Access token types

The eBay token service mints access tokens via two different grant flows:

  • Client credentials grant flow mints a new Application access token.
  • Authorization code grant flow mints a new User access token.

Each flow uses a different process to generate access tokens and the grant flow you use depends upon the "scopes" assigned to the eBay methods used in your application.

In general, you can use the client credentials grant flow if your application accesses only resources owned by the application. If your application needs to access and modify resources owned by the user, you must use the authorization code grant flow to create your access tokens.

Application access tokens vs. User access tokens

Access Token Types

Description

Application access token

Application tokens are general-use tokens that give access to interfaces that return application data. For example, many GET requests require only an Application token for authorization.

User access token

You must employ a User token to call any interface that accesses or modifies data that is owned by the user (such as user information and account data).

To get a User token, the users of your app must grant your application the permissions it needs to act upon their behalf. This process is called user consent. With the user consent flow, each User token contains the set of scopes for which the user has granted their permission.

To determine which grant flow you need to use, check the scope assigned to each eBay method that you call in your application. From there, you can deduce which grant flow you need to use to create your access tokens.

 For more on OAuth scopes, see Specifying OAuth scopes.