HemiKnowledge BaseHemiIntegrations
Table of Contents
Related Articles
Knowledge Base
Hemi System Administration Integrations Hemi PRD Library Hemi Content Stream General Information Custom additions Core Integrations & Marketplace Documentation Hemi Advanced Functionalities Data Management MP Tokens generation Hemi Technology Trainings Hemi Platform Integrations Release Notes
FAQs

Marketplaces / Amazon SP API - Technical Scope / Amazon Restricted Data Token Incorporation

Amazon Restricted Data Token Incorporation

Summary of Changes: (The purpose of this table is to keep traceability and Product team to highlight the things that were changed into the scope, based on comments or discussions)

Date Version Name Applied changes
21.11.2023 1.0 Bogomil Pavlov First Publish

Amazon recently announced that they are introducing Tokens API which takes care of the PII (Personally Identifiable Information). The whole idea behind it is that we will have to request additional Restricted Data Token (RDT) which works the same way as the current access token for Get Orders and Get Order Items request using the Tokens API which will allow us to get the PII info.

Get Tokens

API Call: POST https://sellingpartnerapi-eu.amazon.com/tokens/2021-03-01/restrictedDataToken

Docs: https://developer-docs.amazon.com/sp-api/docs/tokens-api-v2021-03-01-reference#createrestricteddatatokenresponse

Sample Request: POST https://sellingpartnerapi-eu.amazon.com/tokens/2021-03-01/restrictedDataToken Body:

{
  "restrictedResources": [
    {
      "method": "GET",
      "path": "/orders/v0/orders",
      "dataElements": ["buyerInfo", "shippingAddress", "buyerTaxInformation"]
    },
    {
      "method": "GET",
      "path": "/orders/v0/orders/204-5559961-9188354/orderItems",
      "dataElements": [""]
    },
    {
      "method": "GET",
      "path": "/orders/v0/orders/204-5559961-9188355/orderItems",
      "dataElements": [""]
    },
    {
      "method": "GET",
      "path": "/orders/v0/orders/204-5559961-9188356/orderItems",
      "dataElements": [""]
    }
  ]
}

In the body basically we are specifying for which request we would like to obtain the Restricted Data Token (RDT) and we have the following options: "path": "/orders/v0/orders" - This will generate Restricted Data Token (RDT) which will allow us to get the PII info for all orders. "path": "/orders/v0/orders/123-1234567-1234567" - This will generate a Restricted Data Token (RDT) which will allow us to get the PII info for 123-1234567-1234567 order. "path": "/orders/v0/orders/204-5559961-9188354/orderItems" - This will generate a Restricted Data Token (RDT) which will allow us to get the PII info from the order items for204-5559961-9188354order.

We can have up to 50 different restrictedResources which means we can specify 50 paths in each request. We have to be careful with the paths because for each order we have to specify separate path in order to get the order items.

