question

wemakeitallwork avatar image
0 Likes"
wemakeitallwork asked

OAuth Required - Why? And How?

My app performs simple searches which don't access user account information. Example:

https://api.ebay.com/buy/browse/v1/item_summary/search?q=phone&category_ids=220

Apparently, I must include an OAUTH token. Why? Do I need to "refresh" the OAUTH token and if so, how is this done if I'm not accessing account information?

oauth token
10 |600 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

sagar_developersupport avatar image
0 Likes"
sagar_developersupport answered

Hi @wemakeitallwork,

All eBay REST APIs use the OAuth 2.0 protocol for application and user authorization. OAuth is the industry standard for assuring your online transactions are secure and you must provide a valid access token for each request you make to the eBay REST interfaces.

OAuth access tokens verify to eBay that a request is coming from a valid application and that the application has the user's authorization to carry out the requests.

To execute the search API call, you need to get the access token created with the client credentials grant flow, using the scope https://api.ebay.com/oauth/api_scope and need to use the access token in "Authorization" HTTP header for authentication authorization.
Ref:
https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html
https://developer.ebay.com/api-docs/static/rest-request-components.html#HTTP

Please not that Application access token is valid for two hours from the time it was generated. For continued access after the token expires, you must mint a new token.

Best Regards,
eBay Developer Support

10 |600 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

wemakeitallwork avatar image
0 Likes"
wemakeitallwork answered

Thanks.

Please confirm that with the client credential grant there is no "refresh" option which will provide a token valid for 18 months. Therefore, my only option is to mint a new token every two hours.

· 1
10 |600 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Hi @wemakeitallwork,

Yes, There is no refresh token for client credential grant flow. You always need to mint a new token every two hours.

Best Regards,

eBay Developer Support

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.