Product Advertising API
Developer Guide (API Version 2013-08-01)
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.

Your AWS Identifiers

When you create an AWS account, AWS assigns you a pair of related identifiers:

  • Access Key ID (a 20-character, alphanumeric sequence)

    For example: AKIAIOSFODNN7EXAMPLE

  • Secret Access Key (a 40-character sequence)

    For example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

These are your AWS access key identifiers. If you don't remember your identifiers, you can view them at any time. For more information, see Viewing Your AWS Identifiers.

Caution

Your Secret Access Key is a secret and only you and AWS should know it. It is important to keep it confidential to protect your account. Never include it in your requests to AWS, and never e-mail it to anyone. Do not share it outside your organization, even if an inquiry appears to come from AWS or Amazon.com. No one who legitimately represents Amazon will ever ask you for your Secret Access Key.

The Access Key ID is associated with your AWS account. You include it in AWS service requests to identify yourself as the sender of the request.

The Access Key ID is not a secret, and anyone could use your Access Key ID in requests to AWS. To provide proof that you truly are the sender of the request, you must also include a digital signature. For all requests except those using SOAP with WS-Security, you calculate the signature using your Secret Access Key. AWS uses the Access Key ID in the request to look up your Secret Access Key and then calculates a digital signature with the key. If the signature AWS calculates matches the signature you sent, the request is considered authentic. Otherwise, the request fails authentication and is not processed.