(disclaimer, I'm relatively new to using the Ebay Developer APIs, and Auth in general).
Hi, I've been digging into the Ebay TradingAPIs and want to use the GetMyMessages, and GetMyMemberMessages APIs, but can't find what scopes they require when using Authorization Code Grant Flow?
I've been able to test this on my personal account, and found that seemingly the only scope I needed to provide was `scope=https://api.ebay.com/oauth/api_scope`.
Looking at the description of that scope:
Using the authorization_code granted from the sign-in URL with just that scope, I was able to use my developer account to read my test account's personal messages. This doesn't seem like the intended implementation of that scope.
Am I missing something in how Ebay and the TradingAPIs handle scopes? Are the scopes just suggestive?
My general workflow is:
1. Go to my User Tokens
2. Grab the "Your branded eBay Production Sign In (OAuth)"
3. Strip off all scopes in the URL except `scope=https://api.ebay.com/oauth/api_scope`
4. Open an incognito browser, log in as my gmail account.
5. Go to the branded URL, and approve, copy the authorization code.
6. Go to my dev environment, use that authorization code to generate access and refresh tokens.
7. Use the refresh token to generate a new access token (as if the first one had expired).
8. Call the GetMyMessages API using the Python ebaysdk, with the access token.
9. Call is successful.
