Security settings
You can control several security aspects of your Amazon Payment Services account via the security settings page in the back office.
On this page you can generate and refresh the access code for your Amazon Payment Services accounts, set your SHA request and response phrases, and boost security by restricting requests to specific IP ranges or URLs.
Generating an access code
When connecting to the Amazon Payment Services API you must specify an access code in the request that you send. Each of your Amazon Payment Services accounts has a unique access code.
You can retrieve your access code on the security settings page, where you can also generate a new access code for your account if you need to do so.
Figure 1 Generating and retrieving an access code
Selecting the SHA type
Amazon Payment Services allows you to choose a hashing algorithm that meets your requirements. Currently, you can choose from SHA-256 and SHA-512, as well as HMAC-256 and HMAC-512.
You can switch your choice on the security settings page. You can also adjust your SHA passphrase for requests and responses on the security settings page.
Whitelisting by origin
You can boost security by restricting interactions with your Amazon Payment Services account to whitelisted servers, or whitelisted URLs.
First, by specifying a list of whitelisted IP addresses you can ensure that Amazon Payment Services will only respond to requests sent from the IP addresses in the Origin IP range.
Likewise, you can specify a list of URLs which ensure that Amazon Payment Services only responds to a request from a whitelisted URL -- the origin URL.
If you do not specify an origin IP address or an origin URL, Amazon Payment Services will examine requests coming from any IP address or URL -- subject to verifying the credentials submitted in the request.
Get in touch
Need help choosing the security settings that fit your business the best? Just get in touch with the Amazon Payment Services team -- email us at merchantsupport-ps@amazon.com.