Application Title / Summary*
Application Details *

Please describe your application and provide the following details:
What service does your application provide to its users? What is the typical sequence of events in your application? What are the API calls made in the sequence and how frequently? Any other information that will help speed up your app check.
Products *
Include the product list in the Application Details box if more than one API product is used in your application.
Purpose of request*
Why are you completing the Compatible Application Check form?
Programming Language*

What coding languages, technologies and/or tools are you using for this application?

e.g. PHP, JavaScript, MySQL, Spring for Ajax applications, eBay Java SDK
Compatibility Level*
With what version do you make the API call requests?
Format*
Specify the format you are using to send your request
Affiliate Program

Are you an eBay Affiliate Program member?
Application ID*
Please let us know the AppID which is part of your keyset (DevID, AppID, CertID)
Application Type
Content Display
Content Display
Application URL*
Please tell us the URL for your final/production application
eBay Logo Used On The Application*
List the URLs where you display eBay Logos (do not use the corporate eBay Logo)
Number of Simultaneous Threads*
What is the max. number of simultaneous API calls that your application makes?
Password Collection*
Do you collect, store or use any User password. If so, please explain why?
Auth & Auth*
If you use eBay Trading Web Services, explain how you acquire tokens
Message Field*

Trading API users, please answer this:

If the response returns a Message field, how do you handle it?

Other API users, please fill in N/A
Denial of Service*
If your application is web based, how do you handle Denial Of Service Attacks?
XSS Attacks*

Specify the input validation precautions that you have implemented

□ input validation blacklist

□ input validation whitelist

□ output encoding (i.e. htmlentities)

□ Other (pls specify)
Please provide an example code or pseudo-code snippet of how you've implemented the methods you checked.

eBay's standard method for protecting against XSS attacks is an input whitelist and output encoding.

Please see the OWASP website for more details on secure coding:
http://www.owasp.org/index.php/Secure_Coding_Principles
SQL Attacks*

Specify the input validation precautions that you have implemented:
□ input validation blacklist
□ input validation whitelist
□ output encoding (i.e. htmlentities)
□ stored Procedures
□ parameterized queries
□ Other (pls specify)
Please provide an example code or pseudo-code snippet of how you've implemented the methods you checked.
eBay's standard method for protecting against SQL injection attacks is utilizing parameterized queries.
Please see the OWASP website for more details on secure coding: http://www.owasp.org/index.php/Secure_Coding_Principles
CSRF Attacks*

Specify the precautions that you have implemented:

secret user-specific cookies/tokens sent per request

CSRF tokens bound to a separate domain (i.e. safe.mysite.com vs mysite.com)

double-submitting cookies

checking the Referrer header

Please provide an example code or pseudo-code snippet of how you've implemented the methods you checked.

Please see the OWASP website for more details on secure coding:
http://www.owasp.org/index.php/Secure_Coding_Principles
System Errors*
How do you handle eBay System Errors in the response and how do you retry?
Application Errors*
How do you handle errors generated by your application and retry?
Call Volume Estimate*

Specify your estimated peak hourly and daily call limit for each call.

e.g.

Call Name.......Hourly Volume.....Daily Volume

AddItem............200....................2000

ReviseItem..........50....................2000
Declaration*
I have read and understood the certification requirements and Policies (initials)
Cc
Additional emails that you wish to Cc as semi colon separated values
Attach Documents
Please Note: We are temporarily not accepting Zip Files.