amzn / selling-partner-api-models

This repository contains OpenAPI models for developers to use when developing software to call Selling Partner APIs.
Apache License 2.0
612 stars 736 forks source link

App Draft State Question Answered && How to get Approval for Marketplace Appstore and Website Workflow production auth flows && Request for Documentation Update. #726

Closed charliecode closed 3 years ago

charliecode commented 4 years ago

Below are some concise answers to questions multiple developers have been inquiring about, obtained directly from Seller Support. This is also a request to have better explanations in the documentation for the below matters, which are either very vague or missing completely.

In Developer Central why is the status of my app "Current edit is saved as draft" and what does that mean for development?

The reason your apps status in Developer Central is "Current edit is saved as draft", is because your app has not been approved by Amazon for production and published to the Marketplace appstore. This means you'll only be able to test the Marketplace Appstore workflow and Website workflow authorizations, which involves adding the "version=beta" param to the url, as stated in the documentation. If you remove the "version=beta" param from the url (which would make it the production flow) it will fail until your app has been approved by Amazon and published on the Marketplace appstore.

How can I get approval and publish my app to the Marketplace appstore, therefore taking my app out of draft state?

To publish your app, once your app is completed, you will need to initiate the Marketplace appstore approval flow in Developer Central. Find your app in Developer Central, click the arrow next to "edit app". A popup appears. Click "Add Listing". Fill out the form. This will start the process for the app to be reviewed and eventually published if it gets approved.

Do I have to publish my app on the Marketplace appstore? Can't I just do like I did with MWS and only make it available from my website?

Currently it appears you have to get approval by having your app published on the Marketplace appstore. Because until your app has been approved and published on the Marketplace appstore, your production (no version=beta param in url) Website workflow authorization will not work. This is according to Seller Support. This is where it would be great to have someone from Amazon clarify things as this is a big difference between MWS and the new SP-API.

The exact explanation the Seller Support engineer sent to me is stated below for those who could further benefit from it.

"Let me give you a summary of the whole process, I would suggest you to get a basic idea of it with this and reinforce by going through the dev guide again here https://github.com/amzn/selling-partner-api-docs/blob/main/guides/developer-guide/SellingPartnerApiDeveloperGuide.md

Once you create the app, it will show in your developer portal as a draft since that state is only for development and testing, that's the reason why you need to add "&version=beta" as it will look for the testing version of the app (testing environment = draft app). Once your app is completed and ready for the production environment, you can submit it and it will be reviewed to be published (production environment = published app). After it gets approved and published, you can remove the "&version=beta" for it to point to the production version.

From the documentation: "When you have finished testing the workflow, update it so that it no longer adds the version=beta parameter to the OAuth authorization URI in Step 1. The seller initiates authorization from your website. This makes it a production workflow. Now any seller can authorize your published application starting from your own website."

To publish your app, you will need to initiate the appstore flow in the developer console > Actions > Add Listing. This will start the process for the app to be reviewed and eventually published if it gets approved."

parvathm commented 4 years ago

@charliecode Thank you for taking time and summarizing the answers here for the benefit of other developers. We are working to clarify these in the developer guide.

Thanks, Parvathm Amazon MWS Support.

jbyte2009 commented 4 years ago

I am creating an app for a fulfillment center. I do not have any intentions to publish the app in seller marketplace. The app I am creating is a C# Console application that gets orders from the SP-API, acknowledges, and ship confirms. Then, I take these orders and push them to a warehouse management system to process orders for company's client. This was accomplished through the Marketplace web service and was great. I read in the home page of the developer area that soon they will remove MWS and replace it with SP-API. This would be an issue for me.

charliecode commented 4 years ago

@jbyte2009 Will you be using the manual Self Authorization to authorize or will you need to automate authorization on behalf of other Selling Partners via Authorizing Selling Partner API applications?

shuaiys commented 4 years ago

thank you , thats helped me

rickdeee commented 3 years ago

We updated the Developer Guide to improve the "Marketplace Appstore workflow" and "Website workflow" sections, and added a new "OAuth authorization URIs" section. This should address the problems people were having testing their authorization workflows in draft status.

