You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, we're trying to register for an API key for an internal app and we keep getting knocked back by Etsy.
Some background about us and our application, in bullets for brevity:
We manufacture our products ourselves
We sell them online direct-to-consumer on our own websites, Amazon, and Etsy – these are our "channels"
We have an internal application that is used by our team to:
Update inventory across all channels – when a sale is made on channel 1 we update stock on all other channels via API calls so we don't double-sell
Book shipping with couriers (DHL, FedEx) via their APIs
Update the status of the order on the channel once it's shipped – supplying the tracking code to the customer.
While registering for a key we submitted the URL for our internal application. It lives in Heroku and uses HTTP AUTH so when clicked there is a blank page and a login. It also redirects to use HTTPS/SSL.
The latest response from Etsy's developer support team covers 2 points:
"You must keep your application, site, and any Etsy user data secure."
"A valid and active URL may be, but not limited to, a site wherein we can see the features you're offering for the app that you're still developing. This allows us to review your app, and ensure it is in keeping with Etsy rules and policies."
Regarding point 1 – Is HTTP AUTH over SSL not considered secure?
Regarding point 2 – Because this is an internal application there's no shiny landing page, sign up page, explanation of features etc. And naturally, for data protection reasons we won't be supplying Etsy with the HTTP AUTH credentials.
We understand the need to ensure consumers of the API are good actors. Having gone through the Amazon API registration process, the Etsy process is really vague... For example, on Amazon they ask what data is required, how it's used, how long it's stored for, how it's stored at rest etc.
Etsy only allows 500 characters to explain the application and data protection policies, then rejects applications without providing clear, actionable requirements. In addition, responses to emails take 4-5 days.
We would be grateful to anyone, and more so Etsy, for some advice on how to successfully register an application for our use case.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello, we're trying to register for an API key for an internal app and we keep getting knocked back by Etsy.
Some background about us and our application, in bullets for brevity:
While registering for a key we submitted the URL for our internal application. It lives in Heroku and uses HTTP AUTH so when clicked there is a blank page and a login. It also redirects to use HTTPS/SSL.
The latest response from Etsy's developer support team covers 2 points:
"You must keep your application, site, and any Etsy user data secure."
"A valid and active URL may be, but not limited to, a site wherein we can see the features you're offering for the app that you're still developing. This allows us to review your app, and ensure it is in keeping with Etsy rules and policies."
Regarding point 1 – Is HTTP AUTH over SSL not considered secure?
Regarding point 2 – Because this is an internal application there's no shiny landing page, sign up page, explanation of features etc. And naturally, for data protection reasons we won't be supplying Etsy with the HTTP AUTH credentials.
We understand the need to ensure consumers of the API are good actors. Having gone through the Amazon API registration process, the Etsy process is really vague... For example, on Amazon they ask what data is required, how it's used, how long it's stored for, how it's stored at rest etc.
Etsy only allows 500 characters to explain the application and data protection policies, then rejects applications without providing clear, actionable requirements. In addition, responses to emails take 4-5 days.
We would be grateful to anyone, and more so Etsy, for some advice on how to successfully register an application for our use case.
Beta Was this translation helpful? Give feedback.
All reactions