This guide walks you through the process of creating a private Selling Partner API (SP-API) application. A private app allows you to access Amazon's SP-API to retrieve your own business data, manage inventory, process orders, and more.
By the end of this guide, you will have collected four essential credentials needed to authenticate with the SP-API: your App ID, Client ID, Client Secret, and Refresh Token.
Prerequisites
Before you begin, ensure you have the following:
An active Amazon Seller Central or Vendor Central account
Developer registration completed (for Sellers, this is through the Solutions Provider Portal)
Administrative access to your Amazon account
A secure location to store your credentials (password manager recommended)
For Vendor Central Users
Log in to your Amazon Vendor Central account
Navigate to Developer Central
Click "+ Add new app client" to begin creating your application
For Seller Central Users
Log in to the Solutions Provider Portal
Navigate to your developer applications section
Click to add a new application
ℹ️ Note: The app registration interface differs slightly between Vendor Central and Seller Central (Solutions Provider Portal), but the overall process and required steps remain the same.
App Registration
Complete the App Registration form with the following information:
App Name: Enter a descriptive name for your application (2-40 characters). This name helps you identify the app in your developer console. Example: "My Company Data Integration" or simply "Private"
API Type: Select "SP API" from the dropdown menu.
App Type: SP-API
Roles: Select the roles (permissions) your application needs. Each role grants access to specific API operations. The available roles vary slightly between Vendor and Seller accounts.
Always select "No, I will not delegate access to PII to another developer's application."
A Seller app in the Solutions Provider Portal will look like this:
Regardless of the variations in the user interface, or the location of the app creating, be it Solutions Provider Portal or Vendor Central, the process is the same to create the app.
Click "Save and exit" to create your application
Save and Record Your App ID
Your app will now appear in your application list
Locate and record your App ID - it follows the format:
amzn1.sp.solution.xxxxxxxxxxxxx
⚠️ Important: Store all credentials securely. Never share your Client Secret or Refresh Token publicly, commit them to version control, or include them in client-side code. |
Login with Amazon (LWA) credentials are required to authenticate your API requests.
In your application list, locate your newly created app
Click the "View" link in the LWA credentials column
A modal window will display your credentials
You will then need to view the client ID and client secret.
Record your Client identifier (Client ID) - format:
amzn1.sp.solution.xxxxxClick to reveal and record your Client secret - format:
amzn1.oa2-cs.v1.xxxxx
Note: LWA client secrets must be rotated before the displayed rotation deadline to avoid authentication failures. Learn more about rotating LWA credentials.
Next, you will need to created an authorization. Select the button drop down for the "Authorize" option:
Create Application Authorizations
Next, you need to create a self-authorization that generates a Refresh Token. This token allows Openbridge to connect to your private app to access your own Amazon data on your behalf.
To Authorize:
In your application list, locate the "Edit App" button dropdown
Click the dropdown arrow and select "Authorize"
You'll be taken to the Manage Authorizations page
Under "Add Authorizations," click "Authorize app" for the appropriate marketplace
Copy and securely store the generated Refresh Token.
💡 Multiple Marketplaces: If you sell in multiple regions, you can generate separate refresh tokens for each marketplace. Each marketplace authorization is independent and can be managed separately.
Summary: Your Credential Checklist
Upon completing this process, you should have collected the following four credentials:
Credential | Format | Where to Find |
App ID |
| Application list after creation |
Client ID |
| LWA credentials modal ("View" link) |
Client Secret |
| LWA credentials modal ("View" link) |
Refresh Token |
| Manage Authorizations page |
Verification Checklist:
App ID recorded and saved securely
Client ID recorded and saved securely
Client Secret recorded and saved securely
Refresh Token generated and saved securely
Secret rotation deadline noted in calendar
All credentials stored in secure password manager
Need Help? If you encounter any issues during this process, contact Openbridge Support or consult Amazon's SP-API documentation for additional guidance.
Troubleshooting
Developer registration is under review: If you see this message, your developer registration has not yet been approved. You won't be able to add production app clients until the review is complete. This typically takes 1-3 business days.
Cannot find LWA credentials: Ensure you've clicked the "View" link in the LWA credentials column of your application list. The Client Secret may be hidden by default—look for a "show" or reveal option.
Authorization button not appearing: Verify that you've saved your app successfully and that your developer registration is approved. Try refreshing the page or logging out and back in.
Need to access a different account's data: To authorize access to a different Amazon account, you'll need to log into that account and authorize the application from there. Look for the "sign in to that account" link on the Manage Authorizations page.