E-commerce · Amazon SP-API · Restricted role

Professional Services (Restricted) role

This role unlocks the Services API v1: the operations that let a seller pull in-home service jobs, schedule appointments and dispatch technicians. Because a service job returns the buyer's name, phone and full service address, Amazon classes it as restricted and gates it on compliance, not on how well your application is written. We rebuild the exact security and data-handling file Amazon scores, so the reason behind your refusal is gone.

Services API v1 getServiceJobs Buyer name, phone & address Restricted Data Token
Amazon does not approve the Professional Services role because the application is well written. It approves because the application demonstrates compliance. This role hands an app the buyer’s name, phone and front door, so the review is a data-protection assessment. That is exactly what we rebuild.
What the role is

What the Professional Services role controls

In Amazon’s own words, the Professional Services (Restricted) role “provides access to operations that provide add-on services such as assembly and installation to Amazon buyers.” It is the single role that gates Amazon’s Services API v1.

Definition, scope and what it gates

The role controls the Services API v1 (base path /service/v1/). Amazon’s Services API v1 use-case guide states this is the only required role for all of its operations, available to Sellers only, in the NA, EU and FE regions.

Amazon’s roles documentation names two operations explicitly under this role: getServiceJobs (“returns a list of service job details for the specified filter query”) and addAppointmentForServiceJobByServiceJobId: “adds an appointment to the service job indicated by the service job identifier specified.” The role gates the full Services API v1 set, not just those two.

“Restricted” is Amazon’s own classification: it means the role “requires sensitive information, which might include personally identifiable information (PII).” For any restricted role you “must provide additional information about your data use and security controls”, which is the file Amazon actually scores.

The API in practice

The Services API v1, operation by operation

The use-case guide groups the 17 operations into four workflow stages. These run a service seller’s whole job lifecycle: from finding work that needs action, to staffing it, to closing it out with proof.

Four workflow stages

Stage 1: Getting service job data. getServiceJobs returns the list of jobs requiring seller action by filter query (marketplaceIds is required); getServiceJobByServiceJobId retrieves a single job by ID. Amazon describes these as helping service providers “get and modify their service orders.”

Stage 2: Setting appointments & assigning resources. addAppointmentForServiceJobByServiceJobId books an appointment; rescheduleAppointmentForServiceJobByServiceJobId moves it; assignAppointmentResources assigns the technician(s) to the slot.

Stage 3: Closing service jobs. setAppointmentFulfillmentData records fulfilment; createServiceDocumentUploadDestination creates an upload destination for proof / fulfilment documents; completeServiceJobByServiceJobId and cancelServiceJobByServiceJobId close or cancel the job.

Stage 4: Capacity & scheduling. updateSchedule, createReservation, updateReservation and cancelReservation set crew availability; getAppointmentSlots, getAppointmentSlotsByJobId, getRangeSlotCapacity and getFixedSlotCapacity read available capacity. Amazon’s capability summary covers accessing job details, confirming or rescheduling appointments, setting resource assignments and fulfilment data, setting capacity schedules that drive appointment availability, and integrating services data for route and fulfilment planning.

The core serviceJobStatus enum has seven values: NOT_SERVICED, CANCELLED, COMPLETED, PENDING_SCHEDULE, NOT_FULFILLABLE, HOLD and PAYMENT_DECLINED. getServiceJobs can also filter by serviceOrderIds, productOrderIds, trackingIds, schedule dates, ASINs, required skills and store IDs.

None of those operations is the reason the role is hard to get. The reason is the data inside the response, and why Amazon gates it.
The data it unlocks

The buyer data it unlocks, and why Amazon gates it

A ServiceJob payload is high-sensitivity because it combines a buyer’s identity, their physical location and a scheduled time. That is the exact reason the role is “Restricted” and requires a Restricted Data Token.

