ThomasL1973
commented
1 year ago This is because your api role doesn‘t Allow you to receive PII Data like Name, Shipping Address, etc
Closed francescoz91 closed 1 year ago
ThomasL1973
commented
1 year ago This is because your api role doesn‘t Allow you to receive PII Data like Name, Shipping Address, etc
francescoz91
commented
1 year ago This are my roles:
They are correct? Or do I need to do something else?
Xriuk
commented
1 year ago You need to look in the roles of your Developer Profile, cause that's what becomes visible in the roles assignable to the app, if you don't have access to restricted roles personal information like names, addresses are not visible. That's Amazon...
francescoz91
commented
1 year ago I checked my developer profile and Amazon didn't approve the answers given to your questions about application security. Does anyone know roughly how to pass PII checks?
Describe the application or feature(s) you intend to build using the functionality in the requested roles :
Describe how your organization individually identifies employees who have access to Amazon Information, and restricts employee access to Amazon information on a need- to-know basis :
Describe the mechanism your organization has in place to monitor and prevent Amazon Information from being accessed from employee personal devices (such as USB flash drives, cellphones) and how are you alerted in the event such incidents occur:
Provide your organization's privacy and data handling policies to describe how Amazon data is collected, processed, stored, used, shared and disposed. You may provide this in the form of a public website URL :
Describe where your organization stores Amazon Information at rest and provide details on any encryption algorithm used :
Describe how your organization backups or archives Amazon Information and provide details on any encryption algorithm used :
Describe how your organization monitors, detects, and logs malicious activity in your application(s) :
Summarize the steps taken within your organization's incident response plan to handle database hacks, unauthorized access, and data leaks :
How do you enforce password management practices throughout the organization as it relates to required length, complexity (upper/lower case, numbers, special character) and expiration period? :
How is Personally Identifiable Information (PII) protected during testing? :
What measures are taken to prevent exposure of credentials? :
How do you track remediation progress of findings identified from vulnerability scans and penetration tests? :
How do you address code vulnerabilities identified in the development lifecycle and during runtime? :
Who is responsible for change management and how is their access granted? Please specify job title. :
they advised me to see here: https://sellercentral-europe.amazon.com/mws/static/policy?documentType=DPP&locale=eu
mehrdadsamadie
commented
1 year ago I am having the same issue but my role has these access already and used for MWS, any Idea?
Xriuk
commented
1 year ago I checked my developer profile and Amazon didn't approve the answers given to your questions about application security. Does anyone know roughly how to pass PII checks?
https://github.com/abuzuhri/Amazon-SP-API-CSharp/blob/main/PII_QA.md
smithburger
commented
1 year ago You are missing the direct to consumer role which is what grants PII. Getting access is rigorous. You would know if you requested and got it. PII in SP-API has nothing to do with PII in MWS>
abuzuhri
commented
1 year ago we going to close this since its permission problem only
Hi everyone. I'm testing the API thanks to this repository. I noticed that when I request an order with the Orders.GetOrders() function and both the single order Orders.GetOrderItems(), many fields are Null including the shipping address ones. I tried to ask Orders.GetOrderAddress() and it only returns: City, postalcode and StateOrRegion. Is there something I'm doing wrong?