Resources for Developers Using Amazon's Product Advertising API
· Home  
· Search  
· Browse Nodes  
· Data Feed?  
· FAQs  
· One-Second Rule  
· PHP Examples  
· Tips for Associates  
· Tools  
· Understanding A2S  

Create a custom Amazon Associate Store in minutes with

Disappointed by and the Associates program?

Please consider

Shareasale manages affiliate programs for thousands of merchants. The site makes it easier to apply to programs and create links. And simple-to-use datafeeds are offered by most merchants.

Do I need to keep my AWS Access Key ID secret?

If you've signed up for Amazon's Web Services, you were issued an AWS Access Key ID and a Secret Access Key. The Secret Access Key is not used when making queries to A2S. It is only used with the Amazon Web Services that are not free. You must keep your Secret Access Key private if you are using any of the paid services. But, your AWS Access Key ID is not secret.

Your AWS Access Key ID appears in URLs when XSLT is used on Amazon's server and in the URLs returned by A2S. So, it is obvious that Amazon had no intention of the AWS Access Key ID being kept secret.

Although Amazon's AWS developers have not expressly stated it, the AWSAccessKeyID used in calls to A2S from an application should be the ID of the application's developer - not one assigned to the user. This would allow Amazon a way to identify and contact the developer if necessary (in fact, the IDs used in calls to the Associates Web Services were once called "Developers IDs").

If someone were to use your AWS Access Key ID to abuse the web services, Amazon would not block your access to the services based on the ID. They can't because the ID is not secret. Most likely, they would block access based on the offending IP address.

Copyright © 2020 by Roger Smith