Status of request for PII for direct to consumer shipping

[naaitsabes]

Good day everyone,

I hope someone can help us with our request for more information. We applied for restricted access API functions, to allow our customers to ship directly to consumers from our dashboard. We answered all of the questions regarding our security policy, data policy and network protection measures. We got this as a response:

"All developers who want to build a publicly available application with Restricted SP-API roles must go though an Architecture Review with our Solutions Architect team. This will require a demo (e.g. through screen share) of your application’s data flows and further review of your data protection controls over Personally Identifiable Information (PII). Please continue to monitor this case as a member of our team will reach out to you to schedule this assessment."

Can anyone give any insight into the expected time frame they might be getting back to us in? Also, how extensive is the review (do they need to see code or just visually follow the flow of data in our application)?

One final point I would be very interested in is does the Solutions Architect give any more information if they approve or reject our application after this video call?

So mostly we are just curious about the time frame and I do not seem to be able to find information regarding this process in any other place so I thought I would try it here.

Kind regards,

Mediana Software

[tspicer]

We have gotten a similar response in the past couple of days. Hopefully, this process will be documented to us more clearly so we can understand how much exposure to internal systems will be needed.

[hkncnr07]

Hi,

Your is your request for accessing PII for direct to consumer shipping approved? How long did you wait for approval? We are trying for that approval since 3 months and still couldnt.

Thanks

[naaitsabes]

Hello,

We still have not received the invite to video call with the Amazon Solutions Architect Team. If anyone can provide insight into when this might happen we would be very grateful.

Kind regards,

Mediana Software

[hkncnr07]

Hello,

Have you ever received a response like that?

"Thank you for your response.

We have completed our assessment and have determined that you do not meet the requirements for Restricted SP-API. To protect Amazon Customers, we only consider sharing Customer data (“Restricted access”) with third party Developers that offer features that are materially different from existing applications. The Developers that meet these criteria must then go through rigorous security reviews with Amazon.

No changes have been made to your SP-API access at this time"

Thanks

[chadwixk]

@hkncnr07 that is similar to the response we got. Not sure why limiting app competition is in the best interest of the sellers. Upon asking for clarification (as they did not do any functional analysis on exactly what our app does), they replied with the same exact response :(

[zoborg]

@naaitsabes - did you ever get a response?

[naaitsabes]

No we are currently still waiting for a response. We have made another ticket in what might be another contact service but up until now we did not get a response there yet either.

[zoborg]

@naaitsabes - thanks, would you mind keeping this thread posted... we are in the same boat!

[misterakko]

See also this case

[MojoManager]

Hi,

SP-API Developer Profile Update : Restricted Access Request Case ID 7287202882

We also experiencing the same problem with regards to getting access to the Direct-to-Consumer Delivery(Restricted) API. Any help to get approved and access to the SP-API

Thank you for your response.

We have completed our assessment and have determined at this point in time that you are not eligible for Restricted SP-API access to build a publicly available application. While we appreciate your submission, we reserve Restricted SP-API access for developers that represent the greatest benefit to Amazon Customers and Selling Partners. As our Marketplace Appstore and your application evolve, you may reapply for this access in the future.

No changes have been made to your SP-API access at this time.

Please advise

Many thanks Mojo Manager

[WebDevSand]

Hello,Nice to meet you when updating developer profile for PII,I am getting reponse as follow -------------Amazon--------- Thank you for updating your Amazon Selling Partner API (SP-API) Developer Profile. We have completed our assessment and have determined that you are not eligible for an update to your access to the SP-API Restricted roles. Please read this message carefully and review the Case Appeals section below if you would like to appeal this decision.

We have identified the following areas that do not meet the requirements set forth in the Acceptable Use Policy and Data Protection Policies, please refer to the links provided below and look for the information for each corresponding Policy link:

RDA - Restricted Data Access

https://sellercentral-europe.amazon.com/mws/static/policy?documentType=DPP&locale=en_GB

Asset Management 2.3. Encryption at Rest 2.4 Data Retention 2.1 Secure Coding Practices 2.5 No changes have been made to your SP-API access at this time.

[WebDevSand]

please check detail via this doc https://docs.google.com/document/d/1tAEZMe2fB-RrSqE8Nat2TGkFMeFLzBiFnwWVagDTk4k/edit?usp=sharing

[github-actions[bot]]

This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.

[misterakko]

This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.

Yes, this is still very much an issue, but it's not something that can be fixed with software. Amazon should step up its game, embrace GDPR, strengthen its internal security team and start reading the damn messages we send their way. Currently they are doing none of that — especially not the latter. I vote to close the issue here on GitHub and leave the thread visibile as a warning to future developers embarking in this.

[github-actions[bot]]

This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.

[github-actions[bot]]

closed for inactivity