ShipScript has been an eBay Community volunteer since 2003, specializing in HTML, CSS, Scripts, Photos, Active Content, Technical Solutions, and online Seller Tools.
When using the Browse API and the "Search" call, you will only need an application access token (client_credential) because you will not need to get into any user accounts. The 18-month token is for accessing a private user account, but it appears to work when accessing public data.
To acquire and use public client_credentials, your server would need to request, and store, a token for up to two hours, and then request another, when needed, after the two-hour token expires.
https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html
On the other hand, a private authorization_code is a three part process.
https://developer.ebay.com/api-docs/static/oauth-authorization-code-grant.html
First, the user logs in to their account so that your application can acquire an authorization code. That code is used to retrieve an access token and a refresh token. The access token is good for 2 hours, while the refresh token is good for 18 months. When the 2-hour access token expires, a new 2-hour token must be minted using the 18-month refresh token.
So, as you can see, either process will require minting a new token every two hours. If you don't need to get into a user account, the public client_credentials for your application would be simplest.
Yes, that looks about right.
This should work for only 2 hours, and then you will need a new token. I was using it all morning the other day and had to get tokens three times, which seems reasonable. I had found that I got a red "something went wrong" icon, when trying to retrieve a new token. Instead, I had to reload the explorer page each time before fetching a new token.
If you are timing out sooner than 2 hours, there may be some sort of session cookie or something about the browser that interferes. When I'm running tokens on my website, I have no issues.
That stack overflow instruction would be about right for a private user token if sandbox references are removed and endpoints are corrected.
However, you can get the same info on these pages, where you can verify proper endpoints:
I don't read C#, but eBay has a link on this page for a C# "authorization_code" application:
https://developer.ebay.com/api-docs/static/oauth-authorization-code-grant.html
and on this page for a C# "client_credentials" application to access public data:
https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html
I have a PHP version here for the simpler problem of minting application tokens for public data (and there are certainly other ways to tackle the problem, so this is just one way):
I've asked ChatGPT to translate my token-minting code to C#, below.
CAVEAT: I have no idea if it works, but perhaps it will give you a starting point. This would just mint tokens, so your application would have to call (or include) this module to retrieve an existing token or mint a new token.
using System;
using System.IO;
using System.Net;
using System.Text;
public class OAuthHelper
{
private static readonly string oauthRoot = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "../ebay_oauth/");
private static readonly string oauthClientIdFile = Path.Combine(oauthRoot, "ebay_apiuser.txt");
private static readonly string oauthSecretIdFile = Path.Combine(oauthRoot, "ebay_apisecret.txt");
private static readonly string oauthBasicTokenFile = Path.Combine(oauthRoot, "ebay_basic_token.txt");
public static string CreateBasicOAuthToken()
{
string url = "https://api.ebay.com/identity/v1/oauth2/token";
string clientId = File.ReadAllText(oauthClientIdFile).Trim();
string clientSecret = File.ReadAllText(oauthSecretIdFile).Trim();
string authorization = Convert.ToBase64String(Encoding.UTF8.GetBytes($"{clientId}:{clientSecret}"));
string body = $"grant_type=client_credentials&scope=https://api.ebay.com/oauth/api_scope";
try
{
WebRequest request = WebRequest.Create(url);
request.Method = "POST";
request.Headers.Add("Authorization", "Basic " + authorization);
request.ContentType = "application/x-www-form-urlencoded";
byte[] data = Encoding.UTF8.GetBytes(body);
request.ContentLength = data.Length;
using (Stream stream = request.GetRequestStream())
{
stream.Write(data, 0, data.Length);
}
using (WebResponse response = request.GetResponse())
using (Stream responseStream = response.GetResponseStream())
using (StreamReader reader = new StreamReader(responseStream))
{
string jsonResponse = reader.ReadToEnd();
dynamic token = Newtonsoft.Json.JsonConvert.DeserializeObject(jsonResponse);
if (token.access_token != null)
{
File.WriteAllText(oauthBasicTokenFile, token.access_token);
return token.access_token;
}
else
{
return "ERR: could not access token";
}
}
}
catch (WebException ex)
{
return "ERR: " + ex.Message;
}
}
public static string GetBasicOAuthToken()
{
if (File.Exists(oauthBasicTokenFile))
{
DateTime lastWriteTime = File.GetLastWriteTime(oauthBasicTokenFile);
DateTime now = DateTime.Now;
TimeSpan duration = TimeSpan.FromSeconds(7200); // 2 hours
int margin = 30; // remaining seconds before we request a new token
if (lastWriteTime.Add(duration).AddSeconds(-margin) > now)
{
return File.ReadAllText(oauthBasicTokenFile);
}
else
{
return CreateBasicOAuthToken();
}
}
else
{
return CreateBasicOAuthToken();
}
}
}
ChatGPT says: "This C# code should provide similar functionality to the PHP code you provided. Note that I've used Newtonsoft.Json for JSON serialization/deserialization, so you'll need to install that package if you haven't already. Also, I've handled exceptions using try-catch blocks to mimic the error handling in the PHP code."
To ask ChatGPT for help, one can open a free basic account here: https://chat.openai.com/
But accept responses with an abundance of caution. We see a lot of trolls who use Chat to answer questions here on the forums, and the answers often miss the mark.
