Skip to content
  • There are no suggestions because the search field is empty.

Amazon Restricted Data Tokens

To protect its customers’ Personal Identifiable Information (PII), Amazon will not, by default, include shipping address information as part of an API call response. In order to retrieve this information, special authorization in the form of a Restricted Data Token (RDT) must be present.

The determination as to whether your organization requires an RDT depends on your fulfillment relationship with Amazon. If your sole fulfillment method with Amazon is FBA, these details are probably not relevant. If you operate under an FBM model, however, it is necessary for you to have this information, and an RDT could be desirable.

To obtain an RDT:

  • Log in into your Amazon Seller Central
  • Open the menu of account options, choose the Apps and Services group, then choose the Develop Apps option
  • On the Developer Central page, locate the app you have set up for integration to Business Central, then choose the Edit App action
  • In the list of available roles, choose the role for Direct-to-Consumer Shipping (you can also choose the roles for Tax Remittance and Tax Invoicing, although CSM does not support any corresponding functionality for these areas).
  • The app registration page will expand and require you to fill out a number of questions regarding the manner in which your organization treats data and keeps it secure.
  • When you are done answering these questions, you can save the app.

The application for an RDT will automatically be submitted to Amazon support, where it will be reviewed. Response time for this request can be as long as two weeks.

Note: if you are unable to acquire an RDT with Amazon, it is still possible to obtain shipping address information for the sales orders you retrieve into Business Central. From within Seller Central, it is possible to request and download a report of unshipped orders. This report can then be imported into Business Central. For more information on this process, see here.

If you do obtain an RDT, there is an additional value you must provide as part of your API credentials in Business Central:

  • App ID: the ID of the app that was set up for Business Central integration in Amazon Developer Central.  You can obtain this information from the Developer Central page in Amazon. The format of the app ID will be amzn1.sp.solution.[xxx], where [xxx] is a unique number that has been assigned to your application.

You can either enter the app ID in the CSM Amazon Setup Wizard as part of the initial sales channel creation process or manually add it on the CSM Amazon FastTab of the API Credentials page that you have set up for your Amazon sales channels in Business Central. CSM for Amazon requires the setup of multiple API credential lines; it is only necessary to assign the app ID to the first, “global,” record (identified as having a blank API function code).

In addition to supplying an app ID as part of your Amazon API credentials, it is also necessary to enable your RDT on your Amazon sales channels:

  • Open the Amazon sales channel you need to update
  • Within the Amazon Seller and API Data FastTab, there is an Amazon Restricted Data Token Setup This area is automatically populated with lines for the different API functions that involve the RDT.
  • On each line, place check marks in the Enable field
  • For each API function, place check marks in the Buyer Info, Shipping Address, and Buyer Tax Information fields to indicate which types of information you want the RDT to retrieve as part of API calls made with that function.  The default setup is recommended.

Note: CSM will attempt to include the selected information types as part of API calls to Amazon.  If you choose an information type to which you have not been granted RDT access by Amazon, your API calls will fail. For example, if you did not obtain access to buyer tax information and you enabled these values, your API calls to Amazon would be unsuccessful.

The first time that an API call is made for one of these functions, CSM will store these enabled information types so that they may be used for future API calls. If at any point you want to change the enabled information types for one of these functions, it is necessary to delete the existing configuration:

  • Choose looking glass and search for API Shared Sessions, and then choose the related
  • Open the shared session for your Amazon APIs
  • On the Restricted Data Tokens FastTab, choose the line for all orders retrieval (it will have a path of /orders/v0/orders).
  • Choose the Delete Line action

The next time you execute the relevant API function(s) a new Restricted Data Token line will be created on the shared session. The data elements for this line will reflect any changes you have made on the sales channel.