eBay API Access Token Issue: The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client
I'm working with the eBay API and encountering an issue during the OAuth process. I'm trying to receive an access_token through this URL https://api.sandbox.ebay.com/identity/v1/oauth2/token
I'm making a POST with this data (please, also, see the Postman screenshot below):
- Headers:
- Content-Type: `application/x-www-form-urlencoded`
- Authorization: <Base64 encoded client ID and secret>
- Body (x-www-form-urlencoded):
- grant_type: client_credentials
- scope: https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope https:%3A%2F%2api.ebay.com%2oauth%2api_scope%2sell.account
- redirect_uri: <My redirect URL>
After making the POST request, I get the following response:
{
"error": "invalid_scope",
"error_description": "The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client"
}
Solution
You mixed a scope "Authorization Code Grant Type" and " Client Credential Grant Type" even if you assigned "grant_type" is "client_credentials"
Authorization Code Grant Type
https://api.ebay.com/oauth/api_scope/sell.account
Client Credential Grant Type
https://api.ebay.com/oauth/api_scope
So have to use same "Client Credential Grant Type" scopes
I demo two same category scopes from "Client Credential Grant Type"
https://api.ebay.com/oauth/api_scope https://api.ebay.com/oauth/api_scope/buy.guest.order
Username and Password copy from your Application Keys (client id and client secret) - the following image.
You can get the scope list from here
https://developer.ebay.com/my/keys
Client Credential Grant Type
| Scope | Heading Description |
|---|---|
| https://api.ebay.com/oauth/api_scope | View public data from eBay |
| https://api.ebay.com/oauth/api_scope/buy.guest.order | Purchase eBay items anywhere without signing in to eBay |
| https://api.ebay.com/oauth/api_scope/buy.item.feed | View curated feeds of eBay items |
| https://api.ebay.com/oauth/api_scope/buy.marketing | Retrieve eBay product and listing data for use in marketing merchandise to buyers |
| https://api.ebay.com/oauth/api_scope/buy.product.feed | View curated feeds of products from the eBay catalog |
| https://api.ebay.com/oauth/api_scope/buy.marketplace.insights | View historical sales data to help buyers make informed purchasing decisions |
| https://api.ebay.com/oauth/api_scope/buy.proxy.guest.order | Purchase eBay items anywhere, using an external vault for PCI compliance |
| https://api.ebay.com/oauth/api_scope/buy.item.bulk | Retrieve eBay items in bulk |
| https://api.ebay.com/oauth/api_scope/buy.deal | View eBay sale events and deals |
Authorization Code Grant Type
| Scope | Heading Description |
|---|---|
| https://api.ebay.com/oauth/api_scope | View public data from eBay |
| https://api.ebay.com/oauth/api_scope/buy.order.readonly | View your order details |
| https://api.ebay.com/oauth/api_scope/buy.guest.order | Purchase eBay items anywhere without signing in to eBay |
| https://api.ebay.com/oauth/api_scope/sell.marketing.readonly | View your eBay marketing activities, such as ad campaigns and listing promotions |
| https://api.ebay.com/oauth/api_scope/sell.marketing | View and manage your eBay marketing activities, such as ad campaigns and listing promotions |
| https://api.ebay.com/oauth/api_scope/sell.inventory.readonly | View your inventory and offers |
| https://api.ebay.com/oauth/api_scope/sell.inventory | View and manage your inventory and offers |
| https://api.ebay.com/oauth/api_scope/sell.account.readonly | View your account settings |
| https://api.ebay.com/oauth/api_scope/sell.account | View and manage your account settings |
| https://api.ebay.com/oauth/api_scope/sell.fulfillment.readonly | View your order fulfillments |
| https://api.ebay.com/oauth/api_scope/sell.fulfillment | View and manage your order fulfillments |
| https://api.ebay.com/oauth/api_scope/sell.analytics.readonly | View your selling analytics data, such as performance reports |
| https://api.ebay.com/oauth/api_scope/sell.marketplace.insights.readonly | View product selling data to help you make pricing and stocking decisions |
| https://api.ebay.com/oauth/api_scope/commerce.catalog.readonly | Search and view eBay product catalog information |
