Back in March, I wrote up a petition
and blog post
detailing how complicated it is for a third-party seller on Amazon to determine who has been granted API to their selling account. As a security-conscious software developer, I expressed concern for the lack of visibility sellers had with who had been granted access to the Amazon seller account through the MWS API. There was no easy way a seller could see who had access, and if needed, to revoke the access. The only way a seller could find out more then was by contacting the MWS team with its obscure contact form
Despite an underwhelming show of support on the official MWS Forums, the MWS and Seller Central teams must have recognized the importance of sellers having visibility into which providers still had access to their accounts; they have recently added the necessary data into the “User Permissions” screen within Seller Central.
Note the bottom half of that screen now shows which providers have current access to your Seller Account through the MWS API. This is a significant update that will help protect the privacy of your seller account by not allowing access to providers that you no longer use. The new menu addition can be found from your Seller Central’s User Permissions
We encourage all sellers to visit this page and verify that every provider with current access to your account is still valid and approved. The form will include the developer name, ID and date of authorization. Right next to it will be the option to “revoke” the permissions if you wish the third party no longer have access to your account.