FAQ

Why should I fill out the Developer or Agency Self-Disclosure?: In order for us to best assist you, it is important that you provide us with detailed information about your business and service.
As a retailer, where can I find a service provider for technical integration?: You can find all currently connected OTTO Market service providers on https://www.otto.market/de/vorteile-und-services/dienstleister.html
What has changed with the developer functionalities compared to the previous process?: With the launch of the OTTO Market Developer Program, the way developers and partners work together is changing. We are replacing the old password credential flow with an OAuth flow. This means that partners no longer share their credentials, but instead give developers permission to exchange data with OTTO.de on their behalf. After confirmation of the consent by the developer, a so-called app (connection) is created, which has its own access data for authentication. Developers can independently retrieve the credentials for each app to perform authentication. A token is still retrieved, which in turn is required for all other operations, as was the case previously.

What are the recommended minimum information security requirements for OTTO Market Developers?: We recommend

- Designating one or more dedicated contact persons for the topic of information security

- Obtaining information security certifications (e.g. DIN ISO 27001) for your company

- If order data (including personal customer data) is retrieved and provided to your customers, to agree on a contract for order processing in accordance with the "DSGVO"

- Performing penetration tests at least annually (e.g. Scope OWASP Top 10)

These recommendations are not mandatory for a registration.
What content should a management summary of a penetration test contain?: Specification of the external company that performed the penetration test

The scope (system environment, application scope, application stack) of the security audit

A description of the approach and testing timeframe

An indication of the tools used to perform the security audit

A list of the penetration test results

I can´t register because my mail address seems to be invalid or already in use?: If you have already registered your mail address with us as a user with a partner (merchant), you cannot use it again. We recommend that you use a different e-mail address or a mail suffix.
How do I reset two-factor authentication in Selfservice? : There is a function that allows you, as a partner, to reset two-factor authentication by yourself. This action can only be performed by users who have administration rights for user management. To do this, go to the Developer Portal with another user account via the settings in the "User administration". Please click on the three dots that are visible next to the corresponding user. Select "View/Edit". Then the user overview will open and you have the option to click the "Delete second factor" field. As soon as you click on "Delete second factor", a note will appear stating that this action cannot be undone. Therefore, the deletion of the two-factor authentication must be confirmed again.

Note: If you are the sole user of your account, it is not possible to reset the two-factor authentication yourself. In this case, please contact partnerintegration@otto.market directly.

Why do I initially have a limit of three installations as a developer?: With the "Private Production Apps" authorization, you can initially only create private apps. In private access, the maximum number of installations is initially limited to three. If you require a higher limit, simply contact us. We will talk to you about whether increasing the limit or applying for "Public Production Apps" authorization without a limit would be the right thing for you.
I can´t see the OTTO Market Apps tab after GoLive: To access the OTTO Market App tab and to create OTTO Market Apps for the productive environment you need the role "Production".

How do I explain to my partners how to connect with me?: The introduction of the OTTO Market Developer Program also affects the general way partners interact with the OTTO Market Partner API. As long as the OTTO Market Developer Program is in beta, please contact us so that we can activate your partners to work with you.

After activation, partners will see a list of connected developers / service providers in OTTO Partner Connect and will be able to request a connection (give their consent). After you as a developer / service provider have confirmed this request, an app (connection) will be created.

You can find more information as a developer / service provider as well as a partner in our documentation on OTTO Market API.
How can I change the range of scopes for existing apps?: If you want to change the scopes of your app after at least one trader has installed your app and agreed to the data exchange, you must create a new app and ask the trader to also install the new app and agree to the data exchange. Once you have ensured that the merchant will only exchange data via the new app installation, the merchant can delete the "old" app installation.

General