eBay API Access Token Issue: The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client
I'm working with the eBay API and encountering an issue during the OAuth process. I'm trying to receive an access_token through this URL https://api.sandbox.ebay.com/identity/v1/oauth2/token
I'm making a POST with this data (please, also, see the Postman screenshot below):
- Headers:
- Content-Type: `application/x-www-form-urlencoded`
- Authorization: <Base64 encoded client ID and secret>
- Body (x-www-form-urlencoded):
- grant_type: client_credentials
- scope: https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope https:%3A%2F%2api.ebay.com%2oauth%2api_scope%2sell.account
- redirect_uri: <My redirect URL>
After making the POST request, I get the following response:
{
"error": "invalid_scope",
"error_description": "The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client"
}
Solution
You mixed a scope "Authorization Code Grant Type" and " Client Credential Grant Type" even if you assigned "grant_type" is "client_credentials"
Authorization Code Grant Type
https://api.ebay.com/oauth/api_scope/sell.account
Client Credential Grant Type
https://api.ebay.com/oauth/api_scope
So have to use same "Client Credential Grant Type" scopes
I demo two same category scopes from "Client Credential Grant Type"
https://api.ebay.com/oauth/api_scope https://api.ebay.com/oauth/api_scope/buy.guest.order
Username and Password copy from your Application Keys (client id and client secret) - the following image.
You can get the scope list from here
https://developer.ebay.com/my/keys
Client Credential Grant Type
| Scope | Heading Description |
|---|---|
| https://api.ebay.com/oauth/api_scope | View public data from eBay |
| https://api.ebay.com/oauth/api_scope/buy.guest.order | Purchase eBay items anywhere without signing in to eBay |
| https://api.ebay.com/oauth/api_scope/buy.item.feed | View curated feeds of eBay items |
| https://api.ebay.com/oauth/api_scope/buy.marketing | Retrieve eBay product and listing data for use in marketing merchandise to buyers |
| https://api.ebay.com/oauth/api_scope/buy.product.feed | View curated feeds of products from the eBay catalog |
| https://api.ebay.com/oauth/api_scope/buy.marketplace.insights | View historical sales data to help buyers make informed purchasing decisions |
| https://api.ebay.com/oauth/api_scope/buy.proxy.guest.order | Purchase eBay items anywhere, using an external vault for PCI compliance |
| https://api.ebay.com/oauth/api_scope/buy.item.bulk | Retrieve eBay items in bulk |
| https://api.ebay.com/oauth/api_scope/buy.deal | View eBay sale events and deals |
Authorization Code Grant Type
| Scope | Heading Description |
|---|---|
| https://api.ebay.com/oauth/api_scope | View public data from eBay |
| https://api.ebay.com/oauth/api_scope/buy.order.readonly | View your order details |
| https://api.ebay.com/oauth/api_scope/buy.guest.order | Purchase eBay items anywhere without signing in to eBay |
| https://api.ebay.com/oauth/api_scope/sell.marketing.readonly | View your eBay marketing activities, such as ad campaigns and listing promotions |
| https://api.ebay.com/oauth/api_scope/sell.marketing | View and manage your eBay marketing activities, such as ad campaigns and listing promotions |
| https://api.ebay.com/oauth/api_scope/sell.inventory.readonly | View your inventory and offers |
| https://api.ebay.com/oauth/api_scope/sell.inventory | View and manage your inventory and offers |
| https://api.ebay.com/oauth/api_scope/sell.account.readonly | View your account settings |
| https://api.ebay.com/oauth/api_scope/sell.account | View and manage your account settings |
| https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly | View your order fulfillments |
| https://api.ebay.com/oauth/api_scope/sell.fulfillment | View and manage your order fulfillments |
| https://api.ebay.com/oauth/api_scope/sell.analytics.readonly | View your selling analytics data, such as performance reports |
| https://api.ebay.com/oauth/api_scope/sell.marketplace.insights.readonly | View product selling data to help you make pricing and stocking decisions |
| https://api.ebay.com/oauth/api_scope/commerce.catalog.readonly | Search and view eBay product catalog information |
