07-30-2023 08:45 AM
Hi, I've been trying to generate an access token for my application.
I only need the publicly available information so I have been trying to use the "client_credentials" OAuth grant type but I keep getting errors and I can't figure out why.
For example if I run:
curl --location 'https://api.ebay.com/identity/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <BASE64(clientId:clientSecret)>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope'
I get back the following response:
{
"error":"invalid_scope",
"error_description":"The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client"
}
I have also tried using some of the node client libraries that exist, such as "ebay-api" and "ebay-oauth-nodejs-client"
These each return
{
"error": "invalid_client",
"error_description": "client authentication failed"
}
I just don't know what I am supposed to do here.
I am using my production credentials, I have checked and double checked this, I don't know why I cannot access the API.
07-30-2023 09:04 AM
In your code example, the scope is already URL encoded, but is being URL encoded yet again.
--data-urlencode 'scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope'
07-30-2023 09:38 AM
so if I try:
curl --location 'https://api.ebay.com/identity/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <BASE64(clientId:clientSecret)>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=https://api.ebay.com/oauth/api_scope'
I get
{
"error":"invalid_client",
"error_description":"client authentication failed"
}
https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope
I think is the url encoded version of
https://api.ebay.com/oauth/api_scope
And the developer documentation says that I am suypposed to url encode the scope before calling (https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html)
Which is why I encoded it.
But trying it with the unencoded version does not work.
07-30-2023 09:42 AM
If I try using the example request from the dev docs: https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html
curl -X POST 'https://api.ebay.com/identity/v1/oauth2/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Basic <BASE64(clientId:clientSecret)>' \
-d 'grant_type=client_credentials&scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope'
I get:
{
"error":"invalid_client",
"error_description":"client authentication failed"
}
I do not know why it views me as an invalid client
07-30-2023 09:59 AM
Are you putting your own data into this header?
-H 'Authorization: Basic <BASE64(clientId:clientSecret)>' \
This should be your ClientId (AppID) and ClientSecret (CertID) that are joined by a colon, and then that string must be base64 encoded.
07-30-2023 10:39 AM
Yes, this is what I have done, I did not want to put it on the forum for security reasons
07-30-2023 02:38 PM
Are you using your production credentials with the production endpoint?
I have posted a functional PHP version of the client-credential-based application-token creation that I use in my applications, with curl in longhand:
Perhaps that longhand code will help you troubleshoot. Or, if you are using PHP, just grab the code and run with it.
07-30-2023 11:43 PM
I am definitely using my production credentials, it seems like ebay has decided I do not have access to the
https://api.ebay.com/oauth/api_scope
scope, but when I check the oauth scopes I am supposed to have access to, it is there
07-31-2023 01:25 AM
OK, it is now working.
I did not change anything from what I was doing, it just started working.
For anyone coming across this issue in future, it appears that there is a time period after you get access to the API and are given the keys / keysets, that the keys will not work, but after a couple of days it does. I assume this is because someone in ebay needs to manually review and approve every keyset.
Thank you shipscript for providing help I really appreciate the time you put in to answering my questions.