eBay Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Renewing User Consent Token for API Access

Go to Best Answer
joelssportscards
Adventurer

‎01-27-2025 11:44 AM

I am stuck!

 

It seems my user consent token (18-month one) has expired and I am trying to renew it. I generated a new URL to get my user consent code, but all it does is redirect to my website - it doesn't give me the page w/ the code in the URL that I seem to remember from before, and sadly, the notes on this process are lacking.

 

https://auth.ebay.com/oauth2/authorize?client_id=CLIENT_ID&prompt=login&redirect_uri=RUNAME&response_type=code&scope=SCOPE_URLS

 

What can I do to fix? I am trying to use the data here https://developer.ebay.com/api-docs/static/oauth-auth-code-grant-request.html to send the data to the API. I believe the OAuth code I generated is passed as the client_secret in the Basic AUTH header, according to the documentation on this page. The code value in the body of the post is the code returned from the user consent URL?

 

Any help is appreciated!

Message 1 of 6
latest reply
0 Helpful
1 BEST ANSWER

Accepted Solutions

Renewing User Consent Token for API Access

Go to Best Answer
klickitat
Adventurer
In response to joelssportscards

‎01-27-2025 03:01 PM

The client secret is the Cert ID.  You can find it on the Application keys page here: https://developer.ebay.com/my/keys 

View Best Answer in original post

Message 3 of 6
latest reply
5 REPLIES 5

Renewing User Consent Token for API Access

Go to Best Answer
joelssportscards
Adventurer

‎01-27-2025 01:12 PM

I followed the link "Your branded eBay Production Sign In (OAuth)" and that seems to have given me a code in the resulting URL. So, w/ that, I guess maybe my questions are:

What should I pass for the 'client_secret' in the BASIC Auth header?

What should code value be in the payload (I assume the "code" in the consent URL)?

Message 2 of 6
latest reply
0 Helpful

Renewing User Consent Token for API Access

Go to Best Answer
klickitat
Adventurer
In response to joelssportscards

‎01-27-2025 03:01 PM

The client secret is the Cert ID.  You can find it on the Application keys page here: https://developer.ebay.com/my/keys 

Message 3 of 6
latest reply

Renewing User Consent Token for API Access

Go to Best Answer
joelssportscards
Adventurer
In response to klickitat

‎01-28-2025 07:31 AM

The one value I didn't try. Thanks!

Message 4 of 6
latest reply
0 Helpful

Renewing User Consent Token for API Access

Go to Best Answer
joelssportscards
Adventurer

‎01-28-2025 09:14 AM

For posterity, in case anyone else has issues updating their user consent token, here's what I did:

 

- revoked app access here: https://accounts.ebay.com/acctsec/security-center/third-party-app-access

- generate a new production OAuth and save it: https://developer.ebay.com/my/auth?env=production&index=0

- copy the "Your branded eBay Sandbox Sign In (OAuth)" URL and load in a new window

- get the "code" URL parameter and save it

- run the following code (in your preferred flavor - I am using cURL in PHP

 

$oauth_token = "OAuth token from above";
$user_token = "code URL parameter from above";

$query = [
    'grant_type' => "authorization_code",
    'code' => urldecode($user_token),
    'redirect_uri' => "Your RuName"
];

// POST the data to build the new user token
$_curl = curl_init();

curl_setopt($_curl, CURLOPT_URL, 'https://api.ebay.com/identity/v1/oauth2/token');
curl_setopt($_curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($_curl, CURLOPT_POST, 1);
curl_setopt($_curl, CURLOPT_POSTFIELDS, http_build_query($query));
curl_setopt($_curl, CURLOPT_HTTPHEADER, [
    'Content-Type: application/x-www-form-urlencoded',
    'Authorization: Basic ' . base64_encode("Client_ID:Client_Secret")
]);

$response = curl_exec($_curl);
if (curl_errno($_curl)) {
    echo 'Error:' . curl_error($_curl);
}
curl_close($_curl);

print "Result:\n" . print_r(json_decode($response, true), true) . "\n"; // look for "refresh_token" value in JSON

 

Message 5 of 6
latest reply
0 Helpful

Renewing User Consent Token for API Access

Go to Best Answer
developer-support@ebay.com
Adventurer

‎02-17-2025 04:46 PM - edited ‎02-17-2025 04:48 PM

Hello @joelssportscards ,

 

To successfully generate an OAuth Refresh Token (which remains valid for 18 months), please follow the outlined steps below:

 

1. Obtain User Permission and Authorization Code:

 

Direct the user to the eBay authorization URL, allowing them to log in and provide application with the necessary permissions. Utilize the following URL format:

 

 

https://auth.ebay.com/oauth2/authorize?
client_id=<app-client-id-value>&
redirect_uri=<app-RuName-value>&
response_type=code&
scope=<scopeList>

 

 

Once the user grants permission, they will be redirected to the designated redirect URI, accompanied by an authorization code.

 

For additional information, please consult the documentation here: https://developer.ebay.com/api-docs/static/oauth-consent-request.html

 

2. Exchange Authorization Code for User Access Token and Refresh Token:

 

Submit a POST request to eBay’s token endpoint to exchange the authorization code for a user access token and refresh token:

 

 

https://api.ebay.com/identity/v1/oauth2/token
Authorization: Basic <B64-encoded-oauth-credentials> // The word Basic followed by your Base64-encoded OAuth credentials (<client_id>:<client_secret>)
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
code=<URL-decoded-auth-code>&
redirect_uri=<your_redirect_uri>

 

 

A successful response will include the access_token, expires_in, refresh_token, and refresh_token_expires_in.

 

For additional information, please consult the documentation here: https://developer.ebay.com/api-docs/static/oauth-auth-code-grant-request.html

 

Best Regards,

eBay Developer Support

Message 6 of 6
latest reply
0 Helpful

Featured Posts

View all
Top