4

currently I am using eBay Trading API with Python. Thanks to: https://github.com/timotheus/ebaysdk-python

I used https://github.com/luke-dixon/django-ebay-accounts to get tokens for user.

Now, I would like to use Restful API (https://developer.ebay.com/docs#Acc). I don't think I can use tokens I have already. So, I managed thanks to Getting an Ebay OAuth Token get one. But I think I missing something, because during the process I cannot include info for user (name/password), so, for example https://api.ebay.com/sell/fulfillment/v1/order?limit=10 returns: 

{
  "errors": [{
    "errorId": 1100,
    "domain": "ACCESS",
    "category": "REQUEST",
    "message": "Access denied",
    "longMessage": "Insufficient permissions to fulfill the request."
  }]
}

Any idea how can I get a token for the user?

Just snippet of code to make things more clear:

AppSettings = {
            'app_id': EBAY_PRODUCTION_APPID,
            'app_secret': EBAY_PRODUCTION_CERTID,
            'dev_id': EBAY_PRODUCTION_DEVID, 
            'ruName': EBAY_PRODUCTION_RU_NAME 
        }
authHeaderData = AppSettings['app_id'] + ':' + AppSettings['app_secret']
        encodedAuthHeader = base64.b64encode(authHeaderData.encode())

        headers = {
            "Content-Type": "application/x-www-form-urlencoded",
            "Authorization": "Basic ".encode() + encodedAuthHeader
        }
body = {
            "grant_type": "client_credentials",
            "redirect_uri": settings.EBAY_PRODUCTION_RU_NAME,
            "scope": "https://api.ebay.com/oauth/api_scope"
        }

        data = urllib.parse.urlencode(body)

        tokenURL = "https://api.ebay.com/identity/v1/oauth2/token"

        response = requests.post(tokenURL, headers=headers, data=body)
        authDict = response.json()

So the request to run I need is:

r = requests.get("https://api.ebay.com/sell/fulfillment/v1/order?limit=10",
                         headers={"Authorization": "{}".format(authDict['access_token']),
                                  "Content-Type": "application/json",
                                  "X-EBAY-C-MARKETPLACE-ID": "EBAY_UK",
                                  "Accept": "application/json"
                                  })
Erik A
  • 31,639
  • 12
  • 42
  • 67
gerpaick
  • 801
  • 2
  • 13
  • 36
  • "in place of a username/passwd" ? Sorry, I got confused. What part of the code are you reffering to? – gerpaick Mar 07 '19 at 22:53
  • disregard that comment. I was confused :D – Lord Elrond Mar 07 '19 at 23:54
  • Possible duplicate of [Getting eBay Access Token (Exchanging auth token) with python requests](https://stackoverflow.com/questions/44649316/getting-ebay-access-token-exchanging-auth-token-with-python-requests) – omikes Mar 08 '19 at 19:25
  • **Definitely** not a duplicate of [that](https://stackoverflow.com/questions/44649316/getting-ebay-access-token-exchanging-auth-token-with-python-requests) question... Getting an access token and trying to use an access token are two completely different things. – Lord Elrond Mar 08 '19 at 19:31

3 Answers3

2

According to this, I believe you are supposed to use the following authorization header:

headers['Authorization'] = "Bearer " + USER_ACCESS_TOKEN

Where the USER_ACCESS_TOKEN is the massive token generated on this page.

It looks something like this:

'v^1.1#i^1#p^3#f^0#I^3#r^0#t^ ...
...
...
...
... bfxr8BJtphi2M/oo2xpYo2hiMWxmZt4fVzS7qe2tMXUSAAA='

The Authorization you are using is for requests that aren't linked to a specific user account (search results, meta data for items, etc.). To make requests that are for specific users (eg. orders or inventory updates), you have to get their permission via their USER_ACCESS_TOKEN.

If you need help getting the USER_ACCESS_TOKEN let me know and I'll update.

Note that I have been trying to do the same thing that you are doing for about 6 hours now, and still haven't figured it out, so I am not confident in this answer.

Hope this helps. If you do figure it out, you should post an answer so others can too (ie myself xD).

eBay definitely wins the gold metal for worst api docs in the history of api docs...

Lord Elrond
  • 13,430
  • 7
  • 40
  • 80
  • 1
    thanks for your comment. I will give another try to solve this on Monday. I will post my results. – gerpaick Mar 08 '19 at 23:06
  • I am not sure if you were able to resolve the issue. longMessage": "Insufficient permissions to fulfill the request." comes up if the tokens do not have the correct scope when the authorization_code grant was requested. – Senthilkumar Gopal Mar 19 '19 at 05:46
  • 1
    Have you guys gotten this to work? The API documents are a sh!tstorm of awful. I've managed to fix some of the default-failing examples ebay presents but I'm also hitting the "Insufficient permissions to fulfill the request" error – carl crott May 07 '20 at 16:40
  • 1
    @carlcrott I have. If you ask a separate question I can help you there. Just remember to tag me so I can see it – Lord Elrond May 08 '20 at 12:54
  • @reinstate-monica I believe I tagged you in it. As a backup https://stackoverflow.com/q/61706632/365798 – carl crott May 10 '20 at 03:01
  • @SenthilkumarGopal can you advise i keep getting {'error': 'invalid_client', 'error_description': 'client authentication failed'} – sunny babau Jul 23 '20 at 22:09
  • @sunnybabau Sure, can I have the link to your question? – Lord Elrond Jul 23 '20 at 22:11
  • @ReinstateMonica Thank you sir. Here is my question https://stackoverflow.com/questions/63063985/ebay-token-and-getdealitems-api-call-issue – sunny babau Jul 23 '20 at 22:23
  • @sunnybabau Please refer to the answer here https://stackoverflow.com/questions/63063985/ebay-token-and-getdealitems-api-call-issue/63084190#63084190. Hope that is helpful. – Senthilkumar Gopal Jul 25 '20 at 04:05
1

The API Explore @ developer.ebay.com has description of HTTP Headers for each RestFul API. E.G. Fulfillment API - getOrdres:

HTTP Headers Authorization:Bearer <OAUTH_token> Accept:application/json Content-Type:application/json

Sample code:

import requests,json

headers = {
 
    "Authorization": "Bearer Type_Your_Token_here_or_Paste_IF_too_long",
    'Accept':'application/json',
    'Content-Type':'application/json'
}

EndPoint = "https://api.ebay.com/sell/fulfillment/v1/order?filter=orderfulfillmentstatus:%7BNOT_STARTED|IN_PROGRESS%7D"

response = requests.get(EndPoint,headers = headers)
snakecharmerb
  • 47,570
  • 11
  • 100
  • 153
Mars Carl
  • 56
  • 1
1

https://newbedev.com/ebay-oauth-token-and-refresh-tokens has introduced eBay OAuth token much better than eBay.

By the way, "grant_type": "client_credentials" is only valid for clients who can on have one scope. https://api.ebay.com/oauth/api_scope.

A shortcut to get your code run: the refresh token is actually the token you have for standard API, which is valid for 18 months. With a refresh token, you can get token without getting the annoying "authorization code" via user consent.

In short, please use refresh token to get user access token for the restful API.

Hope the above helps.

csgeek
  • 711
  • 6
  • 15
Mars Carl
  • 56
  • 1