Amazon Selling Partner API

Setup

Prior to using the Amazon Selling Partner API connector with Runner, one must properly provision the Amazon Selling Partner account. The following steps will walk you through that process. Note that one must be a primary account user to complete this process.

Throughout the process, you’ll collect credentials that will ultimately be placed in job configurations for the connector.

Generally speaking, credentials are in the following HJSON format:

credentials: {
  region: <your-region>
  role_arn: <your-role-arn>
  aws_access_key_id: <your-aws-access-key-id>
  aws_secret_access_key: <your-aws-secret-access-key>
  client_id: <your-client-id>
  client_secret: <your-secret>
  refresh_token: <your-refresh-token>
}

  1. Register as a private SP-API developer as described here.

  2. Wait until your registration is approved. Information on how to check your status can be found here.

  3. Access to the SP-API requires the use of an IAM user and role which allows access to the SP-API. You can choose between using a pre-defined user and role already provisioned by Zuar or you can create your own.

    1. Use the Zuar’s pre-defined user and role.

      To use the pre-defined role, use the following in your job credentials:

      role_arn: arn:aws:iam::575296055612:role/SellingPartnerAPI
aws_access_key_id: AKIAYL4SRFE6FALNLR6C
aws_secret_access_key: f1IMOidJTltIa92AUGrHlQ3PhGo8XkLjg6oOZP51

    2. Create your own user and role.

      Creating your own user and role is somewhat involved. If you wish create your own, instructions can be found here.

      After you’ve created your role, use the role_arn, aws_access_key_id, aws_secret_access_key that were displayed in your job credentials. They will be similar to those of Zuar’s pre-defined role in the previous step.

      role_arn: arn:aws:iam::<your-arn>:role/SellingPartnerAPI
aws_access_key_id: <your-key-id>
aws_secret_access_key: <your-secret-key>

  4. Register a private seller application in your Selling Partner account. Instructions can be found here.

    Application Registration

    On the app registration page, please note the following:

    Note

    Description

    A

    choose SP API

    B

    either Zuar’s role_arn above or yours

    C

    check Sellers

    D

    choose the appropriate roles for desired data

    E

    check No

    na

    click Save and exit

  5. In the developer console, view the newly created application.

    From the Edit App pulldown, select Authorize, to grant your application access to your Selling Partner data.

    Application Authorization

  6. The “Manage Authorizations” page will appear. Click Authorize app for the desired marketplace. If you work with more than one marketplace, you will need to authorize each marketplace separately.

    Application Authorization

  7. In the “Manage Authorizations” page, a Refresh Token will be displayed.

    Refresh Token

    Copy the token and add it to the credentials for the connector.

    role_arn: arn:aws:iam::575296055612:role/SellingPartnerAPI
aws_access_key_id: AKIAYL4SRFE6FALNLR6C
aws_secret_access_key: f1IMOidJTltIa92AUGrHlQ3PhGo8XkLjg6oOZP51
refresh_token: Atzr|<your-refresh-token>

  8. Return to the developer console, view the newly created application.

    Click View in the LWA Credentials column for your application.

    Refresh Token

  9. The LWA credentials page will be displayed.

    Refresh Token

    Copy the Client identifier and the Client secret and add them to the credentials for the connector.

    role_arn: arn:aws:iam::575296055612:role/SellingPartnerAPI
aws_access_key_id: AKIAYL4SRFE6FALNLR6C
aws_secret_access_key: f1IMOidJTltIa92AUGrHlQ3PhGo8XkLjg6oOZP51
refresh_token: Atzr|<your-refresh-token>
client_id: <your-client-id>
client_secret: <your-client-secret>

At this point, an application for the connector has been provisioned in your Selling Partner account and you have collected the necessary credentials to allow the connector to connect to and obtain data from your account.

Maintenance (Secret Expiration/Rotation)

The “Client secret” of your LWA credentials has a lifetime of 180 days. Sometime prior to expiration, Amazon will notify you of the pending expiration. Additionally, a yellow triangle will appear under LWA credentials for the application.

Expiration Warning

Sometime prior to expiration, you should renew or “rotate” the credentials. To do this, click on View to display the LWA Credentials page and then click the Rotate secret button.

A new Client secret will be displayed. Make a copy of the secret and use it to update the credentials used by your jobs.