eBay Trading APIVersion 1349
 

GetChallengeToken

Use this call to retrieve a botblock token and URLs for an image and audio clip, one of which the user needs to match. Use this call in any process for which you would find a botblock challenge to be of value.

No special input fields are needed to make this call. To use this call:

  1. Call GetChallengeToken to get a token, an image-challenge URL, and an audio-challenge URL (returned in ChallengeToken, ImageChallengeURL, and AudioChallengeURL, respectively).

    When input into a browser, the audio challenge is presented as a QuickTime clip that speaks a series of numbers.

  2. Present either the image or the audio track to the user, and capture their response.
  3. Call ValidateChallengeInput with the challenge token and the user's response. Set KeepTokenValid to 1 if you want the retrieved token to remain valid for a short period of time (two minutes).

    The response from ValidateChallengeInput indicates whether or not the token is valid.

You can use this call in conjunction with the PlaceOffer process.

You can test GetChallengeToken in the Sandbox, and review both the image and audio challenges returned by the call. However, ValidateChallengeInput is not currently supported in the Sandbox. Still, you can use the Sandbox to test retrieving the challenges, presenting them, and capturing a user's response.



Input

See also Samples.

The box below lists all fields that could be included in the call request. To learn more about an individual field or its type, click its name in the box (or scroll down to find it in the table below the box).

See also the Deprecated Objects link above. Fields presented in this color are deprecated, and fields presented in this color are (or soon will be) non-operational.

The XML prototype does not include requester credentials. This is a documentation limitation only (see Standard Requester Credentials for Making Calls).

<?xml version="1.0" encoding="utf-8"?>
<GetChallengeTokenRequest xmlns="urn:ebay:apis:eBLBaseComponents">
  <!-- (No call-specific Input fields) -->

  <!-- Standard Input Fields -->
  <ErrorLanguage> string </ErrorLanguage>
  <MessageID> string </MessageID>
  <Version> string </Version>
  <WarningLevel> WarningLevelCodeType </WarningLevel>
</GetChallengeTokenRequest>
Argument Type Occurrence Meaning
(No call-specific fields)
Standard Input Fields  
ErrorLanguage string Optional Use ErrorLanguage to return error strings for the call in a different language from the language commonly associated with the site that the requesting user is registered with. Below are some examples from different countries.

ID Country
en_AU Australia
de_AT Austria
nl_BE Belgium (Dutch)
fr_BE Belgium (French)
en_CA Canada
fr_CA Canada (French)
zh_CN China
fr_FR France
de_DE Germany
zh_HK Hong Kong
en_IN India
en_IE Ireland
it_IT Italy
nl_NL Netherlands
en_SG Singapore
es_ES Spain
de_CH Switzerland
en_GB United Kingdom
en_US United States
MessageID string Optional Most Trading API calls support a MessageID element in the request and a CorrelationID element in the response. If you pass in a MessageID in a request, the same value will be returned in the CorrelationID field in the response. Pairing these values can help you track and confirm that a response is returned for every request and to match specific responses to specific requests. If you do not pass a MessageID value in the request, CorrelationID is not returned.

Note: GetCategories is designed to retrieve very large sets of metadata that change once a day or less often. To improve performance, these calls return cached responses when you request all available data (with no filters). When this occurs, the MessageID and CorrelationID fields aren't applicable. However, if you specify an input filter to reduce the amount of data returned, the calls retrieve the latest data (not cached). When this occurs, MessageID and CorrelationID are applicable.
Version string Conditional The version number of the API code that you are programming against (e.g., 1149). The version you specify for a call has these basic effects:
  • It indicates the version of the code lists and other data that eBay should use to process your request.
  • It indicates the schema version you are using.
You need to use a version that is greater than or equal to the lowest supported version.
For the SOAP API: If you are using the SOAP API, this field is required. Specify the version of the WSDL your application is using.

For the XML API: If you are using the XML API, this field has no effect. Instead, specify the version in the X-EBAY-API-COMPATIBILITY-LEVEL HTTP header. (If you specify Version in the body of an XML API request and it is different from the value in the HTTP header, eBay returns an informational warning that the value in the HTTP header was used instead.)

See:
    HTTP headers
    eBay Schema Versioning Strategy
    Lowest Supported Version

WarningLevel WarningLevelCodeType Optional Controls whether or not to return warnings when the application passes unrecognized or deprecated elements in a request.

An unrecognized element is one that is not defined in any supported version of the schema. Schema element names are case-sensitive, so using WarningLevel can also help you remove any potential hidden bugs within your application due to incorrect case or spelling in field names before you put your application into the Production environment.

WarningLevel only validates elements; it doesn't validate XML attributes. It also doesn't control warnings related to user-entered strings or numbers, or warnings for logical errors.

We recommend that you only use this during development and debugging. Do not use this in requests performed in the Production environment.

Applicable values:

High
(in) The WarningLevel value is set to High if the user wishes to receive warnings when the application passes unrecognized or deprecated elements in an API call request. Setting the WarningLevel value to High is not recommended in a production environment. Instead, it should only be used during the development/debugging stage.
Low
(in) The WarningLevel value is set to Low if the user does not wish to receive warnings when the application passes unrecognized or deprecated elements in an API call request. This is the default value if WarningLevel is not specified in the call request.

