SP-API Errors Frequently Asked Questions

Common errors related to calling the Authorization API

Why can’t I make a successful call to Authorizations API or why does getAuthorizationCode return No MWS authorization found?

Select to expand the answer. If you are using the correct tokens, and are still receiving this error, you may be calling the Authorization API using either an SP-API application or a hybrid application that has not yet been published. Note these prerequisites for making a valid request to the Authorization API:
  • Your MWS application must be published.
  • The published MWS application must be converted to a hybrid SP-API application.
  • The hybrid SP-API application must be published to the Amazon Selling Partner Appstore.
  • All MWS developer IDs must be added to the hybrid SP-API application and the seller must authorize the SP-API application or hybrid SP-API application that you’re using in MWS.

Why am I receiving "Missing authentication token" when I run the Authorization API?

Select to expand the answer. This error returns if you are using LWA credentials in your API request and are missing AWS keys. To resolve this error, make sure to add the AWS `AccessKey`, `SecretKey` and Session Token (if using STS) in your API authorization request. Also, you must use the Access Token starting with `Atc|*************` in the request header as the `x-amz-access-token`.

Why am I getting a Developer ID not associated with App ID error when using Authorization API?

Select to expand the answer.

The application must be published. To Publish your application, follow the steps below:

  1. Sign into Seller Central using the credentials that you used to register as a developer.
  2. In the Appstore menu, choose Develop Apps. The Developer Central page appears.
  3. Choose the drop down menu on the right hand side of your app and select “Edit Listing”.
  4. Edit the values on the page that you want to update, and make sure there is no information missing in the three sections of the process: App information, Pricing, and App details.
  5. If the information is not complete, you will see the option “Save and Exit” by the end of the third step. Go back and make sure you have entered all required information.
  6. Once you have entered all required information, choose “Save and submit” to confirm and send your app for Publishing.

Once this is complete, the app verification team will clear the the app and a case will be auto created. You will receive notification that the app will be approved within 10 days, which will allow you to make calls for third parties. For testing purposes, you can make calls for your own account though a self-authorization call.

If the issue continues, contact Developer Support.

Why do I receive "The application isn't configured with roles" when I run the Authorization API?

Select to expand the answer. This error is returned when roles are not properly added to a hybrid application when publishing or when the hybrid app has not completed publishing.

To resolve this error:

  • Ensure that your hybrid application has been completely published. After review, you will receive a notification from Amazon verifying that your application is fully published.
  • Check that SP-API roles have been added to your published hybrid application.

Other common errors

How can I avoid throttling errors?

Select to expand the answer.

In the Selling Partner API, the token bucket algorithm limits request rates. Refer to Usage Plans and Rate Limits in the SP-API for more information on avoiding throttling errors.

Batch operations

Currently the following batch operations are available for SP-API:

Refer to the May 2022 SP-API Release Announcement for more information.

Notification API

This API sends notifications instead of you having to send multiple requests to other APIs. Refer to the Notifications API v1 Use Case Guide for more information.

Rate Limiter

Please refer to the Strategies to Optimize Rate Limits for Your Application Workloads blog post to learn how to implement a client side rate limiter.

Why am I receiving "Credential should be scoped to a valid region"?

Select to expand the answer. Verify that the AWS region you added to the credentials scope while calculating the signature matches the endpoint you are sending the request to.

Review the SP-API Endpoints.

Why am I receiving "The security token included in the request is invalid"?

Select to expand the answer. Verify that the AWS access key and secret key pair you are using in the request are the one associated with IAM entity that you added to your application. If you are using IAM Role, you need to make a request to AWS STS to request temporary AWS keys and use those for the request.

Why am I getting a “Processing” message for the Transactions API Call?

Select to expand the answer.

The transaction status will be supported for following API operations:

  • Acknowledge Order
  • Submit Shipment Confirmations
  • Submit Shipment Status Updates
  • Shipping Label Request
  • Inventory Feed

If transaction status is “Processing” and not updated to “Failure” or “Success” after 5 minutes, that indicates transaction not successfully completed in our system. The “Success” status will be there if the transaction is successful and an error code will be provided for “Failure”.

You can’t use this API for “Invoice” messages as they are not supported to check and status will be always “Processing”.

For Shipping Label Requests, if the transaction is failed with a reason code like “Internal server error” which are terminal errors, you must create a “contact us” case to get the cause investigated. This generally happens due to operational constraints.

Why am I getting an error message for the “Submit Invoices” operation call?

Select to expand the answer.

