Skip to main content
All CollectionsData SourcesAmazon
Troubleshooting SP-API User Permissions
Troubleshooting SP-API User Permissions
Openbridge Support avatar
Written by Openbridge Support
Updated over a year ago

The most common Amazon Selling Partner authorization issues are related to permissions and a mismatch of regions.

Note: If you want to configure Amazon Advertising permissions, see How To Configure Amazon Advertising Partner Permissions.

How To Check If Your User Has Admin Access

Since Amazon requires a primary account owner OR a secondary user with admin permissions for app authorizations, a simple method to verify your account has admin access is to log into the Seller Central Account and go to User Permissions.

Do you have access? If you do have access to users, go to the next check. If not, it almost certainly means your account does not have the correct admin permissions required by Amazon to authorize apps.

Do you see the list of user accounts? Are you able to "Manage Permissions"? If so, go to the next step.

Lastly, can you edit permissions, assigning or removing admin access on accounts? If yes, then you likely have the proper admin permissions. I

Invalid Access Errors

To authorize any Amazon Selling Partner API application requires either;

  1. The primary seller or vendor account or;

  2. A secondary user with admin permissions in your seller or vendor account.

As a result, please make sure any secondary user account has "Admin" permissions in Amazon Seller or Vendor Central. If permissions are not set correctly, Amazon will reject our requests with "Invalid Access" errors.

Here is an example of a Seller Central permissions error:

Vendor Central

Option A is to ensure the authorizing user is either an Admin or Global Admin. This aligns with requirements from Amazon for Seller Central that authorizing users must be the primary account holder or a secondary account with admin permissions.

Option B involves creating a user account with explicit permissions to related data entities that report use. If Option B does not work and you see a permission error (see below), you must switch to Option A.

Here is an example of a Vendor Central permissions error:
โ€‹


If you are having difficulty with Brand Analytics permissions, see this related doc: https://docs.openbridge.com/en/articles/6255799-amazon-brand-analytics-permissions

Your Region Must Match

When authorizing the Selling Partner API, the marketplace you select in Openbridge must match the seller marketplace and region you are authorizing at Amazon. Amazon requires us to use your selection to determine which regional API should be called. This is why Openbridge will present a list of marketplaces Amazon will accept for an authorization request.

The list of marketplaces we show you align with Amazon-defined APIs:

Selling region

Endpoint

AWS region

North America (Canada, US, Mexico, and Brazil marketplaces)

us-east-1

Europe (Spain, UK, France, Netherlands, Germany, Italy, Sweden, Poland, Saudi Arabia, Egypt, Turkey, United Arab Emirates, and India marketplaces)

eu-west-1

Far East (Singapore, Australia, and Japan marketplaces)

us-west-2

We use this setting to determine which API to send your request to. We need to know the correct marketplace to know which of the three possible API endpoints will be required by Amazon to complete an SP-API authorization.

Example: Authorizing Your Seller Account

Let's assume you select "Australia" on Openbridge. This tells us you want Amazon to authorize a seller residing in the "Australia" marketplace, which is part of the "Far East" region.

Once you select "Login With Amazon" on Openbridge, we direct you to Amazon to complete the authorization.

Amazon may present a much broader list of regions. In our example, despite Amazon showing a broader list of regions, you must select "Australia" in Seller Central to match what you selected at Openbridge:

If you select Australia on Openbridge, then select the United States, Sweden, Japan, or any other region/marketplace combination on Amazon, this will create a mismatched authorization process. This will lead to corrupted authorization or processing errors at Amazon.

Did this answer your question?