See Warning Level.



Output

See also Samples.

The box below lists all fields that might be returned in the response. To learn more about an individual field or its type, click its name in the box (or scroll down to find it in the table below the box).

See also the Deprecated Objects link above. Fields presented in this color are deprecated, and fields presented in this color are not returned (or soon will not be returned) or are not operational (or soon will be non-operational).

<?xml version="1.0" encoding="utf-8"?>
<GetChallengeTokenResponse xmlns="urn:ebay:apis:eBLBaseComponents">
  <!-- Call-specific Output Fields -->
  <AudioChallengeURL> string </AudioChallengeURL>
  <ChallengeToken> string </ChallengeToken>
  <ImageChallengeURL> string </ImageChallengeURL>
  <!-- Standard Output Fields -->
  <Ack> AckCodeType </Ack>
  <Build> string </Build>
  <CorrelationID> string </CorrelationID>
  <Errors> ErrorType
    <ErrorClassification> ErrorClassificationCodeType </ErrorClassification>
    <ErrorCode> token </ErrorCode>
    <ErrorParameters ParamID="string"> ErrorParameterType
      <Value> string </Value>
    </ErrorParameters>
    <!-- ... more ErrorParameters nodes allowed here ... -->
    <LongMessage> string </LongMessage>
    <SeverityCode> SeverityCodeType </SeverityCode>
    <ShortMessage> string </ShortMessage>
  </Errors>
  <!-- ... more Errors nodes allowed here ... -->
  <HardExpirationWarning> string </HardExpirationWarning>
  <Timestamp> dateTime </Timestamp>
  <Version> string </Version>
</GetChallengeTokenResponse>
Return Value Type Occurrence Meaning
Call-specific Output Fields [Jump to standard fields]
AudioChallengeURL string Always The URL of the audio clip your application should provide for sight-impaired users. The audio clip corresponds to the image.
ChallengeToken string Always Botblock token that is used to validate that the user is a human and not a bot.
ImageChallengeURL string Always The URL of the image your application should display to the user for a botblock challenge.
Standard Output Fields  
Ack AckCodeType Always A token representing the application-level acknowledgement code that indicates the response status (e.g., success). The AckCodeType list specifies the possible values for the Ack field.

Applicable values:

CustomCode
(out) Reserved for internal or future use.
Failure
(out) This value indicates that the call request processing failed.
Success
(out) This value indicates that the call request was processed successfully without any issues.
Warning
(out) This value indicates that the call request was successful, but processing was not without any issues. These issues can be checked in the Errors container, that will also be returned when one or more known issues occur with the call request.

(Not all values in AckCodeType apply to this field.)

Code so that your app gracefully handles any future changes to this list.
Build string Always This refers to the specific software build that eBay used when processing the request and generating the response. This includes the version number plus additional information. eBay Developer Support may request the build information when helping you resolve technical issues.
CorrelationID string Conditionally Most Trading API calls support a MessageID element in the request and a CorrelationID element in the response. If you pass in a MessageID in a request, the same value will be returned in the CorrelationID field in the response. Pairing these values can help you track and confirm that a response is returned for every request and to match specific responses to specific requests. If you do not pass a MessageID value in the request, CorrelationID is not returned.

Note: GetCategories is designed to retrieve very large sets of metadata that change once a day or less often. To improve performance, these calls return cached responses when you request all available data (with no filters). When this occurs, the MessageID and CorrelationID fields aren't applicable. However, if you specify an input filter to reduce the amount of data returned, the calls retrieve the latest data (not cached). When this occurs, MessageID and CorrelationID are applicable.
Errors ErrorType Conditionally,
repeatable: [0..*]
A list of application-level errors (if any) that occurred when eBay processed the request.
Errors.ErrorClassification ErrorClassificationCodeType Conditionally API errors are divided between two classes: system errors and request errors.

Applicable values:

CustomCode
(out) Reserved for internal or future use.
RequestError
(out) An error has occurred either as a result of a problem in the sending application or because the application's end-user has attempted to submit invalid data (or missing data). In these cases, do not retry the request. The problem must be corrected before the request can be made again. If the problem is due to something in the application (such as a missing required field), the application must be changed. If the problem is a result of end-user data, the application must alert the end-user to the problem and provide the means for the end-user to correct the data. Once the problem in the application or data is resolved, resend the request to eBay with the corrected data.
SystemError
(out) Indicates that an error has occurred on the eBay system side, such as a database or server down. An application can retry the request as-is a reasonable number of times (eBay recommends twice). If the error persists, contact Developer Technical Support. Once the problem has been resolved, the request may be resent in its original form.

Code so that your app gracefully handles any future changes to this list.
Errors.ErrorCode token Conditionally A unique code that identifies the particular error condition that occurred. Your application can use error codes as identifiers in your customized error-handling algorithms.

See Errors By Number.

