Official Guide: http://developer.ebay.com/devzone/rest/ebay-rest/content/oauth-gen-user-token.html
I’ll also cover some mistakes I made.
- Signup at https://developer.ebay.com
- Create an App and get the App ID (Client ID) and Cert ID (Client Secret)
- Click ‘User Tokens‘ (either from sandbox or production, depend on you)
- Click “Get a Token from eBay via Your Application” then “Add eBay Redirect URL“
- Fill in the form, the only important thing is the “Your auth accepted URL“, it should be under your domain. (You should able to extract the auth code from the call back later, for example $_GET[‘code’] in PHP), let’s assume this https://yourdomain.com/accept.php
- Take down the value of “RuName (eBay Redirect URL name)” and “Your branded eBay Production Sign In (OAuth)“
So far, we’ve done our preparation at developer.ebay.com
Then, on you local developing environment or you production server,:
- Set user login you own website
- put a hyperlink pointing to the URL of “Your branded eBay Production Sign In (OAuth)“
- visitor click on that link, and login with their ebay account.
- ebay will make a callback redirect to “Your auth accepted URL” if success.
On the “Your auth accepted URL“, prepare a PHP script that get the value of $_GET[‘code’] and save it in sessions. It starts with ‘v%5E1’. this is called “Authorization Code”
Next, get an “Access Token” with this “Authorization Code”
Craft a HTTP Request with whatever you like with PHP.
Content-Type = application/x-www-form-urlencoded
Authorization = Basic <B64-encoded-oauth-credentials>
HTTP method: POST
Request body (wrapped for readability):
We have three ‘Variables’ here.
<B64-encoded-oauth-credentials>: Use a Chrome Browser, Right click, Inspect, Console
Then type: btoa(‘APP_ID:CERT_ID‘);
We did take down these two values earlier. and there is a : between.
Hit ENTER, the value inside the double quotes is <B64-encoded-oauth-credentials>
<authorization-code>: the ‘Authorization Code‘ we got in the callback redirect.
<redirect_URI>: This is the tricky part. This can’t be ignored or filled with random things, it’s the value of “RuName (eBay Redirect URL name)”
Send the request, and you’ll get the access token and the refresh token.
Follow the official guide to refresh the token if expired.
We are basically finished here, If you wanna call an API, ‘List orders as a seller’ for instance:
Authorization: Bearer <YOUR_ACCESS_TOKEN>
It’s Bearer this time :), don’t use Basic by mistake.