Find the answer to your question
Advanced Search
How do I get my authorization token using OAuth?
Once you get you APPID white-listed for OAUTH, Please follow the below steps to generate/renew your OAuth token
Gathering the details required for OAUTH
To get the Client secret, and redirect_uri, please call the clientregistry service. Use the below link:
Sandbox:
http://www.clientreg.sandbox.stratus.ebay.com/oauthclnt/core/v1/detail/<YOUR_APP_ID_HERE>
Production:http://www.clientregistry.stratus.ebay.com/oauthclnt/core/v1/detail/<APPID>
Once you get the response, make a note of the
clientId
clientSecret
redirectUri
Although the Call returns a lot more; like the scopes, you can always refer to it later
There are 2 flow to the OAuth flow.
Member to Member flow
Guest flow
MEMBER TO MEMBER FLOW
Step 1: Getting the user permissions
This is the redirect URL that you will be sending to the users to grant permission to your application:
Sandbox URL
https://signin.sandbox.ebay.com/authorize?
client_id=<client_id>&
redirect_uri=<your_redirect_uri>&
response_type=code&scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fscope%2F%40public%20https%3A%2F%2Fapi.ebay.com%2Foauth%2Fscope%2Fbuy%40user
<client_id> = clientId obtained from calling the clientregistry service
<your_redirect_uri> = redirectUri obtained from calling the clientregistry service
Eg:
https://signin.sandbox.ebay.com/authorize?client_id=eBay28ff6-4df1-4571-99ab-a749dff769e&redirect_uri=eBay-eBay28ff6-4df1--mhvuniyf&response_type=code&scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fscope%2F%40public%20https%3A%2F%2Fapi.ebay.com%2Foauth%2Fscope%2Fbuy%40user
Production URL: https://signin.ebay.com/authorize
Once
the user grants permission, please copy the URL returned in the
browser. It contains the authorization code identified as 'code' in the
browser.
Eg:
https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure&isAuthSuccessful=true&state=null&code=v%5E1.1%23i%5E1%23f%5E0%23I%5E3%23p%5E3%23r%5E1%23t%5EUl4zXzdGQkIyRUU1QzQ2MDQ5OTEyMDhBQzlCQ0MwOUE0MUM1XzAjRV4yNjA%3D
Copy the value of 'code' and URL decode it using the tool: http://meyerweb.com/eric/tools/dencoder/ .The authorization code returned after decoding will look something like this:
v^1.1#i^1#f^0#I^3#p^3#r^1#t^Ul4zXzdGQkIyRUU1QzQ2MDQ5OTEyMDhBQzlCQ0MwOUE0MUM1XzAjRV4yNjA=
Step2: Exchanging the authorization code for an access token
Use the authorization code in a POST request to obtain the associated User access token
Here are the details of making the call
REQUEST
HTTP headers
Content-Type = application/x-www-form-urlencoded
Authorization = Basic <B64-encoded-oauth-credentials>
<B64-encoded-oauth-credentials> = 64 bit encode the value of <client_id>:<clientSecret>
<client_id> = clientId obtained from calling the clientregistry service
<clientSecret> = clientSecret obtained from calling the clientregistry service
Base 64 bit encoding can be done using the tool: https://www.base64encode.org/
Eg: Authorization header value before 64 bit encoding: eBay28ff6-4df1-4571-99ab-a749dff849e:5c7104a5-8b48-4f97-8e93-c30dd685bc6a
After Base 64 encoding : ZUJheTI4ZmY2LTRkZjEtNDU3MS05OWFiLWE3NDlkZmY3NjllOjVjNzEwNGE1LThiNDgtNGY5Ny04ZT
HTTP method: POST
Sandbox URL: https://api.sandbox.ebay.com/identity/v1/oauth2/token
Request
body (wrapped for readability) or you can specify these as
x-www-form-urlencoded parameters in the form of name and values:
grant_type=authorization_code&code=<authorization_code>&redirect_uri=<your_redirect_uri>
<authorization_code> = The code returned in the response of the Step 1
<your_redirect_uri> = redirectUri obtained from calling the clientregistry service
Eg:
grant_type=authorization_code&code=v^1.1#i^1#I^3#f^0#p^3#r^1#t^Ul4xX0Q3RUQ5M0RGNTE3ODQ1NTBBMDNEOERFREQ5RTA2RkIzXzAjRV4xMjg0&redirect_uri=eBay-eBay28ff6-4df1--mhvuniyf
Production URL: https://api.ebay.com/identity/v1/oauth2/token
RESPONSE
This is the response after executing the above request
{
"access_token": "v^1.1#i^1#I^3#p^3#f^0#r^1#t^Ul4zX0UwRDlGQzI0QkY3RDE0NzBBNUY3UuU2OEQ5MTdGQjE4XzAjRV4yNjA=",
"token_type": "User Access Token",
"expires_in": 7055,
"refresh_token": "v^1.1#i^1#p^3#r^1#I^3#f^0#t^Ul40XzFCMEYxQURBRDY5OURERTI2NEIzRkFDQTI1QzUzMUQwXzYjRV4yNjA=",
"refresh_token_expires_in": 47304000
}
You can use the access token to make calls
NOTE: The access token is valid 2 hours ( 7200 secs) but the value returned in the 'expires_in' will not always be 7200 secs.