Sample Response: Status 200 OK

{
    "expiresIn": 3600,
    "restrictedDataToken": "Atz.sprdt|AYABeCKFkO+Obu6AD13a8lvWn1UAAAABAAdhd3Mta21zAEthcm46YXdzOmttczpldS13ZXN0LTE6NTM2MDA0NjQ5NjEwOmtleS9mODYzNDkxYy04MjMzLTRhYmEtYjAwMS1kY2I4NzQ3OTk2MGMAuAECAQB417iTVS2GPICdHYrcN1WBE4q89zNJoe0g6jW9qVq9Z7kBQhZGG2LATL6SU9gm1/8AJgAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDKfefoO/4EhyzskaGgIBEIA7UXl1ykM3zIrS47/dJitXvLZeJ3arNbvU8BpJwIdgcE+x+8YioRPnB+lgGdN8V+sXroPURvTCp3vi63cCAAAAAAwAABAAAAAAAAAAAAAAAAAALzA9WfXJtTppslaWVErSBv////8AAAABAAAAAAAAAAAAAAABAAAFyGs0X/tFgoCBzxFvmhWQy622iYhZeSSxqRTH8DMMjoNbgxL4AtTlbLQVKu8Xvqcv6dXx0vQ80TBAOFWCR4LSE7eeDLO0W7ndRzkae9RNBtb95BC+Fpat6BMSSiqrEj+jgXkHaXUHHhR2JuE2uFhZTdOhwUYcogQlTUzkoRcaYtGWkGSacaI71TvfU1TZ4Slfx1bNmYb6f3fcG6N7sUYA0rwu7n6p0FjFB/zgxxn9doZzRZAbTDVjIFX3EmvQ8PkdeUlfy/p4uA/Mk2U/E4jkqv1jxwINBd1b1nYJryPKiTqRUkvQ7ALdnHv915GwPRUoUSAHj7+yKVJeSZFvBE2SLmYOWpNxpwX/7q9NDC6PjPEIrS0vFF+K4SCGfXM22wTTj5g86EI5dU4dcA4hakEQmS+EXbl6+oytjPYosTr8RNEWfv6nyq9L8TY/oS3RPKV5LkVKw4zm5NeV6JNYyMi66leh5daKq3RWLGJ0L9nTIixQZBTBgQZiVw2q3GDZGSCEA7l0RHUJxemhrjEpcSdhGiZcjMEjb3L73vvK43wNx0W4m+PWYOLxof9dUDAQZ7IQHvUOsOWQSOYwKpw3E4ozOeV3k8ORNUaWEGjuC9wz7vUmghKrRKWESdoaBP/Sm+TuDo6NDPnPyMyBIkv4vPzYyD8S6nf1EGPqFr6LQu95BGi3sbvmKTf+Yg8FsQqnBhn2I3tXc9+/v5w6ve274cE+P8KcI9pIyNZG8cl4aeMH5v9yeUlIXD/isQJcsX51jJ2MtnYqjLufEJ5nHPw5gR9Q52GK84ZsC49vQyvESk75wHYFKU54AZSpmiEwYJg3emRlrzkaX4n3xKXpT00JOexrumS7jQT3ol6+q400tCDv9N0/5s3y4lT9ap7WnpbcHmNQ86Bwcs5mDwH132qMF1NtoRjioCLcUbdgLEWyhqNlJ1KAbzdpg955bT/Awv2Ikbnuo1euOSkRMOCEWGFYq+0e29oukEmHRc3NSyBF8/jusL4jKX5CZTAMd5fYN780Dxz4Cu6+q/coWu8EUYH27nBvbp2ALmZlt430WzkuNwTAZFUxOvSd1ljj9/2mPNfs6VjJ59tF3E2/1I3DU2iVXrlqKEQhJA+D2sf1yxnI74+na5eEDxeqquyOty92Cn1QaOve2gCLbqaVZSsoepzcZfdjFpH4a0H75X8wdWnlxnxNlUq8MUr+HXEDNe0eO9niUXSDKgEsPBiMBHKow47iVN/7vu4mXIu3TPHbK44xmBN+IZ6Nmvf5uNlWgESItYQlyWMmztA/SZDBhwvI/FluVqMUMyj0pmogsJG7PfZSDeOqmJHNOJJMKc6nPgd0EfpONHvf49A15u++IoyutFJi5cv0A3e1O6+7Mt16zAAqO7Y2hhRCejdXzBpGDsxD46IPnKzDQgf43lhVg5JGcR+t/t8KWpD2hFPxV30n7LRzQ+6ZLQOlX912KBoAgAoIkpBT8aJhLa8L27W4NqjjcdidwE9QKhGcPmdQasMVKAXXvwjbts+Q+wPCStZ3wx4fnDzdrU47hZo5K6IHBaPjT34j8F7XeIpYdyB5gp+BbCzPipwkGINqc4y79ViiQ2kVIJDSR85gaiyEGg1n57gCa7wKYGwzAH9oYU0Ru7bk39aYv3FrDVwTIDWDdJii8dd4wqwOsCkOjjzL8xxoqOsTY8w6hvF1euw7sSJTgoLjTn6SGvRhP9YO+jPHgf+EerpOVKUZZMBgS9OWOZWLsMiAH3ZDGluiVK+OkdKFc9q/NLULU711i6BMbdQHZ/B7HEsoDCxvkUHs2BkGrtszFF901kRwZ1xdCkAh6rRXjUL56XYydKleJfT41mTA+H0oedtgfu8epKYFgaOukAgXN9UoI5yX1+BcxPZGWMcL4twW6IR13Py81mo8YboJeuUdpQCbtLfhYz6vA5s8jrxkUqTRJsQLZk7uaTxTiEH+fNZQ90XkiO1Zffr/KBb162gOthpWDSXIIfeS3Gj72u422RlF"
}

We want to store the restrictedDataToken in the cache as the access token with expiration time of 1 hour.

Overall for Get Orders and Get Order Items requests we want to use the Restricted Data Token (RDT) instead for the standard LWA access token.

Is this article helpful?
0 0 0