As a software provider for Amazon Sellers, I’ve had a growing concern with the lack of visibility that a seller has into who has been granted access to their Amazon selling account through the MWS API. After a seller has authorized a third-party to access their seller account through the MWS API, the seller has no way to review who has been granted access.
The only way that a seller can see to what providers they have granted access is to inquire about it specifically in an obscure MWS contact form. To revoke access requires a second email to the MWS team.
Since sellers have no way of easily seeing who has been granted access to their account, they will rarely revoke this access when they have stopped using a provider’s services. Without that visibility, the permission is easily forgotten and a provider may have access to the seller’s account for years after they have stopped using the provider’s service. This continued, unintended access to their seller account introduces the seller to many unnecessary risks if the provider (who they no longer use) has any problems with the security or functionality of their system.
I’d like to start a petition for sellers to have this important visibility into whom they have granted access to their account. If you are a seller who is concerned with the security of your account and would like to view who has access to your Amazon Selling Account through the MWS API, please add a quick comment to indicate such on this thread.
Your voice will help to bring it to the attention of the MWS team and give it priority on their development schedule.