Petition for sellers to view and revoke access to their MWS account


#1

As a software provider for Amazon Sellers, I’ve had a growing concern with the lack of visibility that a seller has into who has been granted access to their Amazon selling account through the MWS API. After a seller has authorized a third-party to access their seller account through the MWS API, the seller has no way to review who has been granted access.

The only way that a seller can see to what providers they have granted access is to inquire about it specifically in an obscure MWS contact form. To revoke access requires a second email to the MWS team.

Since sellers have no way of easily seeing who has been granted access to their account, they will rarely revoke this access when they have stopped using a provider’s services. Without that visibility, the permission is easily forgotten and a provider may have access to the seller’s account for years after they have stopped using the provider’s service. This continued, unintended access to their seller account introduces the seller to many unnecessary risks if the provider (who they no longer use) has any problems with the security or functionality of their system.

I’d like to start a petition for sellers to have this important visibility into whom they have granted access to their account. If you are a seller who is concerned with the security of your account and would like to view who has access to your Amazon Selling Account through the MWS API, please add a quick comment to indicate such on this thread.

Your voice will help to bring it to the attention of the MWS team and give it priority on their development schedule.

Thanks,
Brandon Checketts
Seller Labs


How to revoke a developer's access,, if the developer is myself
#2

I agree that this is something important and should be given priority.


#3

This must be a priority. It is a clear vulnerability that needs to be addressed as soon as possible.


#4

I strongly agree that I would like to know who has access to my account. I have used feedback services for companies I no longer use, and possibly other things I have forgotten. Please make this a priority. Thanks.


#5

I agree as well that I would like to know who has access to my account. I have had third party people have access to my account and I may need to have them closed out.


#6

Yes by all means this sho8uld be addressed immediately


#7

I totally agree with this proposal.


#8

I should add that if you are concerned about this, there is currently a way to view and revoke access to providers:

1- Go to the MWS Contact form (requires you to log in to Seller Central) at https://sellercentral.amazon.com/gp/mws/contactus.html

2- Fill out the form:
Role: Seller
Subject: Third Parties with Access to my MWS Account
Your Comment: Could you please tell me who currently has access to my Amazon Seller account through MWS

3- It generally takes about 12-24 hours for them to reply via email and it shows up as a case in Seller Central. If you’d like to revoke access to anybody who has been authorized, you would reply through the Seller Central case with something like “Please revoke access to ABC company”.

4- You would get a reply about that in another 12-24 hours.

I’m proposing that the MWS team build a simple web page in to the Seller Central interface that allows a seller to see who has access to their account and simply click a button to revoke access.


#9

I agree. I would like the ability to withdraw access.


#10

I strongly agree that this should be transparent to the seller


#11

Waking up an old thread, but I feel this is important, and would love to have the ability to easily see and maybe revoke MWS access.


#12

Ditto… Amen!!! This is definitely something that should be an added feature for sellers.

Given my experience, I cannot stop a crappy repricer from toying with my inventory, even after Amzn “supposedly” revoked it’s access.


#13

Agree, and further, MWS tokens should have granular permissions which subject areas of the API are available to a given token. e.g. I have a third party fulfillment who has my authtoken and I don’t want them calling anything but orders and inventory.


#14

100% agree. Suredone is particularly bad about continuing to pull your data after you leave their platform and they do not allow any access to revoking on their end.


#15

Thanks for voicing your concerns. We’ve heard you loud and clear.

Providing simpler means for obtaining visibility and control over MWS authorizations is something that is a high priority for us.

Please continue to monitor the forum announcements to say up to date with any future changes.

In the meantime, Seller Support can provide a list of all the authorized developers with access to a seller account, as well as revoke any access at your request.


#16

If you haven’t seen it already, a new page has been launched in Seller Central which provides sellers direct access to view and manage their current MWS authorizations.

Go to: Settings > User Permissions

See the forum announcement here:
https://sellercentral.amazon.com/forums/ann.jspa?annID=304


#17

An improvement but still a shocker we cannot do any access management. All or nothing permissions.


#18

Awesome. It is great to see that progress.


#19

Patrick, thank you so much for getting this added. This provides some necessary visibility for sellers and I’m glad to see that the importance of it didn’t go unnoticed.

Thanks,
Brandon Checketts
Seller Labs


#20

I agree with this proposal. It is important for sellers to control their own account security.