Although I am completely sympathetic, I’m afraid a more realistic view of the situation is from Amazon’s viewpoint. These rules are difficult, but not impossible (and again I would like to point out how much easier they are when completely hosted on AWS)
Amazon decided this was the easiest way to show governance over “their” customer data. This is probably in no small part a response to recent external regulatory efforts and various consumer protection efforts. There have also been quite a few recent large platform personal consumer data breaches, almost all from third party or contractor vulnerabilities. Amazon has been tightening access to buyer info via seller central for some time, mostly (we assume) because people are abusing it.
Wishful thinking. Challenging the definition of third party on this platform isn’t very convincing.
I’m afraid from any security based Least Privilege Principle, Amazon doesn’t think just printing labels justifies access to the backend API and customer data - unless you think it is important enough to surround it with the designated set of controls. Amazon would probably point out that you can do this from seller central, and from any number of inexpensive third parties that (we assume) have the controls in place. This shouldn’t be a huge thing to fix unless you are also using the customer data for other things.
There are lots and lots of threads and posts on this going back to late 2018, most of them don’t contain many specific questions. Amazon hasn’t done a great job of communicating these changes, so most of the posts are simply in disbelieve, or protest.