Authorization with the Restricted Data Token


Operations that return restricted data (such as Personally Identifiable information, or PII) are considered restricted operations, and require special authorization in the form of a Restricted Data Token (RDT). An RDT provides authorization to get the PII required to perform functions such as shipping, tax invoicing, or tax remittance services. You authorize calls to restricted operations by passing an RDT in the x-amz-access-token header when calling a restricted operation. This is in contrast to passing the LWA access token in the header, as you do with other SP-API operations. For more information, see Step 3. Add headers to the URI in the Selling Partner API Developer Guide.

# How do I get an RDT?

Unless you have a delegatee application (see Terminology in the Tokens Use Case Guide), you get an RDT by calling the createRestrictedDataToken operation of the Tokens API. If you have a delegatee application, you get an RDT from the delegator application that your application is integrated with. For more information about authorizing calls using the RDT, including delegating authorization, see the Tokens API Use Case Guide.