The exact PII fields returned

buyer: the buyer’s name, phone and isPrimeMember.

serviceLocation → address: the buyer’s full home / service address and phone: addressLine1, addressLine2, addressLine3, city, county, district, stateOrRegion, postalCode, countryCode, phone and name.

appointmentTime: startTime and durationInMinutes: when a technician will be at that address.

scopeOfWork (asin, title, quantity, requiredSkills) and associatedItems (asin, title, quantity, orderId, itemStatus, brandName, itemDelivery), plus assignedTechnicians (technicianId, name).

Why Amazon restricts it. Buyer name + full street address + phone + a scheduled time is exactly enough to physically locate a person at a known moment. Amazon’s class definition is explicit: a restricted role “requires sensitive information, which might include personally identifiable information (PII).”

Restricted Data Token (RDT). Because the payload carries PII, restricted Services operations require a Restricted Data Token issued by the Tokens API (createRestrictedDataToken). The RDT is passed in place of the normal access token on the restricted call before the PII fields are returned.

Use cases

Who needs the Professional Services role

The role exists for one shape of business: sellers who deliver an add-on service in person at the buyer’s location, and the software that runs that operation. It is Sellers only, in NA, EU and FE.

In-home assembly & installation

Pull add-on jobs (furniture assembly, TV mounting, appliance and HVAC installation, fitness-equipment setup) and dispatch a technician to the buyer’s address.

Appointment scheduling

Confirm slots, reschedule when a buyer changes plans, and manage no-shows with addAppointmentForServiceJobByServiceJobId and reschedule operations.

Technician dispatch & routing

Assign technicians via assignAppointmentResources and feed addresses and time windows into routing software, the guide explicitly calls out route and fulfilment planning.

Capacity management

Set crew availability via updateSchedule and the reservation operations so the storefront only offers slots that can actually be staffed.

Job closeout & proof

Upload completion documents and photos with createServiceDocumentUploadDestination, record fulfilment data, and mark jobs complete or cancelled.

Performance & SLA tracking

Monitor on-time starts, completion within the appointment window, no-shows and fulfilment breaks, by reading serviceJobStatus and appointment data.

Who needs it, and who does not

Needs it: service sellers offering Amazon add-on / professional services (installers, assemblers, repair, HVAC and appliance technicians, in-home setup providers); field-service management (FSM) and dispatch / scheduling platforms; WMS / OMS / ERP that must merge a product order with its linked service order (associatedItems.orderId ties a service job to the product purchase); routing and last-mile tools consuming address and appointment time; and workforce / capacity-planning tools driving slot availability.

Does not need it: pure online retail or FBA sellers with no in-home service component. The role is Sellers only and limited to NA, EU and FE.

So if your business is the right shape, why do these applications still come back rejected? Almost never because of the product. Almost always because of the file.
Getting approved

How to get the Professional Services role approved

A restricted-role review is a security and data-protection assessment. Amazon scores compliance and consistency, not copy. For this role, that means proving you can hold a buyer’s name, phone and front-door address responsibly.

The compliance file Amazon scores

Application answers, written consistently. Every questionnaire and free-form security answer, telling one story: why the role is needed, which PII fields you use, and how you protect them.

A role-by-role justification. A clear purpose, legal basis and retention period for the buyer name, phone, service address and appointment time the role returns, scoped to delivering the service and nothing more.

A publishable Data Handling & Privacy Policy. One of the two things Amazon checks for a private app: a real policy page covering collection, processing, storage, use, sharing and disposal.

An implementation checklist. Every control in plain language: PII kept no longer than 30 days after delivery then securely deleted, TLS 1.2+ in transit and AES-128+ at rest, least-privilege access with MFA, PII-free logs retained 12+ months, an incident-response runbook with 24-hour notification, and authentication via Amazon’s OAuth (Login with Amazon) only.

We are a marketplace-compliance firm, not a development agency. We never need your code, servers or Amazon account: we build the file; your IT lead implements the checklist on your infrastructure.

