Skip to content

eBay OAuth in Python

eBay's REST APIs use OAuth 2.0 with two grant types, and bidkit handles both automatically once configured.

Application tokens (client credentials)

For APIs that act on behalf of your application (Browse, Taxonomy, getting notification public keys, …), app_id + cert_id are all you need:

from bidkit import EbayClient, EbayConfig

client = EbayClient(EbayConfig(app_id="...", cert_id="..."))
client.buy.browse.search(q="fountain pen", limit=10)

bidkit mints the token on first use, caches it, and refreshes before expiry. Concurrent callers hitting a stale token trigger exactly one refresh (per-key locking), and cache keys are tenant-safe — a shared cache never returns another credential's token.

User tokens (refresh token)

To act on behalf of a seller (Inventory, Fulfillment, Finances, …), add the seller's refresh_token:

client = EbayClient(EbayConfig(app_id="...", cert_id="...", refresh_token="v^1...."))

Getting a refresh token (authorization-code flow)

The consent flow is a one-time, three-step exchange:

client = EbayClient(EbayConfig(app_id="...", cert_id="...", ru_name="...", scopes=(...,)))

# 1. Send the user to the consent URL.
print(client.authorization_url(state="..."))

# 2. eBay redirects to your RuName's accepted URL with ?code=<...>; capture that code.
# 3. Exchange it — this also authenticates the client immediately.
tokens = client.exchange_code(code)
print(tokens.refresh_token)   # persist; pass back as EbayConfig(refresh_token=...)

Only the redirect capture (step 2) needs the HTTPS "accepted URL" registered for your RuName — the exchange itself is a plain backend call. exchange_code stores the refresh token on the client's config, so the same client is immediately authorized.

Tip

The repository ships scripts/oauth_login.py, which runs the whole flow interactively (opens the browser, captures the redirect, optionally persists the token).

Token caching

Tokens are cached in memory by default, so each new process mints a fresh one. For CLIs and scripts, persist them across runs:

from bidkit import EbayClient, FileTokenCache

client = EbayClient(config, token_cache=FileTokenCache())

FileTokenCache stores tokens in a 0600 JSON file (default ~/.cache/bidkit/tokens.json) with atomic writes and expired-entry pruning. Any object implementing the two-method TokenCache protocol (get/set) works — e.g. Redis for multi-host deployments. See the auth reference.

Sandbox

EbayConfig(sandbox=True) routes everything to *.sandbox.ebay.com. Sandbox needs its own ...-SBX-... keyset — a production App ID fails with invalid_client.