ShipScript has been an eBay Community volunteer since 2003, specializing in HTML, CSS, Scripts, Photos, Active Content, Technical Solutions, and online Seller Tools.
@micksgarage_uk wrote:
I tried using OAuth Client credential grant for receiving token in order to download orders from Ebay to import it into third part application.
"Client credential" is only for publicly available data. "Client credential" gives your application access to that public data. Public data is what can be found in search or in listings.
Orders and inventory are private data. You must initiate "User Authorization grant flow" to obtain permission from the user to access the private data in the user's eBay account.
Access to private data is a three part process:
Consent: First, the application must open a page where the user can sign in and manually consent to the access. This is the "Grant application access" page. Calling the page will require a list of scopes pertinent to the request. When the user accepts, the return URL will contain a 5-minute token, so the URL must be parsed by your application.
https://developer.ebay.com/api-docs/static/oauth-consent-request.html
Access Token: The user's authentication code or token must then be passed into the OAuth flow, where a 2-hour access token is created, along with a refresh token.
https://developer.ebay.com/api-docs/static/oauth-auth-code-grant-request.html
If you are making only a few calls on behalf of the user, you could request data with only this access token until it expires. But for longer durations, you will need to save the included refresh token.
Refresh Token: The refresh token is a long-lived token that you can save and use repeatedly for up to 18 months. As needed, call the token endpoint with the refresh token. This will generate a new 2-hour access token that can be used in requests for user data.
https://developer.ebay.com/api-docs/static/oauth-refresh-token-request.html