Thanks, Rick

charliecode commented 3 years ago

@rickdeee Thanks a bunch to you and everyone else at Amazon who played a part in making this more clear for us. We appreciate it! Issue closed.

rickdeee commented 3 years ago

@charliecode Thanks for bringing this problem to our attention so we could improve our documentation!

cristoper commented 3 years ago

Thanks for working on the documentation, @rickdeee. But I think I have the same question as @jbyte2009 above and probably many other developers: If I'm developing an app for a single client, then in order for them to authorize my app (outside of draft mode) I must list my app in the marketplace, is that correct? Even if it will never be used by anyone but my one client? Or, is it possible to convert a draft spapi_oauth_code into a refresh_token and therefore never need to take an app out of draft mode?

charliecode commented 3 years ago

Hello @cristoper. If it's only a single client using the app it appears using the Self Authorization may be a better option for you. Then you could bypass all the other flows and get to coding super fast. The Marketplace Appstore and Website workflows are more geared toward having an unlimited number of customers using your app.

cristoper commented 3 years ago

Using self authorization is the route I would prefer (and it is how I am developing/testing my app using my own account currently), but I was under the impression that developers should have their own professional seller account and not use client's account to develop/deploy apps. If anyone has seen clarification on this from Amazon anywhere, I would appreciate a pointer!

charliecode commented 3 years ago

@cristoper I'm not sure I've read direction about that anywhere, anyone can correct me if I'm wrong. I believe this has more to do with the arrangement you have with your client, especially if you're creating it on their behalf and being paid for it. If you're developing an app with your own money and going to "license" the use of it out to a client, I can see the advantage of having everything within your own "developer account" and getting authorization to get their data via the aforementioned workflows. However, if you're getting paid to develop the app for a client with the intent of only them using it, then having your own seller central account for development purposes is not necessary at all, as you can make all API calls necessary for them via their own Self Authorization. Most clients paying for this type of development are going to prefer this as well so you don't have sole authority over the IP they paid you to create.

rugved1991 commented 3 years ago

We updated the Developer Guide to improve the "Self Authorization" sections, and added information about apps in draft status. @charliecode You are right about using self authorization when developing an app for just one client. If a seller doesn't have the technical resources to build an app of their own, they can contact a developer tp build a solution just for them. In this case, the developer would use the seller's Seller Central account and create an app to make requests to the same Seller Central account. If you are a developer building a solution for multiple sellers, you should have a Seller Central account of your own and create app on your account. The developer should then follow the Website workflow or Marketplace workflow for authorizing multiple sellers.

Thanks, Rugved Selling Partner API Support

cristoper commented 3 years ago

Thank you @rugved1991 and @charliecode for helping to clarify these points.

charliecode commented 3 years ago

@rugved1991 Thank you for clarifying that. As a side note: In the event a developer does not use self authorization I'm under the assumption they would need to setup the Marketplace Appstore workflow by default, whereas the Website workflow would appear to be a choice. The reason being, in order to get your app out of draft state you have to submit for approval to have your app listed on the Marketplace Appstore. If your app is listed on the Marketplace Appstore is seems you would need to have the Marketplace Appstore workflow done by default. I ask because in the last sentence of your answer you said "The developer should then follow the Website workflow or Marketplace workflow for authorizing multiple sellers." Thanks for the clarification!

definedfunctions commented 3 years ago

I am attempting to write a script for a simple data pull on behalf of just one client, and because I am only approved for the SP-API and not MWS I've had to create an application and request a listing on the Marketplace Appstore in order to initiate the Website workflow and gain access to the seller's account.

I'm getting zero help from Amazon Seller support so am hoping someone here can assist -- How long should it take for the app to be approved so that I can actually start pulling data from the client's account?

When applying for application approval I pointed out that the app would only be used by a single client. I can't tell if that's going to help or hurt how long it takes for it to be approved.

\\\

Tangent that you can feel free to ignore but I can't help but add:

You are right about using self authorization when developing an app for just one client....In this case, the developer would use the seller's Seller Central account and create an app to make requests to the same Seller Central account.

I was surprised to read this suggestion after coming across multiple warnings against using the credentials of another seller account in order to build something on their behalf. This was the entire reason why I went through the trouble of creating an Amazon seller account for the sole purpose of pulling data for a single client. I initiated my Developer registration back in October and per this comment have yet another hoop to jump through in order to write any code, but feel like I'm too far down the rabbit hole to ask my client to register as a developer so that I can write the data pull from their account.

cristoper commented 3 years ago

@definedfunctions, have you heard back about your application yet? I originally submitted my app to the marketplace and heard back within 3 weeks saying that I couldn't use "Amazon" in the name because of trademark concerns, but at that point I found this thread and decided to switch to using self-authorization via my client's seller account and didn't pursue the marketplace route further.

