question

ao avatar image
0 Likes"
ao asked

Can we use OAuth Client Credentials flow for Compliance and Catalog APIs?

Can we use OAuth Client Credentials flow for Compliance API and Catalog API? According to the [Documentation][1] we should use Code Crant flow, but it requires more efforts for us. We are disappointed because some API requires Code Crant flow (e.g. Compliance API) and some of them (e.g. Metadata API) requires to use Client Credential Flow. If we use Client Credential Flow for Compliance API we obtain the following error: { "errors": [ { "errorId": 850114, "domain": "API_COMPLIANCE", "category": "REQUEST", "message": "Mandatory headers are missing" } ] } [1]: https://developer.ebay.com/api-docs/sell/compliance/resources/listing_violation/methods/getListingViolations#h3-oauth-scope
compliance api
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

krich_developersupport avatar image
0 Likes"
krich_developersupport answered
The type of OAuth access token needed for any particular method depends on the scopes assigned to the method. In general, you can use an App access token (generated with a Client Credentials Grant) for operations that do not touch any restricted resources. Many GET calls fall into this category, and all the methods in the Metadata API can be accessed with an App access token. Look at the scope required for a method. If it is ` https://api.ebay.com/oauth/api_scope`, then you should use an App access token. Methods that access the restricted resource of a user require User access tokens for authorization. This means that the user to whom the resources belong must give you their permission for access. HTH,
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

ao avatar image
0 Likes"
ao answered
Thank you for the response. How we can setup 'service to service' communication using OAuth Code Crant Flow. I think this flow is not suitable for this purposes. Am I right? Do you have an example of this approach? We need use Compliance and Catalog APIs from a service to update PBSE products.
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

betho-1067 avatar image
0 Likes"
betho-1067 answered
Heads up! As part of our efforts to improve security and standards-based interoperability, we have implemented several new features in our authentication flows and made changes to existing ones. For an overview of these changes, and details on how you adopt them, refer to Introducing OIDC Conformant Authentication. In order to access an API from a regular web app, you need to implement the Authorization Code OAuth 2.0 grant. In this document we will see how this flow works. [click here][1] [1]: https://www.360factors.com/compliance-management-system/
10 |600

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.