eBay

mathman87vw4 · ‎10-20-2024

I trying use a token from the OAuth client credentials grant flow with the Trading API.

The following code matches up with the OAuth Client Credentials grant steps in the following link (https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html)

import requests, base64
consent_response = requests.post("https://api.ebay.com/identity/v1/oauth2/token", 
headers = {
"Content-Type": "application/x-www-form-urlencoded", 
"Authorization": f"""Basic {basic_auth}"""
}, data = {
"grant_type": "client_credentials", 
"scope": "https://api.ebay.com/oauth/api_scope"
})

Use this SDK (https://github.com/timotheus/ebaysdk-python/wiki/Trading-API-Class) to call the GetItem (or any) method. The code below sets iaf_token but I have used the "regular" token in the past.

from ebaysdk.trading import Connection as Trading
api = Trading(
appid="<redacted>",
devid="<redacted>",
certid="<redacted>", 
compatibility="1375", 
siteid="2",
iaf_token=consent_response.json()["access_token"], 
config_file=None, 
debug=True,
)

eBay returns an error saying the IAF token generated from step 1 is invalid. Changing from IAF token to "regular" token didn't help.

2024-10-20 10:13:18,420 ebaysdk [DEBUG]:REQUEST (02a1d900-4308-4c36-b9d3-c1c7f5e79e40): POST https:
//api.ebay.com/ws/api.dll2024-10-20 10:13:18,425 ebaysdk [DEBUG]:headers={'X-EBAY-API-COMPATIBILITY-LEVEL': '1375', 'X-EBAY-API-
DEV-NAME': '<redacted>', 'X-EBAY-API-APP-NAME': '<redacted>', 'X-EBAY-API-CERT-NAME': '<redacted>', 'X-EBAY-API-SITEID': '2', 
'X-EBAY-API-CALL-NAME': 'GetItem', 'Content-Type': 'text/xml', 'X-EBAY-API-IAF-TOKEN': '<redacted>', 'User-Agent': 
'eBaySDK/2.2.0 Python/3.12.6 Windows/10', 'X-EBAY-SDK-REQUEST-ID': '02a1d900-4308-4c36-b9d3-c1c7f5e79e40', 'Content-Length': 
'140'}2024-10-20 10:13:18,442 ebaysdk [DEBUG]:body=b'<?xml version=\'1.0\' encoding=\'utf-8\'?><GetItemRequest xmlns="urn:ebay:
apis:eBLBaseComponents"><ItemID>186161246553</ItemID></GetItemRequest>'
2024-10-20 10:13:18,746 ebaysdk [DEBUG]:RESPONSE (02a1d900-4308-4c36-b9d3-c1c7f5e79e40):2024-10-20 10:13:18,748 ebaysdk [DEBUG]:
elapsed time=0:00:00.3000382024-10-20 10:13:18,749 ebaysdk [DEBUG]:status code=2002024-10-20 10:13:18,751 ebaysdk [DEBUG]:
headers={'Connection': 'keep-alive', 'Content-Length': '484', 'x-envoy-upstream-service-time': '70', 'x-ebay-api-server-name': 
'___dGlsZHZuamorM2B9d3MucWN0cDU2NTUqNzctMjEpMjUwKTE3Mj07NT43', 'server': 'ebay-proxy-server', 'content-type': 'text/xml', 
'rlogid': 't6buonl%3F%3Cumjgwjli*7f%7Evw%28rbpv6713-192aa467b3d-0x232d', 'x-ebay-api-pool-name': '___dDZidW9ubA==', 'x-ebay-pop-
id': 'UFES2-LVSAZ04-api', 'Accept-Ranges': 'bytes', 'Date': 'Sun, 20 Oct 2024 14:13:18 GMT', 'Via': '1.1 varnish', 'X-Served-
By': 'cache-yyz4550-YYZ, cache-yyz4550-YYZ', 'X-Cache': 'MISS, MISS', 'X-Cache-Hits': '0, 0', 'X-Timer': 'S1729433599.701125,
VS0,VE157', 'x-CDN': 'Fastly', 'Strict-Transport-Security': 'max-age=31557600'}2024-10-20 10:13:18,757 ebaysdk [DEBUG]:content=<
?xml version="1.0" encoding="UTF-8"?><GetItemResponse xmlns="urn:ebay:apis:eBLBaseComponents"><Timestamp>2024-10-20T14:13:
18.801Z</Timestamp><Ack>Failure</Ack><Errors><ShortMessage>Invalid IAF token.</ShortMessage><LongMessage>IAF token supplied is 
invalid.</LongMessage><ErrorCode>21916984</ErrorCode><SeverityCode>Error</SeverityCode><ErrorClassification>RequestError<
/ErrorClassification></Errors><Version>1193</Version><Build>E1193_CORE_API_19146280_R1</Build></GetItemResponse>

developer_support@ebay · ‎10-21-2024

Hi @mathman87vw4,

User access token minted with the authorization code grant request, remains valid for 7,200 seconds (2 hours) from the time it was generated. After the token expires, you will need to renew it using the supplied refresh token.

While User access tokens are short-lived, the associated refresh_token is a long-lived value that you can use to update an expired User access token. This means you do not have to get the user's consent each time you need a new User access token.

To update the access token after it expires, see Using a refresh token to update a User access token.

Best Regards,
eBay Developer Support

View Best Answer in original post

developer_support@ebay · ‎10-21-2024

Hi @mathman87vw4,

User access token minted with the authorization code grant request, remains valid for 7,200 seconds (2 hours) from the time it was generated. After the token expires, you will need to renew it using the supplied refresh token.

While User access tokens are short-lived, the associated refresh_token is a long-lived value that you can use to update an expired User access token. This means you do not have to get the user's consent each time you need a new User access token.

To update the access token after it expires, see Using a refresh token to update a User access token.

Best Regards,
eBay Developer Support

mathman87vw4 · ‎10-21-2024

If I understand your response correctly, only the authorization code grant flow is supported for the Trading API , and the client credentials grant flow is not supported?

mathman87vw4 · ‎11-04-2024

As per the following post (https://community.ebay.com/t5/Traditional-APIs-Orders/Is-Trading-API-with-Application-Token-impossib... only user tokens are allowed not application tokens. Eventhough my preference is to use an application token so that I don't have to set up user token refresh and rotation, it's not a big deal since I can generate a user and refresh token.