Refresh tokens are used to generate eBay user tokens. User tokens are required for every eBay API call that returns account specific information from eBay. A user token has a life span of about two hours. To avoid forcing your user to log into eBay every time their user token expires, your application instead can store a refresh token. Refresh tokens last about 18 months. The user logs into eBay one time to associate their eBay account with your application. This gives your application permission to act on their behalf. The permission lasts for the lifetime of the refresh token or until the user revokes permission.
To generate a refresh token you need a base64 authorization code, your RuName, and an eBay user willing to give you their login credentials (It can be your account). The steps below would normally be automated by your application. However, since your application probably does not exist yet, I will explain as if you were performing the steps manually.
-
Log into the eBay developer program site and navigate to Auth Tokens for eBay. Select 'Production' as the environment.
-
Expand Get a Token from eBay via Your Application. Find the supplied link for 'Your branded eBay Production Sign In (OAuth)' and copy it into your web browser. You can instead use the 'Test Sign-In' button at the bottom of the page (Just make sure to select 0Auth radio button).
-
Sign in to eBay using your user's credentials. If you do not see a login page, you are already signed into a user's account. If it's not the user you want, navigate to eBay.com and sign out. After you are signed in as the desired user, you will see a page with an I agree button on it. Click the button, and wait for the resulting acknowledgment page. When you automate this step, know that there is a switch you can add to the url to force a login regardless of current eBay login status.
-
Copy the web address of the acknowledgment page. Embedded in the web address is a code that expires in 299 seconds. Copy that code. Be careful with copy/paste. Some browsers seem to automatically urlencode the url you copy. Compare what you see in the browser bar with what you paste. You now have less than five minutes to complete the next step.
-
You need three things; the code from step 4, your RuName, and your base64 authorization. Open a command window and execute the following curl command: (If you are on Windows, the double quotes are a must. If you are running Linux, you can use either single or double quotes in the command.)
curl -X POST "https://api.ebay.com/identity/v1/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Authorization: Basic YOUR_BASE64_AUTH_CODE" \
-d "grant_type=authorization_code" \
-d "code=CODE_YOU_COPIED_FROM_URL" \
-d "redirect_uri=YOUR_RUNAME"
-
The response should contain both an access token and a refresh token along with the number of seconds they are good for. Copy the refresh token and store it in a database along with your user's eBay id.
-
Anytime you need to generate a new user token, use the following command:
curl -X POST "https://api.ebay.com/identity/v1/oauth2/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Authorization: Basic YOUR_BASE64_AUTH_CODE" \
-d "grant_type=refresh_token" \
-d "refresh_token=YOUR_REFRESH_TOKEN"
More info can be found here
Two projects that will provide sample php code:
Step 5 Python request: