eBay Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

BUG REPORT: GetFeedback

versandwelle
Adventurer

‎02-15-2024 08:57 PM

Hi developer_support@ebay,

 

I've recently changed the username for my account. During the transition period, when I would call GetFeedback with my old user handle as the UserID, it would return anonymized usernames and transaction ids. Unfortunately, some of the usernames are actually real users on the platform, such as k***l, which might lead to bugs.

 

What I would expect is, for the call to match calling user based on their provided authentication token, not the username, or provide an additional field for the EIASToken in the input which doesn't change. Any one of those changes would allow for smooth transitions when changing a username.


Best regards,
@versandwelle 

Message 1 of 3
latest reply
0 Helpful
2 REPLIES 2

BUG REPORT: GetFeedback

developer_support@ebay
Staff
Staff

‎02-16-2024 08:42 AM

Hi @versandwelle 

 

CommentingUser field returns the details for eBay User ID who left the Feedback entry and this field is returned, but masked to users who are not either the buyer or seller of the order line item.

 

You can execute the GetUser with the token to identify and fetch the details like EIASToken for the user.  The EIASToken  is an unique identifier for an eBay User across all eBay sites. The EIAS key remains unchanged, even when a user changes their eBay UserId. The EIAS key is 64 bytes long, and is Base 64 encoded. 

 

Changing eBay UserID: https://developer.ebay.com/support/kb-article?KBid=996

Best Regards,
eBay Developer Support
Message 2 of 3
latest reply
0 Helpful

BUG REPORT: GetFeedback

versandwelle
Adventurer
In response to developer_support@ebay

‎02-16-2024 11:08 AM

Hi developer_support@ebay,

 

Thanks for getting back to me so quickly. The GetFeedback call does not return the EIASToken for the masked user and since some masked usernames actually match real usernames on the platform (such as k***l) there's no indication of the result fields being masked. A system that still has the old username - after a change on eBay itself by the user might get a masked result set and simply proceed with incorrect data because it matches a real user on the platform. Detection is not possible because no EIASToken is returned either.

 

 

Example:

 

Username user_old gets changed to user_new on eBay. The GetFeedback call worked without a problem with user_old before it got changed. Some systems are not notified of the change and thus keep using user_old incorrectly. The results are being returned from GetFeedback are masked and some of the masked results are actually valid usernames so a system might not immediately detect that something is wrong because there's no indication in the response.

 

user_old and user_new are both seller of the order line item but eBay now considers only user_new to be a valid participant in an order. That's why I proposed to add a field EIASToken as input for the GetFeedback call or use the provided authentication token submitted in the header or body (RequesterCredentials.eBayAuthToken) of the call to verify that a user is part of an order. The latter would be the expected behavior in my opinion because it already authenticates me.

 

I've solved it now by calling GetUser anytime before I call GetFeedback to always make sure I have the latest username.

 

The reason I've called it a bug report is, that both user_old and user_new are the same user and thus part of the order so the results should not be masked.

 

Best regards,

@versandwelle

Message 3 of 3
latest reply
0 Helpful

Featured Posts

View all
Top