Skip to main content

API Key Management

All Marketplace Central APIs are managed by Cognito

  • Amazon Cognito Federated Identities issue short-lived AWS credentials using STS under an IAM role.
  • Amazon Cognito User Pools issue JWT tokens that are used to authenticate requests.
  • Because Cognito-issued credentials are automatically rotated and expire frequently (typically after 1 hour), long-term key rotation is not required for day-to-day operations.