Receiving Invalid client errors while trying to generate Access Token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2023 08:45 AM
Hi, I've been trying to generate an access token for my application.
I only need the publicly available information so I have been trying to use the "client_credentials" OAuth grant type but I keep getting errors and I can't figure out why.
For example if I run:
curl --location 'https://api.ebay.com/identity/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <BASE64(clientId:clientSecret)>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope'
I get back the following response:
{
"error":"invalid_scope",
"error_description":"The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client"
}
I have also tried using some of the node client libraries that exist, such as "ebay-api" and "ebay-oauth-nodejs-client"
These each return
{
"error": "invalid_client",
"error_description": "client authentication failed"
}
I just don't know what I am supposed to do here.
I am using my production credentials, I have checked and double checked this, I don't know why I cannot access the API.
Receiving Invalid client errors while trying to generate Access Token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2023 09:04 AM
In your code example, the scope is already URL encoded, but is being URL encoded yet again.
--data-urlencode 'scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope'
Receiving Invalid client errors while trying to generate Access Token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2023 09:38 AM
so if I try:
curl --location 'https://api.ebay.com/identity/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <BASE64(clientId:clientSecret)>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=https://api.ebay.com/oauth/api_scope'
I get
{
"error":"invalid_client",
"error_description":"client authentication failed"
}
https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope
I think is the url encoded version of
https://api.ebay.com/oauth/api_scope
And the developer documentation says that I am suypposed to url encode the scope before calling (https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html)
Which is why I encoded it.
But trying it with the unencoded version does not work.
Receiving Invalid client errors while trying to generate Access Token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2023 09:42 AM
If I try using the example request from the dev docs: https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html
curl -X POST 'https://api.ebay.com/identity/v1/oauth2/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Basic <BASE64(clientId:clientSecret)>' \
-d 'grant_type=client_credentials&scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope'
I get:
{
"error":"invalid_client",
"error_description":"client authentication failed"
}
I do not know why it views me as an invalid client
Receiving Invalid client errors while trying to generate Access Token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2023 09:59 AM
Are you putting your own data into this header?
-H 'Authorization: Basic <BASE64(clientId:clientSecret)>' \
This should be your ClientId (AppID) and ClientSecret (CertID) that are joined by a colon, and then that string must be base64 encoded.
Receiving Invalid client errors while trying to generate Access Token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2023 10:39 AM
Yes, this is what I have done, I did not want to put it on the forum for security reasons
Receiving Invalid client errors while trying to generate Access Token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2023 02:38 PM
Are you using your production credentials with the production endpoint?
I have posted a functional PHP version of the client-credential-based application-token creation that I use in my applications, with curl in longhand:
Perhaps that longhand code will help you troubleshoot. Or, if you are using PHP, just grab the code and run with it.
Receiving Invalid client errors while trying to generate Access Token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2023 11:43 PM
I am definitely using my production credentials, it seems like ebay has decided I do not have access to the
https://api.ebay.com/oauth/api_scope
scope, but when I check the oauth scopes I am supposed to have access to, it is there
Receiving Invalid client errors while trying to generate Access Token
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-31-2023 01:25 AM
OK, it is now working.
I did not change anything from what I was doing, it just started working.
For anyone coming across this issue in future, it appears that there is a time period after you get access to the API and are given the keys / keysets, that the keys will not work, but after a couple of days it does. I assume this is because someone in ebay needs to manually review and approve every keyset.
Thank you shipscript for providing help I really appreciate the time you put in to answering my questions.
