Register for Login with Amazon

Before you can use Login with Amazon on a website, you must register a Security Profile through the Developer Console. During registration, you’ll be asked to provide the name of your application, your logo, and a link to your privacy policy. Users will see this information each time they use Login with Amazon on your website or mobile app.

Create a New Security Profile

Skip this section if you have already created a security profile in the Amazon Developer Console.

  1. Visit https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html. You will be asked to login to the Developer Console, which handles application registration for Login with Amazon. If this is your first time using the Developer Console, you will be asked to set up an account.

  2. Click Create a New Security Profile. This will take you to the Security Profile Management page.

    1. Enter a Name and a Description for your security profile. A security profile associates user data and security credentials with one or more related apps. The Name is the name displayed on the consent screen when users agree to share information with your application. This name applies to Android, iOS, and website versions of your application.

    2. You must enter a Consent Privacy Notice URL for your application. The Privacy Notice URL is the location of your company or application's privacy policy (for example, http://www.example.com/privacy.html). This link is displayed to users on the consent screen. It applies to Android, iOS, and website versions of your application.

    3. If you want to add a Consent Logo Image for your application, click Upload Image. This logo is displayed on the sign-in and consent screen to represent your business or website. It applies to Android, iOS, and website versions of your application. The logo will be shrunk to 50 pixels in height if it is taller than 50 pixels; there is no limitation on the width of the logo.

  3. Click Save. Your security profile should look similar to this:

    Created Security Profile

Enable your Existing Security Profile for Login with Amazon

Skip this section if you used the instructions above to create a new security profile. Security profiles created using the instructions above are already enabled for Login with Amazon.

  1. Visit https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html. You will be asked to login to the Developer Console.

  2. Click Select a security profile, then choose your security profile from the drop-down menu.

    Enabling LWA for your Security Profile
  3. Click the Confirm button that appears to the right.

  4. A form appears, where you must enter consent screen information.

    Adding consent screen information to your Security Profile
  5. You must enter a Consent Privacy Notice URL for your application. The Privacy Notice URL is the location of your company or application's privacy policy (for example, http://www.example.com/privacy.html). This link is displayed to users on the consent screen. It applies to Android, iOS, and website versions of your application.

  6. If you want to add a Consent Logo Image for your application, click Upload Image. This logo is displayed on the sign-in and consent screen to represent your business or website. It applies to Android, iOS, and website versions of your application. The logo will be shrunk to 50 pixels in height if it is taller than 50 pixels; there is no limitation on the width of the logo.

  7. Click Save. The screen will refresh, and show a message underneath the Confirm button that states: "Login with Amazon successfully enabled for security profile".

Add your Website to your Security Profile

After creating a security profile (or) enabling an existing security profile for login with amazon on the Developer Console, you can add settings for specific websites and mobile apps that will use Login with Amazon with that profile. Follow these steps to add a website to your profile:

  1. Visit https://developer.amazon.com/loginwithamazon/console/site/lwa/overview.html.
  2. Go to the Web Settings of the security profile that you want to use for your app.
    1. Locate the security profile you want to modify from the table.
    2. Hover over the actions button button shown in the Manage column.
    3. Select the Web Settings menu item. Note: If your desired security profile is not shown in the table, it is not yet enabled for Login with Amazon. In this case, use the drop-down menu above the table to Select a Security Profile, then click Confirm. You'll be required to enter a Consent Privacy Notice URL and optionally select a Consent Logo Image, both of which will be displayed on the sign-in and consent screens. If you don't have an existing security profile for your app, see Register Your Security Profile (above).
  3. Click Edit.
  4. To use Login with Amazon with a website, you must specify either Allowed Origins or Allowed Return URLs. Specify Allowed Origins to provide a popup authentication experience to your users, or Allowed Return URLs to provide a redirect authentication experience.
    • If your website will use the Login with Amazon SDK for JavaScript, add your website origin to Allowed Origins. An origin is the combination of protocol, domain name, and port (for example, https://www.example.com:8443). Allowed Origins must use the HTTPS protocol. If you are using a standard port (port 80 or port 443) you need only include the domain name (for example, https://www.example.com). Adding your domain here allows the Login with Amazon SDK for JavaScript to communicate with your website directly during the login process. Web browsers normally block cross-origin communication between scripts unless the script specifically allows it.
    • If your website will be making HTTPS calls to the Login with Amazon authorization service and specifying a redirect_uri for replies, add those redirect URIs to Allowed Return URLs. The return URL includes the protocol, domain, path, and query string(s) (for example, https://www.example.com/login.php).
  5. Click Save. Your security profile should look similar to this:
example website settings

Delete your Security Profile

If needed, you can delete any security profile not associated with an app distributed through the Amazon Appstore. Navigate to the Security Profile Management page, select a profile, and then click Delete Security Profile. A confirmation form appears. Type the word delete into the text field then click Delete to confirm the action.

If a security profile is mistakenly deleted, it’s fully recoverable from the Security Profile Management page. Click the Show Deleted Security Profiles button, click on the name of the profile you’d like to restore, then click Restore Security Profile. A confirmation form appears. Click the Restore button to recover the security profile, including its Web, Android/Kindle, and iOS settings.