eBay

doosim-0 · ‎07-30-2023

Hi, I've been trying to generate an access token for my application.
I only need the publicly available information so I have been trying to use the "client_credentials" OAuth grant type but I keep getting errors and I can't figure out why.

For example if I run:

    curl --location 'https://api.ebay.com/identity/v1/oauth2/token' \
      --header 'Content-Type: application/x-www-form-urlencoded' \
      --header 'Authorization: Basic <BASE64(clientId:clientSecret)>' \
      --data-urlencode 'grant_type=client_credentials' \
      --data-urlencode 'scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope'

I get back the following response:

{
  "error":"invalid_scope",
  "error_description":"The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client"
}

I have also tried using some of the node client libraries that exist, such as "ebay-api" and "ebay-oauth-nodejs-client"

These each return

{
  "error": "invalid_client",
  "error_description": "client authentication failed"
}

I just don't know what I am supposed to do here.
I am using my production credentials, I have checked and double checked this, I don't know why I cannot access the API.

shipscript · ‎07-30-2023

In your code example, the scope is already URL encoded, but is being URL encoded yet again.

   --data-urlencode 'scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope'

ShipScript has been an eBay Community volunteer since 2003, specializing in HTML, CSS, Scripts, Photos, Active Content, Technical Solutions, and online Seller Tools.

doosim-0 · ‎07-30-2023

so if I try:

    curl --location 'https://api.ebay.com/identity/v1/oauth2/token' \
      --header 'Content-Type: application/x-www-form-urlencoded' \
      --header 'Authorization: Basic <BASE64(clientId:clientSecret)>' \
      --data-urlencode 'grant_type=client_credentials' \
      --data-urlencode 'scope=https://api.ebay.com/oauth/api_scope'

I get

{
  "error":"invalid_client",
  "error_description":"client authentication failed"
}

https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope

I think is the url encoded version of

https://api.ebay.com/oauth/api_scope

And the developer documentation says that I am suypposed to url encode the scope before calling (https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html)
Which is why I encoded it.
But trying it with the unencoded version does not work.

doosim-0 · ‎07-30-2023

If I try using the example request from the dev docs: https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html

curl -X POST 'https://api.ebay.com/identity/v1/oauth2/token' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Authorization: Basic <BASE64(clientId:clientSecret)>' \
  -d 'grant_type=client_credentials&scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope'

I get:

{
  "error":"invalid_client",
  "error_description":"client authentication failed"
}

I do not know why it views me as an invalid client

shipscript · ‎07-30-2023

Are you putting your own data into this header?

  -H 'Authorization: Basic <BASE64(clientId:clientSecret)>' \

This should be your ClientId (AppID) and ClientSecret (CertID) that are joined by a colon, and then that string must be base64 encoded.

ShipScript has been an eBay Community volunteer since 2003, specializing in HTML, CSS, Scripts, Photos, Active Content, Technical Solutions, and online Seller Tools.

doosim-0 · ‎07-30-2023

Yes, this is what I have done, I did not want to put it on the forum for security reasons

shipscript · ‎07-30-2023

Are you using your production credentials with the production endpoint?

I have posted a functional PHP version of the client-credential-based application-token creation that I use in my applications, with curl in longhand:

https://community.ebay.com/t5/Token-Messaging-Sandbox-related/Sample-PHP-for-generating-and-renewing...

Perhaps that longhand code will help you troubleshoot. Or, if you are using PHP, just grab the code and run with it.

ShipScript has been an eBay Community volunteer since 2003, specializing in HTML, CSS, Scripts, Photos, Active Content, Technical Solutions, and online Seller Tools.

doosim-0 · ‎07-30-2023

I am definitely using my production credentials, it seems like ebay has decided I do not have access to the

https://api.ebay.com/oauth/api_scope

scope, but when I check the oauth scopes I am supposed to have access to, it is there

doosim-0 · ‎07-31-2023

OK, it is now working.
I did not change anything from what I was doing, it just started working.
For anyone coming across this issue in future, it appears that there is a time period after you get access to the API and are given the keys / keysets, that the keys will not work, but after a couple of days it does. I assume this is because someone in ebay needs to manually review and approve every keyset.

Thank you shipscript for providing help I really appreciate the time you put in to answering my questions.