10-23-2023 08:36 AM
Hi All ,
I tried using OAuth Client credential grant for receiving token in order to download orders from Ebay to import it into third part application. When I looked the available scopes for my third party application ,it shows only below mentioned scope under client credential grant type. How can I get more scope listed here so that I can use fulfilment APIs ? I'm not looking for Authorization code grant type where all permissions are available.
Hi All ,
I tried using OAuth Client credential grant for receiving token in order to download orders from Ebay to import it into third part application. When I looked the available scopes for my third party application ,it shows only below mentioned one under client credential grant type. How can I get more scope listed here so that I can use fulfilment APIs ? I'm not looking for Authorization code grant type where all permissions are available.
https://api.ebay.com/oauth/api_scope - View public data from eBay
Thanks in advance
11-29-2023 01:15 AM
Hello,
We too have the same issue. We are currently using the authorization code grant type flow as a short term solution.
However it would be preferred to either be able to expand the OAuth scopes in production or get a user access token that does not expire in 2 hours.
With Warm Regards,
A M.
11-29-2023 07:36 AM
@micksgarage_uk wrote:
I tried using OAuth Client credential grant for receiving token in order to download orders from Ebay to import it into third part application.
"Client credential" is only for publicly available data. "Client credential" gives your application access to that public data. Public data is what can be found in search or in listings.
Orders and inventory are private data. You must initiate "User Authorization grant flow" to obtain permission from the user to access the private data in the user's eBay account.
Access to private data is a three part process:
Consent: First, the application must open a page where the user can sign in and manually consent to the access. This is the "Grant application access" page. Calling the page will require a list of scopes pertinent to the request. When the user accepts, the return URL will contain a 5-minute token, so the URL must be parsed by your application.
https://developer.ebay.com/api-docs/static/oauth-consent-request.html
Access Token: The user's authentication code or token must then be passed into the OAuth flow, where a 2-hour access token is created, along with a refresh token.
https://developer.ebay.com/api-docs/static/oauth-auth-code-grant-request.html
If you are making only a few calls on behalf of the user, you could request data with only this access token until it expires. But for longer durations, you will need to save the included refresh token.
Refresh Token: The refresh token is a long-lived token that you can save and use repeatedly for up to 18 months. As needed, call the token endpoint with the refresh token. This will generate a new 2-hour access token that can be used in requests for user data.
https://developer.ebay.com/api-docs/static/oauth-refresh-token-request.html
12-26-2023 03:51 AM
Thanks for sharing this.