Amazon Pay

Amazon Pay

Amazon Pay is a digital payment service that lets customers check out on third-party websites using their Amazon account credentials. Scripts load the Amazon Pay button and wallet widget, handle address and payment selection, and process transactions through Amazon's payment infrastructure. Stores session cookies to maintain checkout state and authentication.

Back to Vendor Library

Overview

Amazon Pay enables customers to check out on third-party e-commerce websites using their Amazon account, leveraging the shipping addresses and payment methods already stored in their Amazon profile. It appears as an alternative checkout button alongside traditional payment forms, reducing friction by eliminating the need for customers to re-enter payment and shipping details.

What This Script Does

Amazon Pay loads its SDK from static-na.payments-amazon.com (or region-specific equivalents: static-eu.payments-amazon.com for Europe). The SDK renders the Amazon Pay button and manages the checkout widgets — address book, wallet, and consent widgets.

The checkout flow operates as follows:

  1. Button rendering — The SDK renders the branded "Amazon Pay" button on the merchant's page
  2. Authentication popup — When clicked, a popup window opens to payments.amazon.com where the user authenticates with their Amazon credentials
  3. Address and wallet selection — After authentication, embedded widgets display the user's saved shipping addresses and payment methods for selection
  4. Order confirmation — The merchant's server receives a tokenized reference (Order Reference ID) for the selected payment method — not the actual card details
  5. Payment processing — The merchant's backend calls Amazon Pay APIs to authorize and capture the payment using the tokenized reference

Cookies set include:

  • Session cookies under the merchant's domain to maintain the checkout flow state (which step the user is on, selected address and payment method references)
  • amazon-pay-abtesting-ams-mango — A/B testing cookie for Amazon Pay's own button rendering optimization; short-lived
  • Authentication state cookies within the payments.amazon.com popup for the Amazon login session

The SDK contacts payments.amazon.com, api.amazon.com, and static-na.payments-amazon.com during the checkout process. All payment data is handled through Amazon's PCI-compliant infrastructure — the merchant never receives or processes raw card numbers.

Amazon Pay does not set advertising cookies, build retargeting audiences, or share browsing behavior with Amazon's advertising division. The data flow is strictly limited to payment processing and order fulfillment.

Consent & Compliance

Amazon Pay is classified as essential. It is a payment processing service — a core function that users explicitly invoke to complete purchases.

Under the GDPR, payment processing is justified under contract performance (Article 6(1)(b)). The user initiates a purchase and selects Amazon Pay as their payment method, making the processing of their payment and shipping data necessary to fulfill the contract. Amazon acts as a data processor for payment handling.

Under the ePrivacy Directive, the cookies set during the Amazon Pay checkout flow are strictly necessary for a service explicitly requested by the user. The session cookies maintaining checkout state, authentication cookies for the Amazon login popup, and the tokenized payment references all serve the payment processing function. Article 5(3) exempts them from consent requirements.

Under CCPA/CPRA, Amazon Pay processes personal information (shipping address, payment method references) solely for payment processing. Amazon's role is as a service provider for the transaction. No personal information is sold or shared for advertising purposes.

Should You Block This Without Consent?

No. Amazon Pay is a payment processing service explicitly initiated by users who choose it as their checkout method. Its cookies and scripts are strictly necessary for completing transactions. Blocking Amazon Pay would prevent customers from using their preferred payment method, harming the purchase experience without providing any privacy benefit.

Visit website

Consent Categories

Essential

Also Known As

Amazon checkoutAmazon Pay buttonAmazon WalletPay with AmazonAmazon payment widget

Industries

E-commerce and Shopping

Tracked Domains (2)

payments.amazon.comEssential
static-na.payments-amazon.comEssential

Frequently Asked Questions

Does Amazon Pay require cookie consent?

No. Amazon Pay is classified as essential. It is a payment processing service users explicitly choose at checkout. GDPR Article 6(1)(b) covers it under contract performance, and the ePrivacy Directive exempts its session cookies as strictly necessary.

What cookies does Amazon Pay set?

Amazon Pay sets session cookies on the merchant domain to track checkout flow state, A/B testing cookies such as amazon-pay-abtesting-ams-mango, and authentication state cookies within the payments.amazon.com popup. It loads its SDK from static-na.payments-amazon.com.

How does ConsentStack handle Amazon Pay?

ConsentStack classifies Amazon Pay as essential and does not gate it behind a consent prompt. The payment SDK loads freely. ConsentStack ensures the essential classification is not confused with Amazon advertising scripts, which require separate marketing consent.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Amazon Pay

ConsentStack automatically detects and manages Amazon Pay trackers so your site stays compliant with global privacy regulations.

Get started free