For full functionality of this site it is necessary to enable JavaScript.
Here are the instructions how to enable JavaScript in your web browser.

Knowledge base

Find the answer to your question

Advanced Search PView

Search terms
Search Type
Product
Category
Language
Format
SDK
Sort by
Direction

Quick OAuth Guide

  • Answer ID 5075
  • Published 01/18/2018 05:37 PM
  • Updated 01/18/2018 05:37 PM
  • Permalink https://ebaydts.com/eBayKBDetails?KBid=5075

This is a quick guide to illustrate the steps to get you started with OAuth for getting an User access token 


Getting the valuse needed for requsting user token 


  Retrieve your app's OAuth Credentials from Application Keys page and OAuth enabled RuName values of your App from User tokens page:

      client_id         - App ID (Client ID)

      clientSecret    - Cert ID (Client Secret)

      redirectUri      - OAuth Enabled RuName for the clientId

      redirectUrl      - Auth Accepted URL associated with the redirectUri

      a list of OAuth Scope required for access to the REST interfaces you plan to call


  REF: Getting the values needed to request a User token

    




OAuth Token Flow


Step 1. Get the user permission and obtain authorize code for your clientId

https://auth.sandbox.ebay.com/oauth2/authorize?client_id=<your_client_id>
&
redirect_uri=<your_redirect_uri>
&
response_type=code
&
scope=<URL-encoded-scope-name(s)>

An example <URL-encoded-scope-name(s)>: https%3A%2F%2Fapi.ebay.com%2Foauth%2Fscope%2Fsell%40user
 
NOTE. multiple OAuth scopes mush be separated in the string with spaces and then
URL-encode the list of the scopes

      Below is an example redirectUrl after the user grants permission:
                 https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure&isAuthSuccessful=true&state=null&code=v%5E1......EyODQ%3D

      <URL-decoded-auth-code>: URL decode the returned code value (http://meyerweb.com/eric/tools/dencoder/):
                An example URL-decoded-auth-codev^1.1#i^1#r^1#p^3#I^3#f^0#t^Ul4xXzE0QzJGQ0I2RDA2NENDMUY4MDkwRjQ3NDE3MzdENzU2XzJfMSNFXjEyODQ=

  

Step 2. Exchange the authorization code for a user token and refresh_token

     <B64-encoded-oauth-credentials>: Base64 encode the following: <your_client_id>:<your_client_secret(https://www.base64encode.org/)

      The following example call requests access token for the sandbox

POST /identity/v1/oauth2/token HTTP/1.1
Host: api.sandbox.ebay.com
Authorization: Basic <B64-encoded-oauth-credentials>
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=<URL-decoded-auth-code>&redirect_uri=<your_redirect_uri>

      A successful response to the request containing access_token, expires_in,refresh_token and refresh_token_expires_in values:

{
 "access_token": "v^1.1#i^1#r^0#I^3#p^3#...AAAOVXe2xTVRhf121kjo0YUGDxUS5v5LbnPnrbe0Mr3YO0uE",
 "token_type": "User Access Token",
 "expires_in": 7200,
 "
refresh_token": "v^1.1#i^1#p^3#f^0#I^3#r^1#t^Ul4yX0Y0OUY1RjRENTU2NDZENTBFQ0E4ODg3MzE2Q0RFQj
M2XzdfMSNFXjI2MA==
",
    "refresh_token_expires_in": 47304000 }



Step 3. When the access token expires, use the refresh_token obtained in the step 2 to generate a new access token.    

HTTP headers:
   Content-Type = application/x-www-form-urlencoded
   Authorization = Basic <B64-encoded-oauth-credentials>
 Request body:
   grant_type=refresh_token&refresh_token=<refresh_token value obtained in the step 2>&scope=<URL-encoded-scope-name(s)>

NOTE.URL-encoded-scope-name(s) must match the ones appended to the signin url in the Step 1.
POST /identity/v1/oauth2/token HTTP/1.1
Host: api.sandbox.ebay.com
Authorization: Basic <B64-encoded-oauth-credentials>
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token
&refresh_token=v^1.1#i^1#p^3#f^0#I^3#r^1#t^Ul4yX0Y0OUY1RjRENTU2NDZENTBFQ0E4ODg3MzE2Q0RFQj
M2XzdfMSNFXjI2MA==

&scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fscope%2Fsell%40user
     eBay mints a fresh access token in response similar to the following:
  {
    "access_token": "v^1.1#i ... AjRV4yNjA=",
    "token_type":"User Access Token",
    "expires_in": 7200,
    "refresh_token": "N/A"
  }

 Attached, you can find the Postman sample project for the OAuth token API calls.





Additional Info    

API Documentation: Getting a User access token



File Attachments

How well did this answer your question?

Answers others found helpful

Print Email This Page Delicious Digg Facebook Reddit StumbleUpon Twitter