Home > Services & APIs > Engage > Login with Amazon

Frequently Asked Questions

About Login with Amazon

What is Login with Amazon?

Login with Amazon allows Amazon customers to login to registered third-party websites or mobile apps ('clients') using their Amazon user name and password. Clients may ask the customers to share some personal information from their Amazon profile, including name, email address, and zip code.

Who uses Login with Amazon?

Developers who integrate with Login with Amazon to reduce registration and authentication friction, and Amazon customers who use Login with Amazon to login to websites and mobile apps with their Amazon credentials instead of creating a new password.

Why would a website or app use Login with Amazon?

Login with Amazon is a free service that allows developers to quickly and easily integrate a login solution to their websites and mobile apps. The service makes it convenient for over 250 million Amazon customers to login to these websites and mobile apps securely, and without hassles, using their Amazon account. It also allows customers to seamlessly share profile data, such as their email address, with a client. Once you’ve implemented Login with Amazon, your customers will have one less username and password to remember in an environment where password reuse can compromise their information on multiple sites if an attacker finds a vulnerability in just one of them.

Why did Amazon create Login with Amazon?

Login with Amazon helps introduce sellers and developers to other Amazon services. Amazon has a suite of services for sellers and developers to build, monetize and market their websites and mobile apps (learn more about them in our Developer Portal). Login with Amazon also addresses the customer pain of forgotten passwords by enabling them to use the credentials they use almost every day across the web.


Using Login with Amazon

How do Amazon customers use Login with Amazon to login to a website or mobile app?

Users will see a Login with Amazon button that starts the login process. After clicking the button, the user will be presented a secure login screen (hosted by Amazon) to enter their email and password. Once authenticated, they will then be asked to consent to share the data requested by the website or mobile app, which can include their name, email address and zip code. The consent screen will inform the user of what information was requested and what will be shared. If they do not consent, they will be redirected back to the website or app. If they do consent, they will be redirected back to the website or app and the client will receive a token or code to access authorized user data.

For more details on the customer experience in native mobile apps, including how your users can skip the login screen and experience single-sign on, please see: Customer Experience in Android/Fire apps, and Customer Experience in iOS apps.

Can I use Login with Amazon on Internet of Things (IoT) devices or apps?

Yes – you can use Login with Amazon as an authentication gateway for any IoT device or app capable of integrating with one of our SDKs. In fact, Login with Amazon currently provides a secure and scalable authentication gateway for the Amazon Echo and Dash Buttons.

The exception to this is any device which is not capable of launching a web browser, such as smart TVs and watches. Login with Amazon is not currently available to these types of devices. If you have questions about whether Login with Amazon is available for your platform, or if you’d like to be notified when support for additional platforms becomes available, please contact us.

Can I use Login with Amazon on Fire TV and Fire tablet apps?

Yes – the Login with Amazon for Android instructions can also be used to add Login with Amazon to Fire TV and Fire tablet applications. Learn more about creating apps for Amazon Fire TV and Amazon Fire Tablets at developer.amazon.com.

How do Amazon customers see information on sites they have logged into?

Users can visit the Manage Login with Amazon section of the Your Account page on Amazon.com to view the list of websites or mobile apps they’ve consented to share data with.

What if an Amazon customer no longer wishes to share information with a third-party website or app via Login with Amazon?

Users can remove the third-party site’s access to their information from the Manage Login with Amazon section of the Your Account page on Amazon.com. Removing permissions only prevents the third-party from accessing updates to the information already shared. The third-party may retain the information already shared, and the usage of that information is subject to that site’s privacy policy. If a third-party site using Login with Amazon is a subsidiary of Amazon, we may continue to share the information with the third-party site as described in the Amazon.com privacy policy.


Setting up Login with Amazon

How do I sign up for Login with Amazon?

Before you can use Login with Amazon on a website, you must either register a Security Profile through the Developer Console, or register an application through the App Console (one or the other).

  • If you plan to implement Amazon Pay at launch, register through the App Console using these instructions provided by Amazon Payments.
  • If you don’t plan to use Amazon Pay at launch, register through the Developer Console. Next, use our instructions for Websites, iOS, and, Android to finish setting up Login with Amazon.
  • If you’re not sure whether you’ll use Amazon Pay now or in the future, we recommend registering through the Developer Console. You can always register through the App Console later if you decide to use Amazon Pay, and then contact our team to link the two accounts (learn more).

I have websites and/or mobile apps registered in both Seller Central (App Console) and the Developer Portal. Can I manage all my websites/apps in one place?

You can link your App Console and Developer Portal accounts to get a consolidated view of all your Login with Amazon websites and/or mobile apps in both places. With the accounts linked, you get the flexibility of visiting either the App Console or the Developer Portal to manage all your websites and/or mobile apps. Through the App Console, you get the additional benefit of viewing Amazon-captured metrics (sign in success, consent denied, consent revoked, etc.) for your applications, which aren’t available in the Developer Portal.