The reason being, the moment the authorization_code is generated, the access code is already available. The time lapse between actually making the API Call to exchange the authorization_code with the access code is counted towards the time. Hence the value which is not always 7200.
Step 3: Updating your access token using a refresh token
Use a refresh token to generate a new access token.
Here are the details of making the call
REQUEST
HTTP headers
Content-Type = application/x-www-form-urlencoded
Authorization = Basic <B64-encoded-oauth-credentials>
(the value of the Authorization is explained in detail in Step 2)
HTTP method: POST
Sandbbox URL: https://api.sandbox.ebay.com/identity/v1/oauth2/token
Request
body (wrapped for readability) or you can specify these as
x-www-form-urlencoded parameters in the form of name and values::
grant_type=refresh_token&refresh_token=<refresh-token-value>&scope=https://api.ebay.com/oauth/scope/@public
https://api.ebay.com/oauth/scope/buy@user (the same scope that you
would have specified in the permission grant URL for the user
<refresh-token-value> = refresh_token value obtained in the response of the Step2
Eg:
grant_type=refresh_token&refresh_token=v^1.1#i^1#p^3#r^1#I^3#f^0#t^Ul40XzFCMEYxQURBRDY5OURERTI2NEIzRkFDQTI1QzUzMUQwXzYjRV4yNjA=&scope=https://api.ebay.com/oauth/scope/@public
https://api.ebay.com/oauth/scope/buy@user
Production URL: https://api.ebay.com/identity/identity/v1/oauth2/token
RESPONSE
This is the response after executing the above request
{
"access_token": "v^1.1#i^1#f^0#r^1#p^3#I^3#t^Ul4zXzFBODY4RTI1NjMwQjI2NTFBODZDQUJDM0EzQzI4QjQ4XzAjRV4yNjA=",
"token_type": "User Access Token",
"expires_in": 7200,
"refresh_token": "N/A"
}
You can use the access token to make calls.
GUEST FLOW
Step1: Sending a request for an access token
REQUEST
HTTP headers:
Content-Type = application/x-www-form-urlencoded
Authorization = Basic <B64-encoded-oauth-credentials>
<B64-encoded-oauth-credentials> = 64 bit encode the value of <client_id>:<clientSecret>
<client_id> = clientId obtained from calling the clientregistry service
<clientSecret> = clientSecret obtained from calling the clientregistry service
Base 64 bit encoding can be done using the tool: https://www.base64encode.org/
Eg: Authorization header value before 64 bit encoding:
eBay28ff6-4df1-4571-99ab-a749dff849e:5c7104a5-8b48-4f97-8e93-c30dd685bc6a
After Base 64 encoding : ZUJheTI4ZmY2LTRkZjEtNDU3MS05OWFiLWE3NDlkZmY3NjllOjVjNzEwNGE1LThiNDgtNGY5Ny04ZT
HTTP method: POST
Sandbox URL: https://api.sandbox.ebay.com/identity/v1/oauth2/token
Request
body (wrapped for readability) or you can specify these as
x-www-form-urlencoded parameters in the form of name and values:
grant_type=client_credentials&
scope=https://api.ebay.com/oauth/scope/@public
Production URL: https://api.ebay.com/identity/v1/oauth2/token
{
"access_token": "v^1.1#i^1#I^3#f^0#p^1#r^1#t^Ul4xX0NCMDc5QzhFOTQzNDlDMDc2NjM1N0M1MDg3QUU5MkE5XzEjRV4xMjg0",
"token_type": "Application Access Token",
"expires_in": 7200,
"refresh_token": "N/A"
}
You can use the access token to make calls.