The real reason

Why Professional Services applications get rejected

Amazon rarely tells you what went wrong. The decision almost always comes down to one phrase: your security and compliance documentation did not meet requirements. For this role, that usually means one or more of these:

  • Weak justification for the address and phone: not showing why a technician truly needs the buyer’s full service address and contact number.
  • No field-level data inventory mapping which ServiceJob PII fields you use, where and why.
  • Documentary inconsistency: the application answers, the privacy policy and the security procedures contradict each other.
  • Generic, copy-paste answers and vague wording that prove nothing.
  • PII retention not capped or not provably automated: no enforced 30-day deletion of buyer addresses and appointment data.
  • Logs that store buyer PII, or no evidence of access reviews and offboarding for technicians and dispatchers.
  • Any hint of credential harvesting: asking for Seller Central passwords or keys is an automatic refusal.
  • Any hint of cross-seller data aggregation or resale of Amazon-derived service or buyer data.
  • A public website that does not match the role, no visible installation / in-home service capability to back the request.
  • An incomplete Data Handling & Privacy Policy that does not meet Amazon’s restricted-roles standard.

Amazon reviews evidence, not promises. We remove every one of these reasons, so there is no compliance ground left to refuse you on.

Frequently asked questions

What is the Professional Services (Restricted) role on Amazon SP-API?
It is the Selling Partner API role that, in Amazon’s own words, “provides access to operations that provide add-on services such as assembly and installation to Amazon buyers.” It gates the Services API v1, which lets a service seller pull service jobs, schedule and reschedule appointments, assign technicians and manage capacity. “Restricted” means the role returns sensitive data, including personally identifiable information (PII).
Which API and operations does the Professional Services role control?
It controls the Services API v1 (base path /service/v1/). The Services API v1 use-case guide states this is the only required role for all its operations. Amazon’s roles doc names two operations under the role: getServiceJobs (returns a list of service job details for a filter query) and addAppointmentForServiceJobByServiceJobId (adds an appointment to the indicated service job). The role gates the full Services API v1 operation set: getting jobs, appointments, resource assignment, fulfilment, and capacity.
Why is the Professional Services role “Restricted”?
Because its operations return buyer PII. A ServiceJob payload exposes the buyer’s name and phone, the full service (home) address, and the appointment time, exactly enough to physically locate a person at a known time. Amazon’s roles doc defines a restricted role as one that “requires sensitive information, which might include personally identifiable information (PII).” For restricted roles you must provide additional information about your data use and security controls.
What buyer data does getServiceJobs actually return?
The ServiceJob payload includes buyer.name and buyer.phone; the serviceLocation address (addressLine1, addressLine2, addressLine3, city, county, district, stateOrRegion, postalCode, countryCode, plus phone and name); appointmentTime (startTime and durationInMinutes); the scopeOfWork (asin, title, quantity, requiredSkills) and associatedItems (including orderId tying the job to the product order); and assignedTechnicians. This combination of name, full address, phone and a scheduled time is why Amazon gates it.
Do I need a Restricted Data Token (RDT) for the Services API?
Yes. Because the role is restricted and the payload carries PII, the restricted Services operations require a Restricted Data Token issued by the Tokens API (createRestrictedDataToken). The RDT is passed in place of the normal access token on the restricted call before the PII fields are returned. (Amazon’s public restricted-operations list page did not enumerate the Services paths in our last research pass, so treat the specific path mapping as implementation detail to confirm against the live docs.)
What service job statuses exist?
The serviceJobStatus enum has seven values: NOT_SERVICED, CANCELLED, COMPLETED, PENDING_SCHEDULE, NOT_FULFILLABLE, HOLD and PAYMENT_DECLINED. getServiceJobs lets you filter by status (and by service order IDs, product order IDs, schedule dates, ASINs, required skills and more). Note that marketplaceIds is a required parameter on getServiceJobs.
Can I reschedule, cancel or close jobs through the API?
