Using OAuth to access eBay APIs

All eBay REST APIs use the OAuth 2.0 protocol for application and user authorization. OAuth is the industry standard for assuring your online transactions are secure and you must provide a valid access token for each request you make to the eBay REST interfaces.

OAuth access tokens verify to eBay that a request is coming from a valid application and that the application has the user's authorization to carry out the requests.

Once you obtain a valid access token, use it to authorize a request as described in HTTP request headers.

Important! You must have an active eBay Developer Program account to get the OAuth 2.0 client credentials you need to create access tokens. For details, see: Creating an eBay Developer Program account and Getting your OAuth credentials.

Minting access tokens

The eBay token service generates, or mints, access tokens via two different grant flows:

  • Client credentials grant flow mints a new Application access token that you can use to access the resources owned by the application.
  • Authorization code grant flow mints a new User access token that you can use to access the resources owned by the user.

See Access token types for information on the differences between the two grant flows.

The eBay OAuth client libraries

eBay offers two client libraries that you can use to quickly implement OAuth in your applications:

Implementing OAuth in your applications

The following topics describe how to get OAuth tokens using each of the two grant flows: