Ebay OAuth 2 Generate Token and Refresh – PHP

Today i will show to you how to use a OAuth 2 on Ebay, so how you can take your token, and then use it.

At first you must to register on https://developer.ebay.com

Then you must to set your Application on (Sandbox/Test or Production, in this guide i show to you Production procedure) https://developer.ebay.com/my/keys

After you must to have a situation like this:

Now we have:
– Client ID
– Dev ID
– Client Secret

We need:
– Authorization Code
– Access Token
– Refresh Token

Authorization Code

At first we must to generate the Authorization Code, and for this procedure we must to paste an url on the browser and copy the query string “code”.
So click on the “User token link”

Click on “Get a Token from eBay via Your Application”

Then you must to “Add eBay Redirect URL”
So you generate your app details, you can see the
“Your branded eBay Production Sign In (OAuth)” or if sandbox (test)
“Your branded eBay SandboxSign In (OAuth)”

Copy the link, that is like:

https://auth.ebay.com/oauth2/authorize?client_id=App-PRD-hhhhhf72-3hhb&response_type=code&redirect_uri=YourName-App–okllp&scope=https://api.ebay.com/oauth/api_scope https://api.ebay.com/oauth/api_scope/sell.marketing.readonly https://api.ebay.com/oauth/api_scope/sell.marketing https://api.ebay.com/oauth/api_scope/sell.inventory.readonly https://api.ebay.com/oauth/api_scope/sell.inventory https://api.ebay.com/oauth/api_scope/sell.account.readonly https://api.ebay.com/oauth/api_scope/sell.account https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly

Put this link on your browser, and login with your ebay account, so then you must to redirect on another page that sayd to you that the application has grant, and in the url bar you find your authorization code.

https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure&isAuthSuccessful=true&code=v%5K1.1HH%…..w&expires_in=299

Access Token and Refresh Token

Now with our authorization code, we call this url to take our access and refresh token.
For this call we need the authorization header, and create a base64 encode with clientID and certID.
And then in the parameter set Authorization code and RuName

$link = "https://api.ebay.com/identity/v1/oauth2/token";
        $codeAuth = base64_encode(':');
        $ch = curl_init($link);
        curl_setopt($ch, CURLOPT_HTTPHEADER, array(
            'Content-Type: application/x-www-form-urlencoded',
            'Authorization: Basic '.$codeAuth
        ));
        curl_setopt($ch, CURLHEADER_SEPARATE, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=authorization_code&code==&redirect_uri=");
        $response = curl_exec($ch);
        $json = json_decode($response, true);
        $info = curl_getinfo($ch);
        curl_close($ch);
        if($json != null)
        {
            $this->authToken = $json["access_token"];
            $this->refreshToken = $json["refresh_token"];
        }

Why we have access token and refresh token?

We use Access Token for all the api request on eBay service.
We use Refresh Token to regenerate a Access Token.

Access token is valid 2 hour, but Refresh Token is valid 18 months.

How can i refresh my access token?

You must to take a call to this service, passing your refresh code, and the service return to you your new access token

$link = "https://api.ebay.com/identity/v1/oauth2/token";
        $codeAuth = base64_encode(':');
        $ch = curl_init($link);
        curl_setopt($ch, CURLOPT_HTTPHEADER, array(
            'Content-Type: application/x-www-form-urlencoded',
            'Authorization: Basic '.$codeAuth
        ));
        curl_setopt($ch, CURLHEADER_SEPARATE, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=refresh_token&refresh_token&scope=https://api.ebay.com/oauth/api_scope https://api.ebay.com/oauth/api_scope/sell.marketing.readonly https://api.ebay.com/oauth/api_scope/sell.marketing https://api.ebay.com/oauth/api_scope/sell.inventory.readonly https://api.ebay.com/oauth/api_scope/sell.inventory https://api.ebay.com/oauth/api_scope/sell.account.readonly https://api.ebay.com/oauth/api_scope/sell.account https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly https://api.ebay.com/oauth/api_scope/sell.fulfillment https://api.ebay.com/oauth/api_scope/sell.analytics.readonly");
        $response = curl_exec($ch);
        $json = json_decode($response, true);
        $info = curl_getinfo($ch);
        curl_close($ch);
        if($json != null)
        {
            $this->authToken = $json["access_token"];
        }

I suggest to save your Access Token and Refresh Token on Database.

At the end my eBay API Simple Class

<?php

class EbayAPI
{
    protected $devID;
    protected $appID;
    protected $certID;
    protected $clientID;
    protected $serverUrl;
    public $userToken;
    protected $paypalEmailAddress;
    protected $ruName;


    public function __construct()
    {
        $this->devID = '<your-dev-id>'; // these prod keys are different from sandbox keys
        $this->appID = '<your-app-id>';
        $this->certID = '<your-cert-id>';
        $this->clientID = '<your-client-id>';
        //set the Server to use (Sandbox or Production)
        $this->serverUrl = 'https://api.ebay.com/ws/api.dll';      // server URL different for prod and sandbox
        //the token representing the eBay user to assign the call with

        $this->authCode = '<paste here your authorization code>'; 
        $this->authToken ="";
        $this->refreshToken ="";
        $this->ruName= "";

        $this->paypalEmailAddress= 'PAYPAL_EMAIL_ADDRESS';
        
