question

cabin-globa avatar image
0 Likes"
cabin-globa asked

OAuth, OMG!

Migrating from Trading API (with Auth'n'Auth) to REST APIs (with OAuth). What a nightmare. A full day of work and I still cannot make a simple 'get orders' call with the API Explorer tool. I thought PayPal API documentation was bad...

Why is there not a single UI for a developer to get a (long lasting) token for their application, with all the scopes the application needs? How idiotic that I have to copy/paste scope names, find an online URL encoder, oh yeah, then a Base64 encoder for my AppID and Secret, then setup Postman with all the right headers - to make ONE call.

OK, so I did all that. Posted to https://api.ebay.com/identity/v1/oauth2/token with scope "https://api.ebay.com/oauth/api_scope".

Got back an access token, but it does not work to get a list of orders, ""Insufficient permissions to fulfill the request.".

Oh, I see from the API doc that this API requires fullfillment scope. OK, back to Postman with scope "https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly" but I cannot get a token with this scope, the call returns:

The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client


Well, which is it??? I HATE error message that list multiple possible causes, this is lazy programming.

Since I am reasonably sure it is a valid scope name, I have to assume "exceeds the scope granted to the client". WHAT client? How do I fix this so I can get a token with all the scopes my application needs?


oauthscopes
10 |600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

3 Answers

· Write an Answer
sagar_developersupport avatar image
0 Likes"
sagar_developersupport answered

Hi @cabin-globa,

GetOrder call requires an user access token for the successful execution. When using API Explorer, click on "Get OAuth User Token" in Token section for getting an OAuth user access token or you you can follow the link given below to get the user access token.

Ref: https://developer.ebay.com/my/auth?env=production&index=0&auth_type=oauth

If you want to generate the user token by API, please see all of the steps below:

1. You need to construct an HTML request that will redirect the user to your application's Grant Application Access page for a getting user consent.

Ref: https://developer.ebay.com/api-docs/static/oauth-consent-request.html

2. After successfully getting a user consent, you will get an authorization code returned by the consent request URL. You can use this authorization code for getting a User access token.

Ref: https://developer.ebay.com/api-docs/static/oauth-auth-code-grant-request.html

3. An user access token is valid for two hours from the time it was generated. For continued access after the token expires, you must mint a new token using the associated refresh token.

Ref: https://developer.ebay.com/api-docs/static/oauth-refresh-token-request.html

Ref: https://developer.ebay.com/api-docs/static/oauth-authorization-code-grant.html

Best regards,
eBay Developer Support

10 |600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

cabin-globa avatar image
0 Likes"
cabin-globa answered

OK, made some progress. There are 2 "Get OAuth" token links on the API Explorer page and I was using "Application" but this API requires "User" tokens.

Now I got the token using the manual process (and it works), but it expires quite soon. There is no refresh token shown. How can I get a long lasting token? This is for an automated fulfillment system, there is no interactive user, so no way to prompt or redirect any web page.

· 1
10 |600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

cabin-globa avatar image cabin-globa ·
After reading more about refresh tokens, I rephrase this question as "can I get a refresh token from any of the Ebay developer web pages"?
0 Likes 0 ·
sagar_developersupport avatar image
0 Likes"
sagar_developersupport answered

Hi @cabin-globa,

You can get the refresh token from eBay Developer program website. You need to use API method for getting the refresh token. If you want to generate the user token by API, please see all of the steps below:

1. You need to construct an HTML request that will redirect the user to your application's Grant Application Access page for a getting user consent.

Ref: https://developer.ebay.com/api-docs/static/oauth-consent-request.html

2. After successfully getting a user consent, you will get an authorization code returned by the consent request URL. Use the authorization code in a POST request that's commonly known as an authorization code grant request. This request gets a User access token and its associated refresh token.

Ref: https://developer.ebay.com/api-docs/static/oauth-auth-code-grant-request.html

3. An user access token is valid for two hours from the time it was generated. For continued access after the token expires, you must mint a new token using the associated refresh token.

Ref: https://developer.ebay.com/api-docs/static/oauth-refresh-token-request.html
Ref: https://developer.ebay.com/api-docs/static/oauth-authorization-code-grant.html

Best regards,
eBay Developer Support

10 |600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.