All eBay REST APIs use the OAuth 2.0 protocol for application and user authorization. OAuth is the industry standard for assuring your online transactions are secure and you must provide a valid access token for each request you make to the eBay REST interfaces.
OAuth access tokens verify to eBay that a request is coming from a valid application and that the application has the user's authorization to carry out the requests.
Once you obtain a valid access token, use it to authorize a request as described in HTTP request headers.
Important! You must have an active eBay Developer Program account to get the OAuth 2.0 client credentials you need to create access tokens. For details, see: Creating an eBay Developer Program account and Getting your OAuth credentials.
Minting access tokens
The eBay token service generates, or mints, access tokens via two different grant flows:
- Client credentials grant flow mints a new Application access token that you can use to access the resources owned by the application.
- Authorization code grant flow mints a new User access token that you can use to access the resources owned by the user.
See Access token types for information on the differences between the two grant flows.
The eBay OAuth client libraries
eBay offers several client libraries that you can use to quickly implement the minting of OAuth tokens in your applications:
- OAuth client library for Android
- OAuth client library for C#
- OAuth client library for Java
- OAuth client library for Node.js
- OAuth client library for Python
Implementing OAuth in your applications
The following topics describe how to implement the minting of OAuth tokens using each of the two grant flows: