Sharing Amazon API Credentials


#1

I want to hire a contract developer working remotely from a different geographic location (California) to create API called to retrieve data about inbound FBA shipment into a google sheet or csv. like shipment name, SKUs, weight, dimensions, tracking numbers etc…

They will be using their own personal computers to work on the API, So I’m wondering if its advisable to apply for Developer ID from my Pro seller account and share the API Key credentials with them?

Also, I’m just curious for my own knowledge, what is the risk when these API key credentials gets in the wrong hands? what is the risk? what is the reason Amazon does not allow you to share it with 3rd parties?

Thanks in advance for your help!


#3

It is not advisable because of security reasons.

The API key allows for close to complete access to Amazon on your behalf. With them one could modify inventory, product selection, pricing, order fulfillment, and etc.

This is the reason Amazon has setup a way for you to authorize 3rd party developer who have their own credentials to access your account. This still has the same risks however you can revoke those permissions instead of having to contact Amazon and having them re-issue a new set of credentials.


#4

From my understanding, that is fine. Companies creating software do it often. Hiring a software developer employee and hiring a software developer contractor to develop an application for your company is about the same thing, except for how the taxes are handled. Either way, it would be important to have an non-disclosure agreement with the developer, also to include that the person will follow and enforce the Amazon Data Protection and Acceptable Use Policy.

From my understanding, sharing the API key with your own staff who is writing software for you own company is fine. (What you are not allowed to do is to give your API credentials to another company to put into their software.) The challenge is the development environment (the developer’s computer) needs to meet the Amazon Data Protection requirements, which are challenging to meet. What some other companies are doing is having the development done on a cloud server in your direct control that meets the Amazon requirements. Then you don’t need to worry as much about the developers personal computer.

The API key credentials are the user id and password to your Amazon seller account with access through the API instead of through the web site. In the wrong hands, damage could be done to seller account and all of the data in your account could be exacted. If your API secret key gets out, you can request that Amazon change it (just like a password).

Each developer is responsible for what is done with their developer API key. So if you give that to a 3rd party, you loose control.

David Nelson
Dynamic Enterprise Technologies Inc
Seattle Washington USA


#5

Thank you guys this is helpful