PA-API v5 Retired May 15, 2026: What Changed for WordPress Affiliate Sites

What you will see now if your site is broken

The retirement is not graceful. The endpoint did not redirect to a new URL. It started rejecting requests with HTTP 401 and HTTP 403 responses some time after midnight UTC on May 15. If your WordPress affiliate site stopped showing Amazon products, you are most likely seeing one of three things in your error logs or in the plugin admin.

Front-end pages with product widgets will either render as empty containers, show a generic "no results" message, or display a stale cached snapshot until that cache expires. The first two symptoms are auth failures from the retired SigV4 endpoint. The third is what you see when an SDK still tries to hit a host or route that is no longer there.

Why this happened: Amazon's deprecation timeline just finished

Amazon announced the migration off PA-API v5 well in advance. The Creators API rolled out in 2024 with OAuth 2.0 authentication built on Login with Amazon (LwA), and the original Cognito flow used during the Creators API beta was itself retired earlier in 2026 in favor of LwA. May 15, 2026 was the published end-of-life for the SigV4 product data endpoint.

If you missed the email, you are not alone. The deprecation notices went to the contact address on the Amazon Associates account, and those addresses often point at an inbox nobody checks. The plugins that handled this quietly are the ones that already supported the new auth flow under the hood.

What to do today (pick your path)

Path A: You use PaapiPlugin

Open the plugin settings. If the "Authentication" tab shows Creators API credentials (a client_id starting with amzn1.application-oa2-client. and a client_secret), you are already on the surviving path and your site should still be returning products. If the tab still shows only Access Key / Secret Key fields from the old SigV4 flow, switch to the Creators API tab and follow the inline setup link. The v2.x release supports both auth flows side by side, so you can paste in Creators API credentials and the plugin will route new requests through Login with Amazon automatically.

Path B: You use AAWP

AAWP added Creators API v3 credentials support in v5.0.5 (February 2026). Update to the latest release (v5.0.6, April 2026), open the plugin settings, and switch the Amazon credentials section to "Creators API" mode. AAWP also operates its own optional paid API layer that lets you display products without your own product API credentials at all, which is a viable bridge if you do not yet have access to the Creators API.

Path C: You use AzonPress

AzonPress added Creators API support in v2.2.4 (March 2026). Update, then move your credentials over. AzonPress also includes a no-API mode for sites that have not been approved for product data API access yet.

Path D: You use Lasso

Lasso paid plans use a no-API Amazon image and price sync on Creator and higher tiers, so most Lasso sites were insulated from the retirement. If you are on the free tier and were syncing images with your own PA-API credentials, you will need to migrate those credentials to the Creators API or upgrade to Creator+ to use the no-API path.

Path E: You use AmaLinks Pro or EasyAzon

Both products are gone. AmaLinks Pro shut down on December 29, 2025. EasyAzon now redirects to AAWP. If your site still has either plugin installed and active, you are likely seeing the symptoms above plus stale data, since neither product is shipping fixes. The two natural migration paths are AAWP (curated product display) or PaapiPlugin (live on-site product search). Pick based on which job your site does.

Path F: You wrote your own integration

If you built a custom Amazon product data integration directly against PA-API v5, the work is bigger than swapping an endpoint URL. The Creators API uses OAuth 2.0 with Login with Amazon, the request signing scheme is different, and the scope you need to request on the token is creatorsapi::default. The error you will see if you forget the scope, or if you request a scope that your application is not approved for, is an invalid_client response from the LwA token endpoint. We have a deeper walkthrough of that error in our Creators API v3 invalid_client troubleshooting guide.

How to verify your site is still working

Once you have moved to Creators API credentials, do not trust the admin "test connection" button alone. That button validates the token exchange, not the product data path. Run through this four-step check:

1. Open your live affiliate page in an incognito window. Confirm that product widgets actually render with current pricing, not a stale cached snapshot.
2. Search for a product that is unlikely to be in your cache. If it returns a result, your live search path works.
3. Open browser DevTools and check the Network tab for any 401, 403, or 5xx responses from your plugin's product endpoint.
4. Click an affiliate link and confirm the destination URL still carries your Associate tag. The auth migration does not change tag handling, but it is the kind of thing worth verifying when you are already in there.

What changed under the hood

The mechanical changes are worth understanding so you know what your plugin is doing on your behalf, even if you never touch the auth code yourself.

• Auth provider: moved from AWS SigV4 (Access Key + Secret Key + region) to Login with Amazon (OAuth 2.0 client credentials grant).
• Credentials: Access Key / Secret Key pairs are replaced by a client_id (begins with amzn1.application-oa2-client.) and a client_secret issued through the Creators API onboarding flow.
• Token scope: requests must include scope=creatorsapi::default when fetching an access token. Wrong scope or unapproved scope returns invalid_client.
• Endpoint host: moved from webservices.amazon.{tld} (the PA-API v5 host) to the Creators API host on each marketplace.
• Request shape: Creators API v3 uses REST-style resource paths and a bearer token in the Authorization header. The old PA-API v5 SDK request bodies do not transfer one-for-one; operation names and resource lists changed.
• Earlier Cognito flow: the original Creators API beta used Amazon Cognito for auth. That flow was already deprecated in favor of LwA before May 15. If you onboarded during the beta, make sure your credentials are LwA-format, not Cognito.

For a full side-by-side of the two APIs and a worked migration walkthrough, see our Creators API vs PA-API v5 guide. For the longer-form explainer on what the migration meant in the months leading up to today, see our earlier post on whether your affiliate plugin was ready.

Frequently asked questions