The operation parameters must be filled out correctly. Consider these points when filling out the parameters to make the API call:

  • Invoice numbers must be unique and they should never be reused (even after one year).
  • If an invoice sent by API has failed due to incorrect data but paper invoice has the correct data then vendor should update it through API with correct data under same Invoice ID.
  • If invoice has wrong data (both paper and API) then invoice is cancelled and new invoice should be sent with new Invoice ID.
  • No invoice with total amount "0" should be sent, as this would cause the invoice to fail.
  • Amazon requires the full address details in the address segments for tax compliance reasons. This is especially important for the bill-to party. For this segment the Amazon Payee system requires an exact match.
  • Payment terms sent in invoice should match the payment terms agreed upon with the Amazon buyer
  • Item product identifier should match the order item product identifier that were sent to the vendor in matching Purchase Order. Invoice total amount should be equal to the total sum of the items, charges and allowances.
  • Total of tax amount for each line level must be equal to total of tax amount at header level.
  • Invoice total quantity should match the sum of the quantity of all items. Each different charges and allowance has to be itemized on the header level.

If one of these parameters are missing or filled out incorrectly, this will lead the API call to retrieve incorrect details. Make sure to provide the required information when submitting the operation.

Why am I getting a SPDC300 error?

Select to expand the answer.

This error can be caused by the use of certain HTML tags, in particular header tags <h1><h2><h3><h4>. Remove these header tags and only use the tags that are provided in the text editor.

This error can also indicate that the account status has moved to dormant due to lack of activity. You can update your credit card information to reactivate the account. The next time you log in to Seller Central, you will be redirected the credit card update page. Your account will be reinstated approximately 48 hours after the credit card has been updated.

I'm getting an "Unauthorized" error when calling the Authorization API. What is the solution?

Select to expand the answer.

To resolve this error, list your app with the following steps:

  1. Access Developer Central.
  2. Select Edit App for the app you want to list and choose Create listing from the pull down list.
  3. Enter the app info.
  4. Submit your app.

Why am I getting an Unauthorized - Access Denied error (403 error code) for my API request after completing registration successfully?

Select to expand the answer.

If you receive an Access Denied error for your API request, refer to the troubleshooting tips for Access to requested source is denied.

When you send HTTP requests to the Selling Partner API, you sign the requests so that Amazon can identify who sent them. You sign requests using your AWS access keys, which consists of an access key ID and a secret access key. If you registered your application with an IAM role, you must use AWS Security Token Service (AWS STS) to request temporary AWS access keys to sign your requests.

Restricting access to the IAM role or IAM user in the Service Control Policy (SCP) may cause access denied errors. If you use the Service Control Policy (SCP) to manage access permissions for your organization, ensure that SCP is not restricting the IAM user or IAM role for the member account.

For more information about using AWS STS and the AWS SDKs that can help with your implementation, refer to Requesting temporary security credentials in the AWS documentation.

If the error persists, log a support case with Amazon to further troubleshoot the issue. Include the following details in the support case:

  • Application ID
  • Request ID with timestamp
  • API operation (specify if it is a sandbox request)
  • Error response received

Why am I getting a 500 error when I make a request to get LWA Access Token in Postman?

Select to expand the answer.

If you are receiving 500 Internal Server Error, check that Content-Type header is set to application/x-www-form-urlencoded and the request parameters are added to the body and not as query parameters.

Why am I getting a 500 error when making a request to a sandbox endpoint?

Select to expand the answer.

The SP-API sandbox works like many mocking frameworks; it uses pattern matching to return a specified response when the specified parameters are present. A developer receives a response defined in the x-amazon-spds-sandbox-behaviors object when they send a request that matches the specified parameters.

If the request sent to the sandbox endpoint does not match the parameter values in the x-amazon-spds-sandbox-behaviors object, you will receive a "500 Internal Server Error" in the response. You must send the request with the exact values specified in the model.

If the API requires any parameters that are not specified in the x-amazon-spds-sandbox-behaviors object, the sandbox provides the response regardless of the parameter values in the request, as long as the request is valid.

To learn more about making a sandbox call to SP-API, see The Selling Partner API sandbox section of the Selling Partner API Developer Guide.

Why am I getting an MD1000 error code?

Select to expand the answer.

OAuth is the authorization process that other Sellers will initiate to authorize your application in the Appstore.

If you include the version=beta parameter, the workflow authorizes an application in Draft state. If you do not include the parameter version=beta, the workflow will authorize a published version of that app ID on the Appstore, otherwise will return an error code "MD1000".

