Escaping Issue Impacting Selling Partner API Operations
On January 20, 2022, an escaping issue was identified affecting most Selling Partner API operations resulting in escape characters, such as quotes ("
) and backslashes (\
), being double-escaped in API request and response payloads. This issue has been resolved. Please review the remainder of this announcement to determine if your application was impacted by this issue and if any follow up actions are necessary.
Note that the contents of feed and report documents were not impacted by this issue.
How did this issue impact Selling Partner API requests and responses?
Selling Partner API request and response payloads are JSON formatted. For special characters that may conflict with the JSON format itself, such as quotes ("
) and backslashes (\
), escaping is used to differentiate between JSON structure and values contained within.
For example, 3/4" Drill Bit
contains a quote character that is escaped with a backslash (\
):
{
"itemName": "3/4\" Drill Bit"
}
While the escaping issue was present, these values were escaped twice, resulting in the following payload:
{
"itemName": "3/4\\\" Drill Bit"
}
Applications receiving this content would interpret the value as 3/4\" Drill Bit
instead of the expected value of 3/4" Drill Bit
. Likewise, if this payload was submitted to Amazon by your application, Amazon would receive 3/4\" Drill Bit
.
Which marketplaces are affected?
This issue impacted all marketplaces.
Who is affected?
This issue impacted all applications using any Selling Partner API operations where the request or response payloads contained escaped characters, such as quotes ("
) and backslashes (\
).
Who is not affected?
This issue did not impact Selling Partner API operations where information is exchanged separately from the API request itself, such as the Feeds and Reports APIs. The contents of feeds and reports documents were not impacted by this issue. Additionally, Amazon Marketplace Web Services (Amazon MWS) operations were not impacted by this issue.
What action is required?
If you have an application that uses one or more of the affected operations, please consider the following to determine if any action is necessary:
-
If your application is expecting JSON values to be double-escaped, you may need to adjust your application code to no longer expect double-escaped values
-
If your application has stored data retrieved from Amazon with the affected operations, you may need to refresh or fix the data stored (depending on your use case).
-
If your application has submitted data to Amazon with the affected operations, you may need to inspect the affected data to determine if any correction is required and resubmit (depending on your use case).
Have questions?