jimmy-ross-xapix commented 3 years ago

does anyone know what the average/expected wait time is for getting your app approved for the marketplace? (assuming everything was filled in ok)

ytcitsupport-jlin commented 3 years ago

@charliecode In the case of using Self Authorization with draft application, it should works fine right?

charliecode commented 3 years ago

@ytcitsupport-jlin Yes, if you are using self authorization you'll have everything you need to make API calls even in draft state.

ytcitsupport-jlin commented 3 years ago

@charliecode thanks for prompt response. I setup the IAM of application and get the LWA client id and secret. Self Authorize and get the refresh token. using those with sandbox environment. But I always get unauthorized response from sp-api.

Do you have any idea or hint of what might causing this issue?

charliecode commented 3 years ago

@ytcitsupport-jlin Not off the top of my head. Getting stuff to work is quite nuanced for the SP-API. Debugging is much quicker if you can post some code.

ytcitsupport-jlin commented 3 years ago

@charliecode Sorry for the late reply

I'm currently using this package (amazon-sp-api) to test my sp-api connection.

const SellingPartnerAPI = require('amazon-sp-api');

(async () => {
try {
    let sellingPartner = new SellingPartnerAPI({
        region: 'fe',
        refresh_token: '[MY SELF AUTH REFRESH TOKEN]',
        options: {
            credentials_path: "./credentials",
            auto_request_tokens: false,
        }
    });
    await sellingPartner.refreshAccessToken();          \\ call 'https://api.amazon.com/auth/o2/token'
    await sellingPartner.refreshRoleCredentials();        \\call https://sts.amazonaws.com

    let access_token = sellingPartner.access_token;
    let role_credentials = sellingPartner.role_credentials;

    console.log(access_token);      // GET "Atza|IwEBILd-****"

    console.log(role_credentials);      //GET {id: "", secret: "", security_token: ""}

    let sellingPartnerNewInstance = new SellingPartnerAPI({
        region: 'fe',
        refresh_token: '[MY SELF AUTH REFRESH TOKEN]',
        access_token: access_token,
        role_credentials: role_credentials
    });

    let res = await sellingPartnerNewInstance.callAPI({
        operation: 'getMarketplaceParticipations',
    });

    console.log(res);

} catch (e) {
    console.log(e);
}
})();

The callAPI will call the api https://sellingpartnerapi-fe.amazon.com/sellers/v1/marketplaceParticipations

Request body

{ method: 'GET', url: 'https://sellingpartnerapi-fe.amazon.com/sellers/v1/marketplaceParticipations', body: null, headers: { Authorization: 'AWS4-HMAC-SHA256 Credential=ASIAYRSSVF3W4G3JURP4/20210614/us-west-2/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-date, Signature=ae342bf2c2fb22374f0e42975d4ad51ea1498e4514536b7c474b24f91e863c42', 'Content-Type': 'application/json; charset=utf-8', host: 'sellingpartnerapi-fe.amazon.com', 'x-amz-access-token': 'Atza***', 'x-amz-security-token': 'Fwo***', 'x-amz-date': '20210614T164830Z' }

This is response

{ body: '{\n' + ' "errors": [\n' + ' {\n' + ' "message": "Access to requested resource is denied.",\n' + ' "code": "Unauthorized",\n' + ' "details": ""\n' + ' }\n' + ' ]\n' + '}', chunks: [ <Buffer 71 *** 91 more bytes> ], statusCode: 403, headers: { date: 'Mon, 14 Jun 2021 16:48:28 GMT', 'content-type': 'application/json', 'content-length': '141', connection: 'close', 'x-amzn-requestid': '4e860cc4-a860-48b3-aed9-29cece3b303d', 'x-amzn-errortype': 'AccessDeniedException', 'x-amz-apigw-id': 'A7I-cHuJvHcFR4Q=' } }

charliecode commented 3 years ago

@ytcitsupport-jlin I built my own SDK and have not deeply familiarized myself with the package you mentioned. I found it lacking for my needs and missing key aspects I think are important in an SDK for the SP-API. I would encourage you to post the issues you're having with the package, in that packages repo.

ytcitsupport-jlin commented 3 years ago

@charliecode Is it possible to change IAM ARN of the seller central application?

NancyLin commented 3 years ago

@parvathm Our application only wants to be used by our own seller account, and does not want to be used by a third party, then can the application not be published and used in a draft state?

