Amazon DevPay
Developer Guide (API Version 2007-12-01)

Overall Authentication Process


Amazon DevPay is not accepting new seller accounts at this time. Please see AWS Marketplace for information on selling your applications on Amazon Web Services.

Much of the work required to make your product work with Amazon DevPay involves customer authentication. You product must integrate with the License Service, which provides your product with a user token for the specific customer. Your product then includes that user token and the product token when making a request for the Amazon Simple Storage Service on behalf of that customer. This enables Amazon to bill the customer for the usage of your product and the Amazon S3 requests the product makes.


Your DevPay product must create a separate bucket in Amazon S3 for each customer who buys and uses the product. Each DevPay product can create up to 100 buckets per customer. For example, a customer who uses three different DevPay products can have up to 300 DevPay buckets, plus any other buckets created outside of DevPay (i.e., those created with a personal AWS account).

Once your product has created a bucket and put objects in it, only your product can access that bucket and the objects in it. For more information about restrictions on data access, see Customer Access Stored Data.


It's your responsibility to design your web product so it can recognize each customer who returns to your site and retrieve the user token associated with that customer.

The process for customer authentication is described in the following diagram and corresponding steps.

				Web Product Customer Authentication

Overall Process of Authentication for Web Products

The customer signs up for the product by clicking the purchase URL you received during product registration. When the customer completes the purchase, AWS generates an activation key for that customer and makes it available to your server. For more information, see The Activation Key.

Your product sends an authenticated request to the License Service to activate itself and obtain a user token for the customer. The request includes the product token for your product and the activation key. For more information, see The Request for Activation.

Your product appropriately stores the user token it has received. For more information, see Storage of the User Token. Your product should associate the user token with the customer who is logged in to your web product.

Later, when the customer uses the product, the product makes an Amazon S3 REST request on behalf of the customer. In the process, the product retrieves and includes the customer's user token and the product token in the request. For more information, see Making Amazon S3 REST Calls with Web Products.


Amazon S3 requests that use DevPay must be REST requests or pre-signed URLs; SOAP requests are not supported for DevPay.

The product token is optional in REST requests if you have the new version of the user token that ActivateHostedProduct began returning after May 15, 2008. Pre-signed URLs must include this new version of the user token and should not include the product token.

The next sections give additional details about the process.