Requirements for accessing SP-API


#1

I’m a software developer, and I have a potential client who is a Amazon seller, to integrate their office systems with Amazon sales data via SP-API.

The Amazon website is very unclear as to what I type of account I personally need to do be able to do this. Do I need to set myself up as a seller (even though I won’t be selling anything through Amazon myself)? Should my client me adding me as a user? Do I just ask them to generate whatever auth codes are needed (I haven’t looked at the API itself yet) and never need to log in to Amazon myself?


#2

This depends on whether you want to make software that is specific to that seller and not transferable, or if you want to publish it for other sellers to be able to use.
You can EITHER authorise each API call using your developer key plus the seller’s token, OR you can authorise it using the seller’s developer key (not sure if you also need a token for this).
Developer keys expire if not used for a long period (used to be 6 months but I believe it’s now 3?), reactivating them requires you to re-do the application process.

In order to apply for a developer key, you need to be a seller on a professional plan (£25 per month).
The application process can take several months, especially for development related to orders, as customer data is involved you have to show that you understand how to properly secure/encrypt the data.
The seller also need to be on a professional plan in order to obtain a token, there is no waiting period when obtaining one. The token expires every 12 months, if you renew it before it expires it won’t change, if it expires before you renew it a new one will be generated, so you’ll need to make sure it can be swapped and don’t hard-code it in.

As an aside, Amazon DO NOT have any sort of sandbox or test environment, so you will need to test your code using live data, which is not an ideal situation.


#3

That’s true for MWS but I believe there is a sandbox for SP-API


#4

I wasn’t aware there was that much difference between the two, just took a look at the SP-API and it looks like the instructions for registering direct you to the MWS developer application screen, but yes it indicates that it has a sandbox available.

The instructions are here: https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md#registering-as-a-developer

Just to addthis since I assume the OP isn’t that aware of how Amazon works:
there are references to Amazon “sellers” and “vendors”, sellers are normal Amazon sellers that use seller central to sell directly to customers.
Vendors use a separate website called vendor central and usually supply products directly to Amazon. (or sometimes drop-ship them to customers)


#5

Thanks for the help! Far more straight-foward answers here than from Amazon themselves!

This depends on whether you want to make software that is specific to that seller and not transferable, or if you want to publish it for other sellers to be able to use.

At this point, it would be bespoke code to be used for one seller only. Whether the skills I gain and/or the code I write then has wider utility I don’t know but from the comments here it sounds like I should assume it won’t be transferable, at least for now.

You can EITHER authorise each API call using your developer key plus the seller’s token, OR you can authorise it using the seller’s developer key (not sure if you also need a token for this).

OK, so I’m definitely looking at using the seller’s dev key.

The seller will probably need me to provide some guidance as to setting this up - what do I need to tell them?

Presumably, once I have the tokens, I just pop them info my auth code and get on with things - Amazon doesn’t need to know I exist?

Just to addthis since I assume the OP isn’t that aware of how Amazon works:
there are references to Amazon “sellers” and “vendors”, sellers are normal Amazon sellers that use seller central to sell directly to customers.

You are right that this distinction wasn’t on my radar. I will need to check which classification they fall under. What are the implications for API usage?

Vendors use a separate website called vendor central and usually supply products directly to Amazon. (or sometimes drop-ship them to customers)

From this, they sound far more likely to be a vendor. (If I know a product they sell, can I determine which they are as a normal Amazon end user by looking at the product or seller page? From what I can tell items appear as “sold by Amazon” rather than by a third party, if that’s the distinction.)

Regarding sandboxes - I had hoped there’d be something so it’s positive news that the newer API supports this. But in practice everything I am looking to do will be read-only (sales data extracts), never writing back to Amazon, so this is less of a concern than it might otherwise be.


#6

You have to get approved by Amazon first to get the dev tokens. There is a significant questionnaire to fill in first and Amazon then approve your application based on your answers. If your application is going to be accessing customer data then this is quite a stringent process to get through which can take months


#7

You have to get approved by Amazon first to get the dev tokens. There is a significant questionnaire to fill in first and Amazon then approve your application based on your answers. If your application is going to be accessing customer data then this is quite a stringent process to get through which can take months

In this case though, surely it would be the customer seeking this approval, not me? That is, I would contract my services to the vendor*, who would themselves apply for dev access to their own data.

If this takes a few months it’s a nuisance, but not a huge problem - the data I need can be downloaded in CSV anyway so I can work with that and add the final link if/when API access is granted. I just need to advise the vendor as to the appropriate steps to take.

(I’m assuming vendor at this point, not yet confirmed though.)


#8

They could do that certainly. But they would need to have the technical knowledge to complete the questionnaire. Example of a question: “Summarise the steps taken within your organisation’s incident response plan to handle database hacks, unauthorised access, and data leaks.”

They can start the application process through seller central


#9

They could do that certainly. But they would need to have the technical knowledge to complete the questionnaire

Oh, OK. I get that security is important, but there seems to be a big mismatch here between the requirements for downloading a CSV manually onto their own laptop, and for the ability to essentially automate that download (which is all we need). After all, in both cases, the data ends up on their hardware, and the automated route is less likely to be running on hardware that might get left on a bus!

I suspect we might end up with a process that starts after they download the CSV, rather than one which completely automates it, but I can see how they respond.


#10

There’s a form to fill in which includes a few tech details, you can see the full form here: https://drive.google.com/file/d/1ZfN5sBCpXaprUKRvRVEksacB1eaFSPoT/view?usp=sharing
(had to save as PDF because it wouldn’t screenshot the full page for some reason…)
Note: this is the form for registering through seller central, the vendor one may be a little different, especially since vendors don’t usually have access to customer details (unless they’re registered as a drop-shipper, which is fairly rare).

Exactly, as far as Amazon is concerned the app would be developed by the company you’re working for, not yourself.
If you plan to do similar work for other clients, it would be simpler if you registered as a developer yourself, however last time I looked into this you needed to have a pro seller account, which has a monthly sub (£25 per month ex VAT iirc), this might be a little different for vendors.

There’s two seperate application processes for each of them, I’m unsure as to whether you get full API access from either or whether you only get limited access, depending on what the aim of your app is, you may need to perform actions that are usually specific to sellers (particularly related to product pages and advertising) AND actions specific to Vendors, which makes me think you’d need to apply for both (as per the above form, you have to choose which parts of the API you want to access, with some requiring you to prove security measures/etc., there’s no vendor stuff on that specific form).

Yes, that would mean they’re using Vendor. (double-check that they don’t appear as an additional seller)

If you applied yourself, you wouldn’t need to re-apply for any future dev work.

Officially, you are not allowed to “store” any customer data outside of Amazon, except where it’s needed during the fulfilment process (i.e. shipping) or it’s legally required you do so (i.e. for tax stuff).
You are supposed to download -> process -> delete.
That applies to both the CSV and API downloads.
But yeah, pretty sure no-one has ever complied with that… :upside_down_face:
If you only need vendor sales reports, which shouldn’t have any customer data on them, it should be a fairly simple application, but the same reports for a seller have detailed customer info, so would be a harder application.

At the very least that would be a sensible starting place while waiting for the dev application to be accepted, you could set our your code such that the data from the CSV can easily be replaced with data from the API and the actual processing remains the same.