How to get an OAuth Token from eBay API using Express, Node, Javascript

https://unsplash.com/@timmossholder

This is my laziest post yet. I’m copy-pasting a question I answered on my Stack Overflow to my Medium because I think it’s good content.

After three frustrating days of trying to get eBay to give me an OAuth access token, I have finally found a solution.

I have decided to post my solution here in the hope that it will help others.

app.get("/login/ebay", (req, res) => {
res.redirect(`https://auth.sandbox.ebay.com/oauth2/authorize?client_id=DeanSchm-TestApp-SBX-b843acc90-fd663cbb&redirect_uri=Dean_Schmid-DeanSchm-TestAp-kqmgc&response_type=code`
);
});

The first thing you need to do is redirect to this URL.

The format is like this. You can get all this info by creating a sandbox test environment and logging into the eBay developer area.

https://auth.sandbox.ebay.com/oauth2/authorize?client_id=&redirect_uri=&response_type=code

Click here if you don’t know how to get a redirect_uri https://developer.ebay.com/api-docs/static/oauth-redirect-uri.html

Once you log in, eBay gives you this UI which you use to tell it where to redirect to after login and where to send the OAuth token.

For demonstration purposes, I’ll write callback.

You handle this endpoint in node or express or whatever:

Here is how I handled it

app.get("/auth/ebay/callback", (req, res) => {
  axios("https://api.sandbox.ebay.com/identity/v1/oauth2/token", {
    method: "post",
    headers: {
      "Content-Type": "application/x-www-form-urlencoded",
      Authorization:
        "Basic " +
        btoa(
          `client public key:client secret keys`
        )
    },
    data: qs.stringify({
      grant_type: "authorization_code",
      // parsed from redirect URI after returning from eBay,
      code: req.query.code,
      // this is set in your dev account, also called RuName
      redirect_uri: "Dean_Schmid-DeanSchm-TestAp-kqmgc"
    })
  })
    .then(response => console.log(response))
    .catch(err => console.log(err));
});

A few gotchas that got me.

• Make sure you have space after “Basic “ in the authorisation header.
• bota is a 3rd party library that base 64 encodes your public and secret keys. There are many ways to do this. I just did it this way because I stole a bunch of code.
• With Axios, the request body is called data but with fetch and other methods it might be called something else like body or param
• The Axios method is in a get request because the redirect from eBay defaults to an HTTP get.
• eBay now uses HTTPS. Make sure you are using sandbox URLs