Errors.ErrorParameters ErrorParameterType Conditionally,
repeatable: [0..*]
This optional element carries a list of context-specific error variables that indicate details about the error condition. These are useful when multiple instances of ErrorType are returned.
Errors.ErrorParameters
  [ attribute ParamID ]
string Conditionally This optional element carries a list of context-specific error variables that indicate details about the error condition. These are useful when multiple instances of ErrorType are returned.
Errors.ErrorParameters.Value string Conditionally This is the value of the request parameter noted in the ParamID attribute. So, if the ParamID value was ItemID, the value in this field would be the actual value of that ItemID.
Errors.LongMessage string Conditionally A more detailed description of the condition that raised the error.
Errors.SeverityCode SeverityCodeType Conditionally Indicates whether the error is a severe error (causing the request to fail) or an informational error (a warning) that should be communicated to the user.

Applicable values:

CustomCode
(out) Reserved for internal or future use.
Error
(out) The request that triggered the error was not processed successfully. When a serious application-level error occurs, the error is returned instead of the business data.

If the source of the problem is within the application (such as a missing required element), change the application before you retry the request.
  • If the problem is due to end-user input data, please alert the end-user to the problem and provide the means for them to correct the data. Once the problem in the application or data is resolved, you can attempt to re-send the request to eBay.
  • If the source of the problem is on eBay's side, An application can retry the request as-is a reasonable number of times (eBay recommends twice). If the error persists, contact Developer Technical Support. Once the problem has been resolved, the request may be resent in its original form.


See the Error handling section of the Making a Trading API call guide for more information.
Warning
(out) The request was processed successfully, but something occurred that may affect your application or the user. For example, eBay may have changed a value the user sent in. In this case, eBay returns a normal, successful response and also returns the warning.

When a warning occurs, the error is returned in addition to the business data. In this case, you do not need to retry the request (as the original request was successful). However, depending on the cause or nature of the warning, you might need to contact either the end user or eBay to effect a long term solution to the problem to prevent it from reoccurring in the future.

Code so that your app gracefully handles any future changes to this list.
Errors.ShortMessage string Conditionally A brief description of the condition that raised the error.
HardExpirationWarning string Conditionally Expiration date of the user's authentication token. Only returned within the 7-day period prior to a token's expiration. To ensure that user authentication tokens are secure and to help avoid a user's token being compromised, tokens have a limited life span. A token is only valid for a period of time (set by eBay). After this amount of time has passed, the token expires and must be replaced with a new token.
Timestamp dateTime Always This value represents the date and time when eBay processed the request. The time zone of this value is GMT and the format is the ISO 8601 date and time format (YYYY-MM-DDTHH:MM:SS.SSSZ). See the Time Values section in the eBay Features Guide for information about this time format and converting to and from the GMT time zone.

Note: GetCategories and other Trading API calls are designed to retrieve very large sets of metadata that change once a day or less often. To improve performance, these calls return cached responses when you request all available data (with no filters). When this occurs, this time value reflects the time the cached response was created. Thus, this value is not necessarily when the request was processed. However, if you specify an input filter to reduce the amount of data returned, the calls retrieve the latest data (not cached). When this occurs, this time value does reflect when the request was processed.
Version string Always The version of the response payload schema. Indicates the version of the schema that eBay used to process the request. See the Standard Data for All Calls section in the eBay Features Guide for information on using the response version when troubleshooting CustomCode values that appear in the response.



Detail Controls


DetailLevel

This call does not support varying Detail Levels. You do not need to pass DetailLevel in the request.



Samples

New to making API calls? Please see Making a Call.

Note: Some item IDs, user IDs, or other data in these samples might no longer be active on eBay. If necessary, you can substitute current eBay data in your requests.

Sample: Basic Call

Retrieves a challenge token, and both image-challenge and audio-challenge URLs.

Description

Input

XML format.

<?xml version="1.0" encoding="utf-8"?>
<GetChallengeTokenRequest xmlns="urn:ebay:apis:eBLBaseComponents">
  <RequesterCredentials>
    <eBayAuthToken>A*******3</eBayAuthToken>
  </RequesterCredentials>
  <WarningLevel>High</WarningLevel>
</GetChallengeTokenRequest>

Output

XML format.
<GetChallengeTokenResponse xmlns="urn:ebay:apis:eBLBaseComponents">
  <Timestamp>2019-11-04T19:42:20.001Z</Timestamp>
  <Ack>Success</Ack>
  <Version>1123</Version>
  <Build>E1123_CORE_APISIGNIN_19059235_R1</Build>
  <ChallengeToken>F*********A=</ChallengeToken>
  <ImageChallengeURL>http://cgi4.sandbox.ebay.com/ws/eBayISAPI.dll?LoadBotImage&tokenString=F************D</ImageChallengeURL>
  <AudioChallengeURL>http://cgi4.sandbox.ebay.com/ws/eBayISAPI.dll?FetchAudioCaptcha&tokenString=F************D&site_id=0&co_partnerId=0</AudioChallengeURL>
</GetChallengeTokenResponse>



Change History

Change Date Description
473
2006-08-09
  • (added) New call.