Selling Partner API on AWS

Partner Solution Deployment Guide


August 2021
John Smith, Services LLC
Rugved Dighe, Selling Partner Services team
Andrew Glenn, AWS Integration & Automation team

Refer to the GitHub repository to view source files, report bugs, submit feature ideas, and post feedback about this Partner Solution. To comment on the documentation, refer to Feedback.

This Partner Solution was created by Services LLC in collaboration with Amazon Web Services (AWS). Partner Solutions are automated reference deployments that help people deploy popular technologies on AWS according to AWS best practices. If you’re unfamiliar with AWS Partner Solutions, refer to the AWS Partner Solution General Information Guide.


This guide covers the information you need to deploy the Selling Partner API Partner Solution in the AWS Cloud.

It is for users who want to set up AWS resources in their AWS account to provide SP-API integration using AWS best practices.

This Partner Solution deploys SP-API on the Amazon Web Services (AWS) Cloud. It configures an AWS Identity and Access Management (IAM) role to streamline your SP-API onboarding. In addition, it provides a sample AWS Lambda application to demonstrate AWS best practices for SP-API integration. After deployment, input your application’s client identifier, secret, and seller refresh token into the sample application code to test connectivity to SP-API endpoints. For more information, see Post-deployment steps later in this guide.

SP-API is a suite of REST-based APIs providing Amazon Selling Partners programmatic access to their Amazon Seller Central account data. With it, you can build applications that help sellers and vendors manage their Amazon business. You must have a Professional selling plan on Amazon Seller Central and register as a developer to create Seller Central applications.

For more information on SP-API, see the Selling Partner API documentations repository.

Costs and licenses

There is no cost to use this Partner Solution, but you will be billed for any AWS services or resources that this Partner Solution deploys. For more information, refer to the AWS Partner Solution General Information Guide.


Deploying this Partner Solution with default parameters builds the following SP-API environment in the AWS Cloud.

Figure 1. Partner Solution architecture for SP-API on AWS

As shown in Figure 1, this Partner Solution sets up the following:

  • An AWS IAM role providing a secure way to interact with SP-API.

  • An AWS Lambda function to use the IAM role to call SP-SPI endpoints.

Deployment options

This Partner Solution provides the following deployment option: * Deploy SP-API into an existing VPC. This option provisions SP-API in your existing AWS infrastructure.

Predeployment steps

Prepare your Seller Central account

You must have a Professional selling plan on Amazon Seller Central and register as a developer to create Seller Central applications.

Deployment steps

  1. Sign in to your AWS account, and launch this Partner Solution, as described under Deployment options. The AWS CloudFormation console opens with a prepopulated template.

  2. Choose the correct AWS Region, and then choose Next.

  3. On the Create stack page, keep the default setting for the template URL, and then choose Next.

  4. On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. When you finish reviewing and customizing the parameters, choose Next.

    Unless you’re customizing the Partner Solution templates or are instructed otherwise in this guide’s Predeployment section, don’t change the default settings for the following parameters: QSS3BucketName, QSS3BucketRegion, and QSS3KeyPrefix. Changing the values of these parameters will modify code references that point to the Amazon Simple Storage Service (Amazon S3) bucket name and key prefix. For more information, refer to the AWS Partner Solutions Contributor’s Guide.
  5. On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you finish, choose Next.

  6. On the Review page, review and confirm the template settings. Under Capabilities, select all of the check boxes to acknowledge that the template creates AWS Identity and Access Management (IAM) resources that might require the ability to automatically expand macros.

  7. Choose Create stack. The stack takes about 5 minutes to deploy.

  8. Monitor the stack’s status, and when the status is CREATE_COMPLETE, the Selling Partner API deployment is ready.

  9. To view the created resources, choose the Outputs tab.

Postdeployment steps

Copy the IAM role ARN

  1. Open the AWS IAM console.

  2. In the navigation pane, choose Roles.

  3. Choose the name of the role that you will use to create the application.

  4. Copy the role Amazon Resource Number (ARN).

Register an app on Seller Central

  1. Sign into Seller Central using the credentials that you used to register as a developer.

  2. Choose Develop Apps from the Apps & Services menu.

  3. Choose Add new app client.

  4. On the App registration page, enter an app name.

  5. Choose SP API from the API Type drop-down list.

  6. For IAM ARN, enter the role ARN you copied previously.

  7. Choose the pertinent application roles.

  8. Enter OAuth login and redirect URIs. These parameters are optional for private seller and vendor applications.

  9. Choose Save and exit.

  10. Choose Develop Apps from the Apps & Services menu.

  11. Choose View under LWA credentials for the app you registered previously.

  12. Copy the client identifier and client secret. You will enter these on lines 26 and 27, respectively, of later.

Obtain seller authorization

Obtain seller authorization using either the website authorization workflow or self authorization. You will enter the refresh token on line 32 of later.

Edit and test the AWS Lambda function

  1. Open the AWS Lambda console.

  2. In the navigation pane, choose Functions.

  3. Choose the name of the Lambda function created by the Selling Partner API Quick Start.

  4. On the Code tab, choose in Environment window.

  5. On line 26, enter the client identifier you copied previously.

  6. On line 27, enter the client secret.

  7. On line 32, enter the refresh token you received previously from the seller.

  8. Choose Deploy.

  9. Choose Test.

  10. On the Configure test event dialog box, enter an event name, and choose Create.

  11. Choose Test. The Execution results tab shows the status and details of the test.

Best practices for using SP API on AWS

For more information about SP-API best practices, see the Selling Partner API Developer Guide.


  • Use of an IAM role with permission to call SP-API is a best practice.

  • The temporary credentials received from the IAM role are valid only for one hour.


For troubleshooting common Partner Solution issues, refer to the AWS Partner Solution General Information Guide and Troubleshooting CloudFormation.

Q. I cannot create an app on Seller Central.

A. You must have a Professional selling plan on Amazon Seller Central and register as a developer to create Seller Central applications.

Q. How do I get the refresh token to test the API call?

A. Obtain seller authorization using either the website authorization workflow or self authorization.

Q. I cant see any orders in the API response. What do I do?

A. If you are a third-party developer, you must add the refresh token from the seller to For more information, see Post-deployment steps. If you self-authorized your application, the API response will not contain orders.

Q. I sell in multiple marketplaces on Amazon Seller Central, why do I only see orders for a single marketplace?

A. This Quick Start deployment makes a call to get orders in the first marketplace in a seller’s marketplace list. For more information, see Choose your source and target marketplaces.

Customer responsibility

After you deploy a Partner Solution, confirm that your resources and services are updated and configured—including any required patches—to meet your security and other needs. For more information, refer to the Shared Responsibility Model.


To submit feature ideas and report bugs, use the Issues section of the GitHub repository for this Partner Solution. To submit code, refer to the Partner Solution Contributor’s Guide. To submit feedback on this deployment guide, use the following GitHub links:


This document is provided for informational purposes only. It represents current AWS product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS products or services, each of which is provided "as is" without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at or in the accompanying "license" file. This code is distributed on an "as is" basis, without warranties or conditions of any kind, either expressed or implied. Refer to the License for specific language governing permissions and limitations.