| https://api.ebay.com/oauth/api_scope/buy.offer.auction | View and manage bidding activities for auctions |
| https://api.ebay.com/oauth/api_scope/commerce.identity.readonly | View a user's basic information, such as username or business account details, from their eBay member account |
| https://api.ebay.com/oauth/api_scope/commerce.identity.email.readonly | View a user's personal email information from their eBay member account. |
| https://api.ebay.com/oauth/api_scope/commerce.identity.phone.readonly | View a user's personal telephone information from their eBay member account |
| https://api.ebay.com/oauth/api_scope/commerce.identity.address.readonly | View a user's address information from their eBay member account |
| https://api.ebay.com/oauth/api_scope/commerce.identity.name.readonly | View a user's first and last name from their eBay member account |
| https://api.ebay.com/oauth/api_scope/commerce.identity.status.readonly | View a user's eBay member account status |
| https://api.ebay.com/oauth/api_scope/sell.finances | View and manage your payment and order information to display this information to you and allow you to initiate refunds using the third party application |
| https://api.ebay.com/oauth/api_scope/sell.payment.dispute | View and manage disputes and related details (including payment and order information) |
| https://api.ebay.com/oauth/api_scope/sell.item.draft | View and manage your item drafts |
| https://api.ebay.com/oauth/api_scope/sell.item | View and manage your item information |
| https://api.ebay.com/oauth/api_scope/sell.reputation | View and manage your reputation data, such as feedback |
| https://api.ebay.com/oauth/api_scope/sell.reputation.readonly | View your reputation data, such as feedback |
| https://api.ebay.com/oauth/api_scope/commerce.notification.subscription | View and manage your event notification subscriptions |
| https://api.ebay.com/oauth/api_scope/commerce.notification.subscription.readonly | View your event notification subscriptions |
| https://api.ebay.com/oauth/api_scope/sell.stores | View and manage eBay stores |
| https://api.ebay.com/oauth/api_scope/sell.stores.readonly | View eBay stores |
- Role-based authentication not working with Keycloak and Java Spring
- What If Session Expires While User Is Still On The Website
- Remix run: Authentication succeeds on validation failures
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Using two or more SecurityFilterChains with Spring Security 6 does not work properly, only one chain is invoked
- What is the purpose of the 'state' parameter in OAuth authorization request
- OAuth 2.0 Single Client Configuration for Web and Mobile Applications
- OAuth 2 access_token vs OpenId Connect id_token
- Spring Security - Multiple OAuth2 Identity providers (github and google) work with only one Bean with @Prirmary?
- Error in oAuth2 Google APIs - invalid_request "You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy"
- MSAL Node service & The Partner Center API
- How to change the app name for Firebase authentication (what the user sees)
- Generate token fails for Azure app which is both client and API (client credentials workflow)
- Is it okay to encrypt a 3rd party access token and refresh token, in an encrypted JWT?
- Is a Client Secret Required for Google OAuth 2.0 using the PKCE Authorization Flow? Should I Expose the Client Secret Publicly?
- What is the purpose of a "Refresh Token"?
- Pagination with oauth azure data factory
- How to use supabase google auth provider in react naive expo app
- How to bypass keycloak login page and provide client suggested idp with spring security
- Issue with Discord OAuth2 redirect_uri component
- npm install error - invalid package.json
- Google Identity Platform: Using OAuth 2.0 in Powershell using Firebase Admin SDK private key
- Can I get the company name/logo with the LinkedIn API?
- PayPal REST API credentials of another business or party
- Configuring spring-boot-starter-oauth2-client to authenticate with Azure AD
- Problems logging into coinbase api with oauth2
- Azure authentification for multiple audience using WithExtraScopesToConsent and AcquireTokenSilent
- Microsoft OAuth authorization code flow CORS
- How to authorize a request to the FCM v1 API with an access token
- Error creating bean with name 'corsConfigurationSource'