I've managed to successfully configure, on one of the Seller accounts (SELLER_1), the new SPApi integration. I followed the Self Authorization workflow and I am now able to correctly authenticate and perform API calls on SELLER_1.

I am now trying to use the same developer account and the same app to perform SPApi calls on a different SELLER_2, using the Authorization API. our OAuth Authorization URI has the flag version=beta as it is our draft application that is being authorized by the seller accounts.

Can I keep the app in a draft state without publishing it?

burfbari commented 3 years ago

does anyone know what the average/expected wait time is for getting your app approved for the marketplace? (assuming everything was filled in ok)

@jimmy-ross-xapix did you find any answers to your question?

gokigoks commented 3 years ago

Our app is published however, it also says the current edit is in draft. The full status is "Published Current edit is in draft" state. It's left us very confused but I think our sp-api conversion is on draft as I can't get our Authorization API to work.

Also, only 'edit listing' is shown, and not 'add listing' on the drop-down beside 'edit app'.

Please help me.

jamesaq12wsx commented 3 years ago

@gokigoks Did you relist your app? You should click "Edit Listing" cause you probably already list your app before. You have to relist you app and the status should change to something like "You app is currently under audit" or some processing status. And you couldn't edit the app until the process is done. It should take 10 business days to audit and 10 business days to list.

gokigoks commented 3 years ago

Thank you very much @jamesaq12wsx. I did see the 'edit listing' option but was confusing it with the 'edit app' as they seemed similar. I can't thank you enough for the guidance. We'll go ahead and try to process that now.

sidrafarooq commented 2 years ago

Hi after creating a new SP API client with in sellercentral for self authorized application, not able to click on authorize button, seems like its not working. So after creating a new SP API client after how many days the authorize button is going to work to create a refresh token? and for how many days this refresh token will be valid ?

stefnats commented 2 years ago

@sidrafarooq to answer your second question: it's valid for 12 months. You can check for yourself in seller central when you see your seller accounts' granted applications.

sPaCeMoNk3yIam commented 2 years ago

@gokigoks Did you relist your app? You should click "Edit Listing" cause you probably already list your app before. You have to relist you app and the status should change to something like "You app is currently under audit" or some processing status. And you couldn't edit the app until the process is done. It should take 10 business days to audit and 10 business days to list.

We are currently thinking of adding redirect urls to our already listed app and are afraid when we need re-list our app, it will have a downtime during audit. Anything known about this state? Will the old listing continue to work?

lenn-mark commented 2 years ago

In our case,

  1. The application is public and published.
  2. The application is saved as "hybrid app"
  3. All functionalities, including PII works properly with the parameter version=beta
  4. But when we click "Authorize Now" button on sellercentral, it redirects MWS instead of SP-API. When we get "version=beta" back, it works again.

There is an endpoint on sellercentral, which is _/apps/apis/cloudauth/oauth/applications/amzn1.sellerapps.app.****/authInfo?applicationstage=published

and this enpoint returns the key "permissions" as "null" also response does not contain "oauthInfo" key in "authorizationInfo" object.

When i compare the responses with the ones that works properly, i found these differences. Maybe it can help SP-API team to find potential bug. I'm also not sure about that it's bug or not...

I just would like to share If there's someone who face the same problem with us.

Thanks for the detailed explanation and your effort.

ulandj commented 2 years ago

Thank you very much @jamesaq12wsx. I did see the 'edit listing' option but was confusing it with the 'edit app' as they seemed similar. I can't thank you enough for the guidance. We'll go ahead and try to process that now.

Hi @gokigoks , did re-listing your app help to publish it properly? i.e. have you achieved to make your app status as Published instead of Published Current edit is in draft? I have the same status in my app and authorization url without version=beta does not work properly. Can you please share your experience? Thanks

gokigoks commented 2 years ago

Hi @gokigoks , did re-listing your app help to publish it properly? i.e. have you achieved to make your app status as Published instead of Published Current edit is in draft? I have the same status in my app and authorization url without version=beta does not work properly. Can you please share your experience? Thanks

From our experience, I believe our App worked even without it being 'published' yet. Just make sure to go through that process @jamesaq12wsx mentioned. We re-listed our app and a few days later we were able to access the SP-API endpoints. Hope this helps.

mottadelli-smeup commented 2 years ago

Please could you take in charge this case 7827279952 ? We changed only the URL link for OAuth authorization Our request is since giugno 16, 2022 10:21:55 PM CEST Our app is ever Pubblicato [La modifica attuale è in attesa di approvazione]