In-home assembly & installation
Pull add-on jobs (furniture assembly, TV mounting, appliance and HVAC installation, fitness-equipment setup) and dispatch a technician to the buyer’s address.
This role unlocks the Services API v1: the operations that let a seller pull in-home service jobs, schedule appointments and dispatch technicians. Because a service job returns the buyer's name, phone and full service address, Amazon classes it as restricted and gates it on compliance, not on how well your application is written. We rebuild the exact security and data-handling file Amazon scores, so the reason behind your refusal is gone.
In Amazon’s own words, the Professional Services (Restricted) role “provides access to operations that provide add-on services such as assembly and installation to Amazon buyers.” It is the single role that gates Amazon’s Services API v1.
The role controls the Services API v1 (base path /service/v1/). Amazon’s Services API v1 use-case guide states this is the only required role for all of its operations, available to Sellers only, in the NA, EU and FE regions.
Amazon’s roles documentation names two operations explicitly under this role: getServiceJobs (“returns a list of service job details for the specified filter query”) and addAppointmentForServiceJobByServiceJobId: “adds an appointment to the service job indicated by the service job identifier specified.” The role gates the full Services API v1 set, not just those two.
“Restricted” is Amazon’s own classification: it means the role “requires sensitive information, which might include personally identifiable information (PII).” For any restricted role you “must provide additional information about your data use and security controls”, which is the file Amazon actually scores.
The use-case guide groups the 17 operations into four workflow stages. These run a service seller’s whole job lifecycle: from finding work that needs action, to staffing it, to closing it out with proof.
Stage 1: Getting service job data. getServiceJobs returns the list of jobs requiring seller action by filter query (marketplaceIds is required); getServiceJobByServiceJobId retrieves a single job by ID. Amazon describes these as helping service providers “get and modify their service orders.”
Stage 2: Setting appointments & assigning resources. addAppointmentForServiceJobByServiceJobId books an appointment; rescheduleAppointmentForServiceJobByServiceJobId moves it; assignAppointmentResources assigns the technician(s) to the slot.
Stage 3: Closing service jobs. setAppointmentFulfillmentData records fulfilment; createServiceDocumentUploadDestination creates an upload destination for proof / fulfilment documents; completeServiceJobByServiceJobId and cancelServiceJobByServiceJobId close or cancel the job.
Stage 4: Capacity & scheduling. updateSchedule, createReservation, updateReservation and cancelReservation set crew availability; getAppointmentSlots, getAppointmentSlotsByJobId, getRangeSlotCapacity and getFixedSlotCapacity read available capacity. Amazon’s capability summary covers accessing job details, confirming or rescheduling appointments, setting resource assignments and fulfilment data, setting capacity schedules that drive appointment availability, and integrating services data for route and fulfilment planning.
The core serviceJobStatus enum has seven values: NOT_SERVICED, CANCELLED, COMPLETED, PENDING_SCHEDULE, NOT_FULFILLABLE, HOLD and PAYMENT_DECLINED. getServiceJobs can also filter by serviceOrderIds, productOrderIds, trackingIds, schedule dates, ASINs, required skills and store IDs.
A ServiceJob payload is high-sensitivity because it combines a buyer’s identity, their physical location and a scheduled time. That is the exact reason the role is “Restricted” and requires a Restricted Data Token.
buyer: the buyer’s name, phone and isPrimeMember.
serviceLocation → address: the buyer’s full home / service address and phone: addressLine1, addressLine2, addressLine3, city, county, district, stateOrRegion, postalCode, countryCode, phone and name.
appointmentTime: startTime and durationInMinutes: when a technician will be at that address.
scopeOfWork (asin, title, quantity, requiredSkills) and associatedItems (asin, title, quantity, orderId, itemStatus, brandName, itemDelivery), plus assignedTechnicians (technicianId, name).
Why Amazon restricts it. Buyer name + full street address + phone + a scheduled time is exactly enough to physically locate a person at a known moment. Amazon’s class definition is explicit: a restricted role “requires sensitive information, which might include personally identifiable information (PII).”
