Authorize Applications

Authorization is the process by which a selling partner grants your application permission to call the Selling Partner API (SP-API) on the selling partner's behalf. For example, when a selling partner authorizes your order management application, they give your application permission to retrieve their order data through the SP-API.

After the authorization process is complete, your application can obtain the credentials that the SP-API requires for each API call.

This topic provides an overview of the available authorization methods and refers you to the relevant documentation based on the method that you choose.

Authorization methods

Your authorization method choices depend on whether your application is public or private. The following section summarizes the authorization methods. For details, refer to the specified documentation.

Public applications

Public applications are available to multiple selling partners through the selling partner's website or through the Selling Partner Appstore. The following information summarizes the available authorization methods for public applications:

• Authorization method: OAuth 2.0 through Login with Amazon (LWA).
• Who authorizes the application: The selling partner.
• Initial authorization flow: The selling partner starts either from your website or from the Selling Partner Appstore. Through browser redirects, the selling partner interacts with both Amazon and your website to complete the authorization process.
• Authorization renewal: Renewal is required annually or if you want existing users (sellers or vendors) to authorize new roles for your application. To renew authorization, the selling partner starts at the Manage Your Apps page in Seller Central.
• Developer implementation needed? Yes. You must implement an authorization and a reauthorization flow. The implementation involves setting up an OAuth log-in URI, an OAuth redirect URI, and so on.
• Documentation:
  • Authorize Public Applications
  • Website Authorization Workflow
  • Selling Partner Appstore Authorization Workflow (not applicable to vendors)
  • Renew Authorizations
  • Authorization Limits

Private applications

Private applications are for exclusive use by a single organization. The following information summarizes the available authorization methods for private applications:

• Authorization method: Self-authorization.
• Who authorizes the application: You.
• Initial authorization flow: You perform a self-authorization process through Seller Central, Vendor Central, or the Solution Provider Portal.
• Authorization renewal: Renewal is required when you add new roles and publish your application. You perform the self-authorization process through Seller Central, Vendor Central, or the Solution Provider Portal.
• Developer implementation needed? No. You can perform authorization through one of the tools mentioned previously.
• Documentation:
  • Authorize Private Applications
  • Revoke Self-Authorizations
  • Authorization Limits

Special cases

The following documentation applies to special cases:

• Grantless operations: You can call some operations without explicit authorization from a selling partner. These operations are called grantless operations. For details, refer to Grantless Operations.
• Vendor groups: For vendor applications, authorization applies to the group of vendor codes that are associated with the sign-in credentials for your Vendor Central account. For details about how to handle this case, refer to Authorize your Application to Access Vendor Groups.
• Restricted data: Operations that access restricted data (such as Personally Identifiable Information) require authorization through a Restricted Data Token (RDT). For details, refer to Authorization with the Restricted Data Token.