fix(Amazon SP-API): Remove AWS IAM Credentials, Simplify Authentication Process#393
Open
Lyotoc wants to merge 2 commits intofrappe:developfrom
Open
fix(Amazon SP-API): Remove AWS IAM Credentials, Simplify Authentication Process#393Lyotoc wants to merge 2 commits intofrappe:developfrom
Lyotoc wants to merge 2 commits intofrappe:developfrom
Conversation
…on Process According to the latest practices for Amazon SP-API, API requests no longer require AWS Signature V4 signatures; authentication can be completed using only the access token obtained through LWA (Login with Amazon). This refactoring aims to simplify the user configuration process and align it with the officially recommended authentication method: Removed IAM ARN, AWS Access Key, and AWS Secret Key fields from the Amazon SP-API settings. Deleted all code logic for generating AWS Signature V4 signatures and removed the dependency on the boto3 library. Updated the API request authentication process to rely entirely on the x-amz-access-token request header. This significantly reduces the complexity for users when configuring the Amazon connector. BREAKING CHANGE: Removed support for AWS IAM credentials (IAM ARN, AWS Access Key/Secret Key). Users must update their Amazon SP-API settings as these fields have been removed. Authentication is now performed entirely through LWA (Client ID, Client Secret, Refresh Token) credentials.
thomasantony12
approved these changes
Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
According to the latest practices for Amazon SP-API, API requests no longer require AWS Signature V4 signatures; authentication can be completed using only the access token obtained through LWA (Login with Amazon).
This refactoring aims to simplify the user configuration process and align it with the officially recommended authentication method:
Removed IAM ARN, AWS Access Key, and AWS Secret Key fields from the Amazon SP-API settings. Deleted all code logic for generating AWS Signature V4 signatures and removed the dependency on the boto3 library. Updated the API request authentication process to rely entirely on the x-amz-access-token request header. This significantly reduces the complexity for users when configuring the Amazon connector.
BREAKING CHANGE: Removed support for AWS IAM credentials (IAM ARN, AWS Access Key/Secret Key). Users must update their Amazon SP-API settings as these fields have been removed. Authentication is now performed entirely through LWA (Client ID, Client Secret, Refresh Token) credentials.