MIP Account Management API

Using eBay OAuth

eBay uses OAuth 2.0, the industry standard for secure online transactions, for its Merchant Feeds API and Merchant Account API.

Note: OAuth is supported for selected partners only. eBay requires application details to enable OAuth support.

This document describes how to retrieve access tokens and use them to make eBay API calls.

Credentials Needed for Retrieving Access Tokens

To retrieve an access token, you will use traditional eBay Auth & Auth credentials and parameters, which map to standard OAuth credentials and parameters:

eBay Auth & Auth OAuth
AppID Client ID (client_id)
CertID Client Secret (client_secret)
RUNAME Redirect URI (redirect_uri)

Your Auth & Auth credentials can be retrieved from your account page on developer.ebay.com.

To retrieve your credentials:

  1. Login and register your application on developer.ebay.com.
  2. Upon registering your application, you can retrieve the required credential information from the My Account page:

    The AppID and CertID are part of your standard credentials, available for either the sandbox or production environment, on the Application Settings tab on the My Account page.

  3. From the Applications Settings tab, click on Customize the eBay User Consent Form link to retrieve or update the RUNAME for your application.

Retrieving an Access Token

The following steps outline the OAuth process for the Web Profile. In this process, an eBay user authorizes your application to make API calls on their behalf and eBay provides a one-time use code that you then exchange for an access token.

To retrieve an access token:

  1. From your application, redirect eBay users to a URL of the following form (line breaks added to help with readability), using your application's AppID and RUNAME:
    https://signin.ebay.com/authorize?
       client_id=<AppID>&
       redirect_uri=<RUNAME>&
       response_type=code
    

    The response_type parameter is set to "code" to retrieve the authorization code.

    Production sample:

    https://signin.ebay.com/authorize?client_id=COMPANYXYZC56YA43B562F2X57BM4NABE&redirect_uri=Company_36-COMPANYXYZC56YA43B-pctdz&response_type=code

  2. The user is taken to a sign-in page asking him to link his eBay account to your application (Cool App in this example) to grant access to your application to make API calls on his behalf.
  3. When the user signs in with his user ID and password, he is shown a consent page asking permission to authorize eBay to share his data with your application.
  4. When the user agrees to the terms and conditions in the preceding step, he is redirected to the accept URL for your application with a code.

    https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure&isAuthSuccessful=true&state=null&code=v^1.1%23i^1%23I^3%23f^0%23p^3%23r^1%23t^Ul4xX0IzRDZCNTYwM0ExRURGQjNFQjABCzRFRTcwMUI1QjBGI0VeNTE2

    This code is used for retrieving an access token only. The code is good for one use only and has a short life span, so should be used immediately.

  5. Make the following call to exchange the code for an access token.

    Be sure to URL encode the code value.

    https://signin.ebay.com/ws/eBayISAPI.dll?oAuthRequestAccessToken&client_id=COMPANYXYZC56YA43B562F2X57BM4NABE&redirect_uri=Company_36-COMPANYXYZC56YA43B-pctdz&client_secret=Z162AB42E2P7Y1LD81G7N1LG57FK87&code=v^1.1%23i^1%23I^3%23f^0%23p^3%23r^1%23t^Ul4xX0IzRDZCNTYwM0ExRURGQjNFQjABCzRFRTcwMUI1QjBGI0VeNTE2

  6. eBay returns HTML content containing the access token and the number of seconds until the token expires.
    {
    
      "access_token":"v^1.1#i^1#r^0#I^3#f^0#p^1#t^H4sIAAAAAAAAAO1Xa2wUVRTutNsCwfKsPAwN28HIy52
      6O7MOPeuy5ootSnVBIMaozEGSH38MBBjVCJgQjTG8vBBgUgIJGIIimIQEv40SjTe3W6XbSOFWIz94fyZ3Lnfvee
      KGYYfiKYUFa6eFJJ8X2lRaAAwPR03N/h6Cz5uRrDRNxSViNsmQZGznBtgIW8x6d5eT8fQ5rg9UHWGTYGAc1mgOU
      sALgJReQXYLcDIAieRXez4mCfz3rbEE21k2DQjjAOrck4gZWsg4E2KRtKCbEOlYMmEBYIaoSCa2sVyhSsWyTmKo
      lkcaQ+HaZQ3N1e6CvYI5HiIEkiQeOqoxNeRsgfEkGtkMzqKVSFJVEcasOzhgYeimSmjQmSzVHj4GYlosKsiy7I3
      Fqogg+gkfTtGKRvRzUgluVED3SJc68y8ViVhXI/pyA6wy5aGHg01NbHOSFOTbT6pa0jLcJPxBUVh2pWAdjsiVhy
      0Ce7orzod0kC1aYIBBH5BDZ4N3bJBTbgfS6twyKrMQ1NzxCLnQ0mWYooS2h4+sSC9FFQo9Foh2Ikw0Ae5ytIsyi
      kIouU+u51P+tEKEKaCkLSPb4EZRU4T8SYjCnBfdIKZOkqCRDNeYSBZ/qkjSP6vL7PchFvUeyAEUJxKT/tfjvaZE
      cET2OM2JZQsOsG2EWIrbnUqluJTImXarWwCAd69bWR9R21ACsnmsfnuwS8+qVqWnKcUrhDoQYLdQVVLjRisbrDM
      x1ZsPCZNmVqHNkmPKkI1m7yNuja24ruLJfTPeNEhGVuM8BIQvZIoi/7RxUWvLGMqLtVMcJlMc9CyOBtaxLQ5mmh
      x3QDaOkDJFA23Cakv3131lv3w1YySk+fakf0DiN33/LsHrwi5K8H7qE9QbAo+/CdzCegk/mYthVAAov4BeCBspI
      C+q2otA/R3EZ85D227SNBa1IzwYwK9+MTCjhJxZ0JmDOzZlSfvLMcipwWZABkGhLsh7Muznr4Gc4Kg6+ty+1eKd
      TqZos94nv9xVcmjXT1V7Dp56bPrOM2tf/LZl/6WqV5+Zv1s8/8q7F5JXvvv+rHFUm3J4+ksVldOu7dvfd/qpcrL
      cckjT9Rx3W9VXT7e+/TnZdvOHdt6YN71a8/vTZ/Db4LeYJ3n6PbfT8w/ab3fJ42/euiip/ON+NE9lTuOTPk6vOK
      2y/2V6/484XDs+N4q/fMrhVTH3TULN4R3tB5oe4S2tQbOvHjlYXh67u3MVeP1fTMbG/+sCv1C7Nub//yJd+8vra
      mNt9/tfUH2fnLvisa+uRST8M5PAvUm3avyQOAAA=",
      "token_type":"User Access Token",
      "expires_in":172800,
      "refresh_token":"N/A"
    }

    This access token can be used to make API calls in the production environment. Repeat these steps to retrieve a new token before the current token expires.

Note: To retrieve an access token for use in the Sandbox, use the following URL:
https://signin.sandbox.ebay.com/authorize
Be sure to use application credentials for the sandbox environment when retrieving an access token for use with the sandbox. The user must sign in with a sandbox user ID and password, as well.

The access token is passed in the Authorization HTTP header sent with the API request. The format of the Authorization header is:

Authorization: Bearer <access_token>

Note: The Authorization header value must include the text "Bearer" followed by the access token (separated from Bearer by a space).

Copyright © 2014copy; 2015 eBay, Inc. All rights reserved. This documentation and the API may only be used in accordance with the eBay Developers Program and API License Agreement.