Restricted Data Token (RDT). Because the payload carries PII, restricted Services operations require a Restricted Data Token issued by the Tokens API (createRestrictedDataToken). The RDT is passed in place of the normal access token on the restricted call before the PII fields are returned.
The role exists for one shape of business: sellers who deliver an add-on service in person at the buyer’s location, and the software that runs that operation. It is Sellers only, in NA, EU and FE.
Pull add-on jobs (furniture assembly, TV mounting, appliance and HVAC installation, fitness-equipment setup) and dispatch a technician to the buyer’s address.
Confirm slots, reschedule when a buyer changes plans, and manage no-shows with addAppointmentForServiceJobByServiceJobId and reschedule operations.
Assign technicians via assignAppointmentResources and feed addresses and time windows into routing software, the guide explicitly calls out route and fulfilment planning.
Set crew availability via updateSchedule and the reservation operations so the storefront only offers slots that can actually be staffed.
Upload completion documents and photos with createServiceDocumentUploadDestination, record fulfilment data, and mark jobs complete or cancelled.
Monitor on-time starts, completion within the appointment window, no-shows and fulfilment breaks, by reading serviceJobStatus and appointment data.
Needs it: service sellers offering Amazon add-on / professional services (installers, assemblers, repair, HVAC and appliance technicians, in-home setup providers); field-service management (FSM) and dispatch / scheduling platforms; WMS / OMS / ERP that must merge a product order with its linked service order (associatedItems.orderId ties a service job to the product purchase); routing and last-mile tools consuming address and appointment time; and workforce / capacity-planning tools driving slot availability.
Does not need it: pure online retail or FBA sellers with no in-home service component. The role is Sellers only and limited to NA, EU and FE.
A restricted-role review is a security and data-protection assessment. Amazon scores compliance and consistency, not copy. For this role, that means proving you can hold a buyer’s name, phone and front-door address responsibly.
Application answers, written consistently. Every questionnaire and free-form security answer, telling one story: why the role is needed, which PII fields you use, and how you protect them.
A role-by-role justification. A clear purpose, legal basis and retention period for the buyer name, phone, service address and appointment time the role returns, scoped to delivering the service and nothing more.
A publishable Data Handling & Privacy Policy. One of the two things Amazon checks for a private app: a real policy page covering collection, processing, storage, use, sharing and disposal.
An implementation checklist. Every control in plain language: PII kept no longer than 30 days after delivery then securely deleted, TLS 1.2+ in transit and AES-128+ at rest, least-privilege access with MFA, PII-free logs retained 12+ months, an incident-response runbook with 24-hour notification, and authentication via Amazon’s OAuth (Login with Amazon) only.
We are a marketplace-compliance firm, not a development agency. We never need your code, servers or Amazon account: we build the file; your IT lead implements the checklist on your infrastructure.
Amazon rarely tells you what went wrong. The decision almost always comes down to one phrase: your security and compliance documentation did not meet requirements. For this role, that usually means one or more of these:
Amazon reviews evidence, not promises. We remove every one of these reasons, so there is no compliance ground left to refuse you on.
Start the form and we will confirm your role, your path and your next steps. The standard restricted-role file is 650 €, delivered in 48 hours, obtained or refunded subject to our T&Cs. Building installation or field-service software for many sellers? Book a call for a tailored scope.
Content reviewed by Loïc Segui (COO & CTO), Fenchell’s Marketplace Compliance Team · last updated 29 June 2026. We never promise approval: even when your file is prepared correctly, Amazon retains the right not to grant restricted access without justification. The figures shown on this page (accesses obtained, success rate) are based on real client cases and do not constitute a guarantee of outcome; results vary depending on your situation and Amazon’s decision. Fenchell Capital OOD, Bulgarian firm based in Plovdiv (EIK 207945095).
Best Service. “Getting approved for access to the Amazon API was a real challenge for us. Fenchel and their team stepped in, audited our functionality, and helped us understand precisely what Amazon's software review team was looking for — which made all the difference.”