| https://api.ebay.com/oauth/api_scope/buy.offer.auction | View and manage bidding activities for auctions |
| https://api.ebay.com/oauth/api_scope/commerce.identity.readonly | View a user's basic information, such as username or business account details, from their eBay member account |
| https://api.ebay.com/oauth/api_scope/commerce.identity.email.readonly | View a user's personal email information from their eBay member account. |
| https://api.ebay.com/oauth/api_scope/commerce.identity.phone.readonly | View a user's personal telephone information from their eBay member account |
| https://api.ebay.com/oauth/api_scope/commerce.identity.address.readonly | View a user's address information from their eBay member account |
| https://api.ebay.com/oauth/api_scope/commerce.identity.name.readonly | View a user's first and last name from their eBay member account |
| https://api.ebay.com/oauth/api_scope/commerce.identity.status.readonly | View a user's eBay member account status |
| https://api.ebay.com/oauth/api_scope/sell.finances | View and manage your payment and order information to display this information to you and allow you to initiate refunds using the third party application |
| https://api.ebay.com/oauth/api_scope/sell.payment.dispute | View and manage disputes and related details (including payment and order information) |
| https://api.ebay.com/oauth/api_scope/sell.item.draft | View and manage your item drafts |
| https://api.ebay.com/oauth/api_scope/sell.item | View and manage your item information |
| https://api.ebay.com/oauth/api_scope/sell.reputation | View and manage your reputation data, such as feedback |
| https://api.ebay.com/oauth/api_scope/sell.reputation.readonly | View your reputation data, such as feedback |
| https://api.ebay.com/oauth/api_scope/commerce.notification.subscription | View and manage your event notification subscriptions |
| https://api.ebay.com/oauth/api_scope/commerce.notification.subscription.readonly | View your event notification subscriptions |
| https://api.ebay.com/oauth/api_scope/sell.stores | View and manage eBay stores |
| https://api.ebay.com/oauth/api_scope/sell.stores.readonly | View eBay stores |
- How to authenticate resource owner with JWT token on Spring Authorization Server for requests to /oauth2/authorize?
- Headless OAuth2 Token Refresh Fails with Spring boot and MSAL4J
- Springboot Keycloak Admin add role or reset password error
- request to token url returning 400 bad request for google oauth2?
- Spring Boot Oauth Client & Authorization Server + React implementation
- Dotnet-Isolated Azure Functions - how to access HttpContext
- Enabling and Configuring Password History on Cognito
- Where to store the refresh token on the Client?
- Keycloak-Remix integration: where should I place the checks?
- Using PHPMailer when already have an access token
- Meta /media_publish return 500 unknown error
- Why is the IDP responding with Invalid Signature for a client assertion JWT
- Securing an azure API with oauth: Able to retrieve a token but token is invalid
- Spring Security 5.2 Password Flow
- Why Doesn't my Authorization Header need "Bearer"?
- Add role based authentication using next-auth in NextJS
- No qualifying bean of type 'org.springframework.security.oauth2.client.registration.ClientRegistrationRepository' available
- JakartaEE 10 OpenIdAuthenticationMechanism failed with Auth0
- Aws Cognito Oauth2: Refresh token rotation
- How to securely store api credentials in a native appliaction in a cross-platform manner
- KeyCloak Java Service Account Create User
- Get Google business reviews server side
- SpringBoot OAuth2 with Keycloak not returning mapped Roles as Authorities
- What is the purpose of the "access_token=" parameter when downloading a file from Google Drive?
- java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer
- How do I implement social login with GitHub accounts?
- portainer keycloak 20 oauth login "unauthorized" / "Unable to login via OAuth"
- Google Oauth2 redirect_uri_mismatch when send request from localhost
- Google OAuth 2 authorization - Error: redirect_uri_mismatch
- Use Entra ID as Identity Provider for Client Credentials flow