Amazon DevPay
Developer Guide (API Version 2007-12-01)

Overall Authentication Process


Amazon DevPay is not accepting new seller accounts at this time. Please see AWS Marketplace for information on selling your applications on Amazon Web Services.

Much of the development required to make your product work with Amazon DevPay involves customer authentication. Your product must integrate with the License Service, which provides your product with the necessary authentication credentials for the customer. Your product then uses those credentials and the product token when making a request for Amazon S3 on behalf of that customer. This enables Amazon to bill the customer for the usage of your product and the Amazon S3 requests the product makes.


Your DevPay product must create a separate bucket in Amazon S3 for each customer who buys and uses the product. Each DevPay product can create up to 100 buckets per customer. For example, a customer who uses three different DevPay products can have up to 300 DevPay buckets, plus any other buckets created outside of DevPay (i.e., those created with a personal AWS account).

Once your product has created a bucket and put objects in it, only your product can access that bucket and the objects in it. For more information about restrictions on data access, see Customer Access Stored Data.

The process for customer authentication is described in the following diagram and corresponding steps.

				Overall process for desktop products

Overall Authentication Process for Desktop Products

The customer signs up for the product by clicking the purchase URL you received during product registration, and as part of the process, the customer:

  • Logs in with an login (or creates a new login; note that this is a regular login and not an AWS developer account)

  • Signs up to use your product

  • Obtains an activation key required by your product

The customer downloads and installs your product.

As part of the installation, or immediately after, the product goes through an activation process:

  1. Your product obtains the activation key from the customer. For more information, see The Activation Key.

  2. Your product sends a request to the License Service to activate itself and obtain a Secret Access Key, Access Key ID, and user token for the customer. Your request includes the product token for your product and the customer's activation key. For more information, see The Request for Activation.

  3. Your product appropriately stores the credentials it has received so the customer can use the product seamlessly in the future. For more information, see Credential Storage.

Later, when the customer uses the product, the product makes an Amazon S3 REST request on behalf of the customer. In the process, the product retrieves and uses the Secret Access Key, Access Key ID, user token, and the product token for the product. For more information, see Making Amazon S3 REST Calls with Desktop Products.


Amazon S3 requests that use DevPay must be REST requests. SOAP requests are not supported for DevPay. Alternately, your desktop product could use Amazon S3 POSTs or pre-signed URLs to access Amazon S3, but for security reasons, we don't recommend you use those with a DevPay desktop product. For more information about those methods, see Query String Authentication with Desktop Products and Amazon S3 POST with Desktop Products.

The next sections give additional details about the process.