ShipScript has been an eBay Community volunteer since 2003, specializing in HTML, CSS, Scripts, Photos, Active Content, Technical Solutions, and online Seller Tools.
I am currently using .NET Ebay SDK but started switching to using REST API. I have a console application which runs in a background and does not need any user interaction. I have got an application access token with grant_type = client_credentials but it support only "View public data from eBay"
Can I use grant_type = authorization_code with a console application without any user interaction?
I have also tried to generate a token form the browser
but when add this code into postman and try to get an access token, I get following error.
Looks like token received from browser is for browser session only and cannot be used in Postman.
Is there any way around?
1 BEST ANSWER
Accepted Solutions
There are three stages of a user token:
1) authorization from the user (good for 5 minutes)
2) access token (good for 2 hours)
3) refresh token (good for 18 months)
Your screenshot shows an OAuth two hour access token for a user's private data (#2). That particular tool does not acquire an OAuth refresh token (#3). If your browser is already logged into an eBay account that already has a token set, the tool skips the login for step (#1), hiding the authorization code, and goes straight to the 2 hour access token (#2).
So, the method in your screenshot is simply good for 2-hour sessions. However, you should be able to use the token for two hours in your application.
If you use the programmatic solution farther down on the same screen, you would provide a redirect URL for the user login. This redirect to your own website will carry a URL query string with the 5 minute authorization code (#1). Your website can extract that query string and initiate an authorization grant request, which will return both a 2-hour access token (#2) and an 18-month refresh token (#3).
Alternatively, using the programmatic solution with eBay's own landing page instead of your website, you can manually scrape the 5 minute authorization from the acceptance URL and use that to generate the 2-hour token and 18-month refresh token using your own software.
Others have indicated some errors using Postman. I am unfamiliar with the tool, but it seems there may be issues with body vs header and URL encoding some data.
There are three stages of a user token:
1) authorization from the user (good for 5 minutes)
2) access token (good for 2 hours)
3) refresh token (good for 18 months)
Your screenshot shows an OAuth two hour access token for a user's private data (#2). That particular tool does not acquire an OAuth refresh token (#3). If your browser is already logged into an eBay account that already has a token set, the tool skips the login for step (#1), hiding the authorization code, and goes straight to the 2 hour access token (#2).
So, the method in your screenshot is simply good for 2-hour sessions. However, you should be able to use the token for two hours in your application.
If you use the programmatic solution farther down on the same screen, you would provide a redirect URL for the user login. This redirect to your own website will carry a URL query string with the 5 minute authorization code (#1). Your website can extract that query string and initiate an authorization grant request, which will return both a 2-hour access token (#2) and an 18-month refresh token (#3).
Alternatively, using the programmatic solution with eBay's own landing page instead of your website, you can manually scrape the 5 minute authorization from the acceptance URL and use that to generate the 2-hour token and 18-month refresh token using your own software.
Others have indicated some errors using Postman. I am unfamiliar with the tool, but it seems there may be issues with body vs header and URL encoding some data.
- last edited on by
kh-phdan
I created a web application and form click of a button I am redirecting to https://auth.ebay.com/oauth2/authorize?client_id=***&redirect_uri=dfsfdsfdsWh-zkgrrewxb&response_typ...
It takes me to eBay sign in page, I log in with my account and It shows me a success message. Url of the success page is https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure&isAuthSuccessful=true&code=v%5E...
I grabbed the code part and url decoded it, sent this request but got his error
Does your header contain these two fields?
Content-Type = application/x-www-form-urlencoded
Authorization = Basic <B64-encoded-oauth-credentials>
https://developer.ebay.com/api-docs/static/oauth-auth-code-grant-request.html
Yes, both headers are available, otherwise would have thrown a different error.
I also tried in a C# application and secure url is the url when consent is approved and I am parsing that url to get the token and send request to get access token but same error.
Finally I got it working.
In step1, I was sending following url for consent
but this url does not have any scope included, I was assuming I would get a token for a default scope but that is not true.
Now I am sending following url
https://auth.ebay.com/oauth2/authorize?client_id=[my-clinet-id]&response_type=code&redirect_uri=[my-ru-name]&scope=https://api.ebay.com/oauth/api_scope https://api.ebay.com/oauth/api_scope/sell.marketing.readonly https://api.ebay.com/oauth/api_scope/sell.marketing https://api.ebay.com/oauth/api_scope/sell.inventory.readonly https://api.ebay.com/oauth/api_scope/sell.inventory https://api.ebay.com/oauth/api_scope/sell.account.readonly https://api.ebay.com/oauth/api_scope/sell.account https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly https://api.ebay.com/oauth/api_scope/sell.fulfillment https://api.ebay.com/oauth/api_scope/sell.analytics.readonly https://api.ebay.com/oauth/api_scope/sell.finances https://api.ebay.com/oauth/api_scope/sell.payment.dispute https://api.ebay.com/oauth/api_scope/commerce.identity.readonly https://api.ebay.com/oauth/api_scope/sell.reputation https://api.ebay.com/oauth/api_scope/sell.reputation.readonly https://api.ebay.com/oauth/api_scope/commerce.notification.subscription https://api.ebay.com/oauth/api_scope/commerce.notification.subscription.readonly https://api.ebay.com/oauth/api_scope/sell.stores https://api.ebay.com/oauth/api_scope/sell.stores.readonly
which I coped from the following page
Different between both url is a list pf scope.
I have now got access token and refresh token as well and refresh token is valid for 18 months and I can repeat the process again.
Thank you for very much for your help.
This video helped to to copy the correct url
How to connect eBay to API2Cart? (youtube.com)
