 | Feedback |  |
Your desktop product must go through a process of activation before each customer can use it. This process is part of the overall process desktop products follow to work with Amazon DevPay (for more information, see Overall Authentication Process).
Activation means the product contacts AWS with a key identifying the customer, and AWS replies with credentials the product must use when making Amazon Simple Storage Service requests for that customer. The credentials are valid only for your specific product and for the specific customer. The following sections describe how activation works.
To purchase your product, the customer goes through a purchase process, which starts when the customer clicks the purchase URL (for an example of what the customer sees during the purchase process, see Appendix: The Customer Purchase Experience). At the end of this process, the customer's browser splits into two frames. The top frame contains a confirmation for the purchase. The bottom frame contains the redirect URL you provided during product registration.
Also displayed in the top frame of the browser is an activation key that contains information identifying the customer and the product. The key looks similar to this: ADMAY7DVLJTWHJ76MMBMQYT5LATA.
Your desktop product needs the activation key in order to get credentials the product needs for that customer. The following table describes the typical flow for getting the key.
Process for Getting the Activation Key
1 | The redirect URL displays a download link where the customer can download your product. |
2 | The customer downloads and installs the product. |
3 | During the installation, the product prompts the customer for the activation key, indicating that it was displayed in the top frame of the browser window. The product also indicates that if the activation key is no longer available (if the customer closed the browser, for example), the customer can get a new key at the activate URL. |
4 | The customer pastes the key from the browser into the form your product provides. Or if the key isn't available that way, the customer clicks the link to the activate URL, logs in with an Amazon login, gets a new activation key, and pastes it into the form. |
Activation keys expire one hour after creation for security reasons.
![[Important]](images/important.png) | Important |
|---|---|
To successfully activate your product, the activation key your desktop product provides to AWS must be associated with the product token. In other words, do not provide an activation key that a customer obtained when signing up for some other product that uses Amazon DevPay besides yours. Your product should not store activation keys. |
Once the product has the activation key, it activates itself by requesting the License Service action ActivateDesktopProduct. The request must include the product token and the customer's activation key. The response includes the Secret Access Key, Access Key ID, and user token for the customer. The Secret Access Key and Access Key ID work only with AWS service calls associated with DevPay. They can't be used for regular AWS service calls.
No harm occurs if your product activates itself more than once. Each time the product activates itself, the License Service returns a new Secret Access Key, Access Key ID, and user token for the customer. There might be times when the product needs to reactivate itself (for more information, see Desktop Product Exceptions). You should design your product so that it can reactivate itself without requiring the customer to reinstall the product. In this reactivation case, the product should overwrite the old credentials with the new credentials received during reactivation.
You can also let a customer install your product on multiple desktops (for example, on a work computer and on a home computer). Each instance of your desktop product that the customer installs needs to activate separately and receive its own set of credentials to use when making Amazon S3 calls for the customer. Activating a second or third computer for a customer doesn't invalidate the credentials from the first computer's activation. The customer can use the same activation key for each computer, or different ones (the customer can get a new activation key at any time by going to the activate URL).
The requests to activate your desktop product do not require any special authentication (but they must be made over HTTPS). If you're creating both a desktop version and web version of your product, be aware that desktop products don't have to authenticate their requests for the License Service, but web products do (for more information about web product activation, see The Request for Activation).
Your product should encrypt and store the Secret Access Key, Access Key ID, and user token on the customer's file system.
| Important |
|---|---|
The Secret Access Key, Access Key ID, and user token that your product receives work only for a specific customer and a specific product. If your customer purchases more than one Amazon DevPay desktop product, there will be a separate set of credentials for each product. For example, if customer John Smith purchases DevPay Product A and DevPay Product B, there will be a set of credentials for John Smith associated with Product A, and another set associated with Product B. It doesn't matter if he bought both products from you or if one was sold by another vendor. You must design your products such that each product separates its credentials on John Smith's system from any other products' credentials. |