Why am I getting an MD1000 error code when I initiate OAuth workflow?

Select to expand the answer.

If you have a SP-API application that is not published but the OAuth workflow points to Production workflow, this error is returned. To resolve, confirm the application is in Draft stage. If so, add version=beta parameter to OAuth Authorization URI constructed. Once the application is published, this parameter can be removed.

Why am I getting an MD5100 error code?

Select to expand the answer.

The MD5100 may be caused by the following issues:

  • Errors in the OAuth authorization URL.
  • Missing redirect links in the application.
  • If a user tries to authorize the hybrid application in a marketplace or region that was not added in the app.
  • Fragments in the URL.

Try these solutions to resolve a MD5100 error:

  • Check the application status:
  • If the application is in draft status, verify the URL includes version=beta.
  • If the application is published, verify the URL does not include version=beta. If version=beta is included in the URL, the OAuth process is initiated for the draft state of the application instead of the published state.
  • • If your application is for Amazon MWS only and you are trying to self-authorize the application, convert the application into a hybrid application by registering for SP-API. For more information, see Self-authorization.
  • Verify you have followed all steps for Authorizing Selling Partner API applications.
  • For hybrid applications, make sure you have added the MWS Developer ID for each region (NA|EU|FE) where you operate. You can add the MWS Developer ID by editing your application in Developer Central. For more information, refer to Create a hybrid application.
  • Verify that your application has a Login URI and Redirect URI. You can update the Login URI and Redirect URI by editing your application in Developer Central and updating the Login URI and Redirect URI details.
  • Verify the application supports the marketplace to which the developer is being authorized. In Developer Central, choose the Edit listing option for your application, and in the Pricing section, choose the marketplaces that the application should support.

If after reviewing these details the issue persist, submit a support case.

Why am I getting a SPDC8143 error code?

Select to expand the answer.

This error occurs when you are trying to authorize an application as a secondary user. To avoid this error, contact the account owner and ask them to perform this action for you.

Why am I getting an MD9000 error code?

Select to expand the answer.

This error occurs in the following scenarios:

  • When you try to self-authorize an application that only has Amazon MWS credentials, or
  • When you try to use a hybrid application globally but the Amazon MWS credentials are valid only for a specific region or marketplace.

Try these solutions to resolve MD9000 errors:

  • Check the application status:

  • If the application is in draft status, verify that the URL includes version=beta..

  • If the application is published, verify that the URL does not include version=beta. If version=beta is included in the URL, the OAuth process is initiated for the draft state of the application instead of the published state.

  • If your application is for Amazon MWS only and you are trying to self-authorize the application, convert the application into a hybrid application by registering for SP-API. For more information, refer to Self-authorization.

  • Verify you have followed all steps for Authorizing Selling Partner API applications.

  • For hybrid applications, make sure you have added the MWS Developer ID for each region (NA|EU|FE) where you operate. You can add the MWS Developer ID by editing your application in Developer Central. For more information, refer to Create a hybrid application.

  • Verify that your application has a Login URI and Redirect URI. You can update the Login URI and Redirect URI by editing your application in Developer Central and updating the Login URI and Redirect URI details.

  • Verify that the application supports the marketplace to which the developer is being authorized. In Developer Central, choose the Edit listing listing option for your application, and in the Pricing section, choose the marketplaces that the application should support.

If the issue persists, submit a support case.

Why am I still seeing the MWS authorization page instead of SP-API consent page when I initiate OAuth workflow?

Select to expand the answer.

Check if your application is missing Login URI and Redirect URI. You can update Login URI and Redirect URI by editing the app. Navigate to Appstore > Develop Apps and choose Edit App for the app you are using to view the App registration form and update the Login URI and Redirect URI details.

Why am I receiving an error when using a SKU with special characters?

Select to expand the answer.

The SKU you're using may have special characters, like a back or forward slash (\, /), that require URL encoding. This can be done programatically in several languages. Here is an example in Java:

import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.io.UnsupportedEncodingException*;*

 // Method to encode a SKU using the UTF-8 encoding scheme
  private static String encodeSKU(String sSKU) {
    try {
      return URLEncoder.encode(sSKU, StandardCharsets.UTF_8.toString());
    } catch (UnsupportedEncodingException ex) {
      e*.*printStackTrace*();*
    }
  }

Refer to URL encoding for more information.

📘

Didn't help?

If you didn't see your question or the answer didn't resolve the issue you're encountering, open a Support Case and we'll help you troubleshoot.