Amazon DevPay
Getting Started Guide (API Version 2007-12-01)

Product Activation


Amazon DevPay is not accepting new seller accounts at this time. Please see AWS Marketplace for information on selling your applications on Amazon Web Services.

Your product must go through a process of activation before each customer can use it. This process is part of the overall process products follow to work with Amazon DevPay (for more information, see How a Product Works with DevPay). This section describes how the product activates itself and obtains the required credential or credentials for the customer.

Prompt the Customer for the Activation Key

When the customer launches the product the first time, the product must get the activation key that Amazon provided to the customer during sign-up. The sample code presented here assumes that the activation key has already been obtained. For information about the different ways you can obtain the activation key, go to Desktop Product Activation or Web Product Activation in the Amazon DevPay Developer Guide.

Obtain the Credentials (Activate the Product)

The product now needs to make a REST-Query call to the License Service to obtain the required credential (for a web product) or credentials (for a desktop product). This is also known as activating the product. The request includes these items:

  • The customer's activation key

  • The product token

The response contains these items:

  • The customer's Secret Access Key and Access Key ID (for desktop products only)

  • The customer's user token

Your product must encode and securely store these items. For an example of one way to do it, see the FileCredentialStore class in the security directory of the sample code package.

Java (Desktop Product)

// Note that the generated License Service library expects to sign all // requests to AWS services. Because ActivateDesktopProduct is an unsigned // call, we pass dummy signing credentials. AmazonLSConfig config = new AmazonLSConfig(); config.setServiceURL(""); ActivateDesktopProduct action = new ActivateDesktopProduct(); AmazonLS service = new AmazonLSQuery("dummy", "dummy", config); ActivateDesktopProductResponse response = service.activateDesktopProduct(​action.withActivationKey(​activationKey_).withProductToken(​productToken_)); if (response.isSetActivateDesktopProductResult()) { ActivateDesktopProductResult activateDesktopProductResult = response.getActivateDesktopProductResult(); // if product is activated, get credentials into private variables if (activateDesktopProductResult.isSetUserToken()) { userToken_ = activateDesktopProductResult.getUserToken(); } if (activateDesktopProductResult.isSetAWSAccessKeyId()) { awsAccessKeyId_ = activateDesktopProductResult.getAWSAccessKeyId(); } if (activateDesktopProductResult.isSetSecretAccessKey()) { awsSecretAccessKey_ = activateDesktopProductResult.getSecretAccessKey(); } }

C# (Desktop Product)

// Note that the generated License Service library expects to sign all // requests to AWS services. Because ActivateDesktopProduct is an unsigned // call, we pass dummy signing credentials. AmazonLS service = new AmazonLSQuery("dummy", "dummy"); ActivateDesktopProduct action = new ActivateDesktopProduct(); action.ActivationKey = activationKey; action.ProductToken = productToken; ActivateDesktopProductResponse response = service.ActivateDesktopProduct(action); return new Credentials( response.ActivateDesktopProductResult.UserToken, response.ActivateDesktopProductResult.AWSAccessKeyId, response.ActivateDesktopProductResult.SecretAccessKey );

C++ (Desktop Product)

AWSQueryConnection conn; ActivateResponse *response = conn.activateDesktopProduct(activationKey, PRODUCT_TOKEN); userToken_ = response->userToken; awsAccessKeyId_ = response->awsAccessKeyId; awsSecretAccessKey_ = response->awsSecretAccessKey;

Ruby (Web Product)

user_token = LS::Service.activate_hosted_product(activation_key, product_token, access_key_id, secret_access_key)


You must design your web product to:

  • Recognize when Customer A logs in to your site

  • Use Customer A's user token (and not another customer's) when making Amazon S3 requests for Customer A