    }

    public function firstAuthAppToken() {
        $url = "https://auth.ebay.com/oauth2/authorize?client_id=".$this->clientID."&amp;response_type=code&amp;redirect_uri=".$this->ruName."&amp;scope=https://api.ebay.com/oauth/api_scope https://api.ebay.com/oauth/api_scope/sell.marketing.readonly https://api.ebay.com/oauth/api_scope/sell.marketing https://api.ebay.com/oauth/api_scope/sell.inventory.readonly https://api.ebay.com/oauth/api_scope/sell.inventory https://api.ebay.com/oauth/api_scope/sell.account.readonly https://api.ebay.com/oauth/api_scope/sell.account https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly https://api.ebay.com/oauth/api_scope/sell.fulfillment https://api.ebay.com/oauth/api_scope/sell.analytics.readonly"; 
return $url;      
    }

    public function authorizationToken()
    {
        $link = "https://api.ebay.com/identity/v1/oauth2/token";
        $codeAuth = base64_encode($this->clientID.':'.$this->certID);
        $ch = curl_init($link);
        curl_setopt($ch, CURLOPT_HTTPHEADER, array(
            'Content-Type: application/x-www-form-urlencoded',
            'Authorization: Basic '.$codeAuth
        ));
        curl_setopt($ch, CURLHEADER_SEPARATE, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=authorization_code&amp;code=".$this->authCode."&amp;redirect_uri=".$this->ruName);
        $response = curl_exec($ch);
        $json = json_decode($response, true);
        $info = curl_getinfo($ch);
        curl_close($ch);
        if($json != null)
        {
            $this->authToken = $json["access_token"];
            $this->refreshToken = $json["refresh_token"]; 
        } 
    }

    public function refreshToken()
    {
        $link = "https://api.ebay.com/identity/v1/oauth2/token";
        $codeAuth = base64_encode($this->clientID.':'.$this->certID);
        $ch = curl_init($link);
        curl_setopt($ch, CURLOPT_HTTPHEADER, array(
            'Content-Type: application/x-www-form-urlencoded',
            'Authorization: Basic '.$codeAuth
        ));
        echo $this->refreshToken;
        curl_setopt($ch, CURLHEADER_SEPARATE, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=refresh_token&amp;refresh_token=".$this->refreshToken."&amp;scope=https://api.ebay.com/oauth/api_scope https://api.ebay.com/oauth/api_scope/sell.marketing.readonly https://api.ebay.com/oauth/api_scope/sell.marketing https://api.ebay.com/oauth/api_scope/sell.inventory.readonly https://api.ebay.com/oauth/api_scope/sell.inventory https://api.ebay.com/oauth/api_scope/sell.account.readonly https://api.ebay.com/oauth/api_scope/sell.account https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly https://api.ebay.com/oauth/api_scope/sell.fulfillment https://api.ebay.com/oauth/api_scope/sell.analytics.readonly");
        $response = curl_exec($ch);
        $json = json_decode($response, true);
        $info = curl_getinfo($ch);
        curl_close($ch);
        if($json != null)
        {
            $this->authToken = $json["access_token"];
        } 
    }
}

Cicciokr

"Javascript is to Java as hamburger is to ham; both are delicious, but they don't have much in common except a name" I'm javascript lovers and this is my site on witch sometimes write about my experience, when i have some free time, and remember: "Homo faber fortunae suae"

  1. Piotr

    I have changed “&amp” to “&” in CURLOPT_POSTFIELDS, add PHP function “urlencode” before all POST data (for example:
    urlencode($this->authCode)
    scope=”.urlencode(“https…
    )
    and now works perfect.

  2. Cicciokr

    @Piotr yes sorry the code editor change some html char. For the urlencode i don’t use it and work. Thank you for the suggest!

  3. Mithu

    Thanks for reply. But i want to know that’s when this method to be call. Method name – ” firstAuthAppToken()”

    public function firstAuthAppToken() {
    $url = “https://auth.ebay.com/oauth2/authorize?client_id=”.$this->clientID.”&response_type=code&redirect_uri=”.$this->ruName.”&scope=https://api.ebay.com/oauth/api_scope https://api.ebay.com/oauth/api_scope/sell.marketing.readonly https://api.ebay.com/oauth/api_scope/sell.marketing https://api.ebay.com/oauth/api_scope/sell.inventory.readonly https://api.ebay.com/oauth/api_scope/sell.inventory https://api.ebay.com/oauth/api_scope/sell.account.readonly https://api.ebay.com/oauth/api_scope/sell.account https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly https://api.ebay.com/oauth/api_scope/sell.fulfillment https://api.ebay.com/oauth/api_scope/sell.analytics.readonly“;
    }

  4. Cicciokr

    Okay i have understand.
    In the function you must to add:

    public function firstAuthAppToken() {
    $url = “https://auth.ebay.com/oauth2/authorize?client_id=”.$this->clientID.”&response_type=code&redirect_uri=”.$this->ruName.”&scope=https://api.ebay.com/oauth/api_scope https://api.ebay.com/oauth/api_scope/sell.marketing.readonly https://api.ebay.com/oauth/api_scope/sell.marketing https://api.ebay.com/oauth/api_scope/sell.inventory.readonly https://api.ebay.com/oauth/api_scope/sell.inventory https://api.ebay.com/oauth/api_scope/sell.account.readonly https://api.ebay.com/oauth/api_scope/sell.account https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly https://api.ebay.com/oauth/api_scope/sell.fulfillment https://api.ebay.com/oauth/api_scope/sell.analytics.readonly“;
    return $url;
    }

    You can create a php file, in witch you can call this function, so this function generate to you an url, you must to copy and paste this in the url bar of your browser, and then when redirect you back, in the url you can see the auth token, that you must to copy and paste in you database.
    Or you can simply generate a php redict page, that take a $_GET token param and save it in you database.

Write a Comment

Your email address will not be published.