Understanding Amazon PII in the Selling Partner API

Openbridge's Amazon application is approved for operations that return restricted data (such as Personally Identifiable Information or PII). Openbridge has completed the compliance and certification review with Amazon for our application to support PII data requests.

Openbridge SP-API PII Support

Amazon considers requests for PII data-restricted operations and requires special authorization as a Restricted Data Token (RDT). An RDT allows an authorized application permission to access restricted data such as shipping, tax invoicing, or tax remittance services.

Openbridge has invested significant time and energy in working with Amazon to ensure compliance with Amazon AUP and DPP. This includes rigorous audits, reviews, and compliance monitoring to be approved as a PII-approved app in their systems.

See our "No Bots Promise". Openbridge will never employ bots, screens, web, or data scrapers to circumvent Amazon terms.

What is Amazon PII?

Amazon's definition of PII:

"any information that can be used on its own or with other information to identify contact, locate an individual (e.g., Customer), or identify an individual in context. This includes, but is not limited to, a Customer name, address, e-mail address, phone number, gift message content, purchases, and latitude/longitude of buyer addresses".

For example, this means Amazon will not return data in fields such as:

Buyer's First and Last name
Buyer's e-mail address
Buyer's phone number
Buyer's Address Line 1, Address Line 2
Gift Messages

Amazon Does Not Supply PII For Fulfillment By Amazon (FBA)

Amazon's data protection policies traditionally limit buyers' access to personally identifiable information (PII). Amazon introduced the policy of not sharing the FBA PII data in 2019. As a result, Amazon does not share this information via API or your Amazon Seller Central account.

Restrictions to PII data apply to the Selling Partner API and the legacy MWS API application. In many ways, accessing PII in the new SP-API is significantly more complex, as the review and approval process is extensive.

Amazon PII Restricted Data Services

The Selling Partner API requires unique tokens to access a customer's PII (Personally Identifiable Information). The approved Openbridge SP-API application will request a Restricted Data Token (RDT) for applicable resources. The following API operations have restrictions because customers' Personally Identifiable Information (PII) may be present.

Direct Fulfillment Orders API:

getOrders
getOrder

Direct Fulfillment Shipping API:

getShippingLabels
getPackingSlips
getCustomerInvoices

Merchant Fulfillment API:

getShipment
cancelShipment
cancelShipmentOld
createShipment

Orders API:

getOrders
getOrder
getOrderItems

Shipment Invoicing:

getShipmentDetails

Shipping API:

getShipment

Restricted report types

Here is a list of restricted report types:

GET_AMAZON_FULFILLED_SHIPMENTS_DATA_INVOICING
GET_AMAZON_FULFILLED_SHIPMENTS_DATA_TAX
GET_FLAT_FILE_ACTIONABLE_ORDER_DATA_SHIPPING
GET_FLAT_FILE_ORDER_REPORT_DATA_SHIPPING
GET_FLAT_FILE_ORDER_REPORT_DATA_INVOICING
GET_FLAT_FILE_ORDER_REPORT_DATA_TAX
GET_FLAT_FILE_ORDERS_RECONCILIATION_DATA_TAX
GET_FLAT_FILE_ORDERS_RECONCILIATION_DATA_INVOICING
GET_FLAT_FILE_ORDERS_RECONCILIATION_DATA_SHIPPING
GET_ORDER_REPORT_DATA_INVOICING
GET_ORDER_REPORT_DATA_TAX
GET_ORDER_REPORT_DATA_SHIPPING
GET_EASYSHIP_DOCUMENTS
GET_GST_MTR_B2B_CUSTOM
GET_VAT_TRANSACTION_DATA
SC_VAT_TAX_REPORT

Customers Responsibility

The Amazon PII data we collect for you must be stored in a private, trusted customer-owned data lake or cloud warehouse. As a result, any customer receiving Amazon PII data must comply with the Amazon Data Protection Policy (DPP) and Acceptable Use Policies (AUP).

References: