you must replace {your-app.apk} with the name of your APK file.


        unzip -p {your-app.apk} META-INF/CERT.RSA | keytool -printcert | grep MD5


        unzip -p {your-app.apk} META-INF/CERT.RSA | keytool -printcert | grep SHA-256
      • Or, if you are using Android Studio, click the Gradle side pane on the right and expand it. Then expand app > Tasks > android and double-click signingReport.

        Provide the MD5 and SHA-256 output that is returned.

    • Release application signature (for the production version of your app):

      • If you sign the release version of your app using your own certificate, provide the MD5 and SHA-256 signature for that certificate to create an additional API key.
      • If you don't use your own certificate, to obtain your MD5 and SHA-256 signature:
        1. Go to the Developer Console.
        2. Select Apps & Services > My Apps.
        3. Select your app.
        4. Go to the Upload Your App File screen.
        5. Select Appstore Certificate Hashes.
      • It's possible you might not need an API key, see the table in Determine if you're required to create an API key for your release app for details.
  9. Click Add.

  10. Obtain Client credentials (required for calling ADM servers). Under Security Profile Management, click the Web Settings tab. You can find the Client ID and Client Secret on this page.

Last updated: Oct 02, 2023