For example, you’ll want to link accounts if you’ve enabled Login with Amazon on an Android/Kindle application distributed through the Amazon AppStore (as these must be registered through the Developer Portal), and also on the website version of the same application registered through the App Console in Seller Central. In this example, the website registered through Seller Central won’t appear in the Developer Portal, and the Android/Kindle app registered in the Developer Portal won’t appear in Seller Central. In addition, because the application is registered in two different places, your customers would need to provide consent twice – once when they Login with Amazon through the website, and a second time when they Login with Amazon through the Android/Kindle app. Linking your App Console and Developer Portal accounts enables a more seamless experience for your customers, as they’ll only need to provide their consent once per application.

Though linking your accounts is not required, it is highly recommended to ensure you receive the best experience and most accurate metrics from Login with Amazon. To link your accounts, contact Login with Amazon support (lwa-support@amazon.com) and include the email address you used in both Seller Central and the Developer Portal.

What should I do if I have multiple versions of the same app (e.g. free vs paid)?

If you have multiple versions of the same app, open the iOS or Kindle/Android settings for the app in your Developer Console, then click the Add an API Key button at the bottom right. Once you register the new settings, you can use the resulting API Key value for the other version of the app. This will prevent your users from having to consent to Login with Amazon on multiple versions of the same app. Remember to label your new settings appropriately so you can tell them apart.

Can I use one developer account for multiple websites and mobile apps?

Yes, Amazon's Developer Console allows you to add and manage multiple Login with Amazon application for Web, iOS and Android/Kindle. You can also register Login with Amazon applications via the App Console on login.amazon.com.
If you’ve registered applications on both the App Console and the Developer Portal, and would like to manage them all in one place, please review our FAQ above.

What profile information can Amazon users share with me?

Customers can consent to share their name, email address, and ZIP Code when using Login with Amazon. If the customer uses Login & Pay with Amazon, they can also share their shipping address.


About Amazon Pay

What is Amazon Pay?

Amazon Payments is a service that provides customers with the ability to send and receive payments for goods or services by using the payment methods already stored in their Amazon.com account. To make a payment, they can use a credit card, bank account, or Amazon Pay Account balance. Amazon Pay is available for websites only. Learn more.

What is Login and Pay with Amazon?

Login and Pay with Amazon combines Amazon Pay with Login with Amazon. It allows hundreds of millions of Amazon buyers to login and pay on your website with the information already stored in their Amazon Payments account. It's fast, easy and trusted. It can help you add new customers, increase sales and turn browsers into buyers. Leverage the trust of Amazon to grow your business. Learn more.

How do I add Amazon Pay to my website?

Review the Amazon Pay documentation for step-by-step instructions.


Technical Questions & Troubleshooting

Does Login with Amazon use the OAuth protocol?

Yes, Login with Amazon uses the OAuth 2.0 protocol for authorizing access to customer profile data. More extensive documentation of our Oauth implementation is available in the Understanding Login with Amazon section of our Login with Amazon for Websites documentation.

Why does the Allowed Return URL for my website need to be secure (https)?

When you register your website for Login with Amazon, you’ll be asked to enter either Allowed Return URLs or Allowed JavaScript Origins. The Return URL protocol must be HTTPS. There is a security risk in allowing HTTP return URLs if you are using the Implicit Grant (learn more). A man-in-the-middle would have the ability to view Access Tokens passing between the redirect URL and the user's browser, allowing an attacker to illegitimately obtain customer profile data using those Access Tokens. If you do not have HTTPS available on your site, you can use the Authorization Code Grant to query Amazon's customer profile endpoint directly from your server. This communication will be over HTTPS and will be authorized with your client-ID and client-secret for authentication. There is sample code available in our Getting Started Guide for Web to show you how to use the Authorization Code Grant.
We highly recommend that sites that will have authenticated customer sessions also have the ability to communicate over HTTPS to avoid eavesdropping attacks which may result in credentials being stolen and replayed by an attacker. All secure data, including tokens, should pass over an HTTPS connection.

I’m seeing an error in the Developer Portal when I enter an Allowed JavaScript Origin: One of your Allowed JavaScript Origins is invalid.

Login with Amazon today supports origin URLs to be a combination of protocol, domain name and port (for example - https://www.example.com:8443, http://localhost:8080). One common reason for encountering this error is due to using an unsupported top-level domain. Login with Amazon currently supports all original, infrastructure, and country code top-level domains. If you need to register an unsupported URL for your application, please contact us for assistance.

I’ve added the Login with Amazon button to my website, but am getting an error when I click it: 400 Bad Request - the domain on which you are using the JavaScript SDK has not been whitelisted for your application.

The URL of the webpage that invokes the Login with Amazon JavaScript SDK needs to be listed as an Allowed JavaScript Origin in the Web Settings of your application. Open your security profile in the Developer Console, hover over the icon, select Web Settings, and then click Edit to add Allowed JavaScript Origins. Make sure the URL exactly matches the one that invokes the SDK, including the protocol (http vs https).