Yes. The Services API v1 covers the full lifecycle: confirm or reschedule appointments (rescheduleAppointmentForServiceJobByServiceJobId), assign resources (assignAppointmentResources), set fulfilment data (setAppointmentFulfillmentData), upload proof documents (createServiceDocumentUploadDestination), and complete or cancel jobs (completeServiceJobByServiceJobId, cancelServiceJobByServiceJobId). Capacity is driven by updateSchedule and the reservation operations.
Who needs the Professional Services role, and who does not?
It is for Amazon service sellers offering in-person add-on services (installers, assemblers, repair, HVAC and appliance technicians, in-home setup providers) and for the field-service, dispatch, routing and WMS/OMS/ERP software that supports them (the guide explicitly calls out route and fulfilment planning). It is Sellers only, in the NA, EU and FE regions. Pure online retail or FBA sellers with no in-home service component do not need it.
How do I get the Professional Services (Restricted) role approved?
Amazon approves on compliance, not on how well the application is written. You need a credible business justification for the role and its PII, every application answer written consistently, a publishable Data Handling & Privacy Policy, and an implementation checklist covering retention, encryption, access control, logging and incident response. Fenchell rebuilds that exact file so the reason behind a refusal is removed, without ever touching your code, servers or Amazon account.
Why do Professional Services applications get rejected?
Almost always because the security and compliance documentation did not meet requirements, not because the product is weak. Common causes: the application answers, privacy policy and security procedures contradict each other; generic copy-paste answers; weak justification for needing buyer address and phone; no field-level data inventory; PII retention not capped or not provably automated; logs that store PII; any hint of credential harvesting or cross-seller data resale; or a public website that does not match the role requested.
Do I need an EU company to apply for the Professional Services role?
Not strictly, but a properly established company with a clean public presence and a real data-handling policy makes approval easier, and a compliant EU structure helps with VAT and data-protection expectations. Fenchell can set up a compliant Bulgarian company, 100% remotely, and align your structure, your VAT and your Amazon application so they all support each other.
How much does it cost and how long does it take?
The standard Professional Services restricted-role file is a one-time 650 EUR, delivered within 48 hours of payment, with up to 3 submission attempts. Public apps offered to many sellers are a larger engagement, quoted after a short call. After delivery, submission timing depends on how fast your team implements the checklist, and Amazon controls its own review time. We never promise approval (Amazon keeps the final decision) but we remove the compliance reasons it refuses on.
How long does Amazon take to approve the Professional Services role?
Amazon controls the final timing, so there is no guaranteed deadline. In our experience preparing restricted-role applications since 2018, a complete, compliant submission is typically reviewed within roughly 2 to 6 weeks. Public apps that also require the third-party Data Security Assessment add about a month for that step. The single biggest accelerator is a file that meets Amazon's security and compliance bar on the first attempt, which is exactly what we build.

Get the Professional Services role approved

Start the form and we will confirm your role, your path and your next steps. The standard restricted-role file is 650 €, delivered in 48 hours, obtained or refunded subject to our T&Cs. Building installation or field-service software for many sellers? Book a call for a tailored scope.

Content reviewed by Loïc Segui (COO & CTO), Fenchell’s Marketplace Compliance Team · last updated 29 June 2026. We never promise approval: even when your file is prepared correctly, Amazon retains the right not to grant restricted access without justification. The figures shown on this page (accesses obtained, success rate) are based on real client cases and do not constitute a guarantee of outcome; results vary depending on your situation and Amazon’s decision. Fenchell Capital OOD, Bulgarian firm based in Plovdiv (EIK 207945095).

Best Service. “Getting approved for access to the Amazon API was a real challenge for us. Fenchel and their team stepped in, audited our functionality, and helped us understand precisely what Amazon's software review team was looking for — which made all the difference.”
Verified client review · unprompted · March 2026
4.8/5 Rated by 250 verified clients on eKomi · Fenchell across all services
Start my application