From my understanding, that is fine. Companies creating software do it often. Hiring a software developer employee and hiring a software developer contractor to develop an application for your company is about the same thing, except for how the taxes are handled. Either way, it would be important to have an non-disclosure agreement with the developer, also to include that the person will follow and enforce the Amazon Data Protection and Acceptable Use Policy.
From my understanding, sharing the API key with your own staff who is writing software for you own company is fine. (What you are not allowed to do is to give your API credentials to another company to put into their software.) The challenge is the development environment (the developer’s computer) needs to meet the Amazon Data Protection requirements, which are challenging to meet. What some other companies are doing is having the development done on a cloud server in your direct control that meets the Amazon requirements. Then you don’t need to worry as much about the developers personal computer.
The API key credentials are the user id and password to your Amazon seller account with access through the API instead of through the web site. In the wrong hands, damage could be done to seller account and all of the data in your account could be exacted. If your API secret key gets out, you can request that Amazon change it (just like a password).
Each developer is responsible for what is done with their developer API key. So if you give that to a 3rd party, you loose control.
Dynamic Enterprise Technologies Inc
Seattle Washington USA