FetchToken

Use this call to retrieve an authentication token for a user. The call can be used to get a token only after the specified user has given consent for the token to be generated. Consent is given through the eBay sign-in page. After token retrieval, the token can be used to authenticate other calls made on behalf of the associated user.

Unlike other Trading API calls, FetchToken requests do not require a user token for authorization. Instead, the call makes use of your application keys (App ID, Dev ID, and Cert ID) for authorization. In addition, you must supply a SessionID value, which you obtain by making a call to GetSessionID.

Include the application keys in the SOAP header for SOAP requests, and in the HTTP header for XML requests. The keys use different names in the HTTP headers:

The App ID is passed as X-EBAY-API-APP-NAME.
The Dev ID is passed as X-EBAY-API-DEV-NAME.
The Cert ID is passed as X-EBAY-API-CERT-NAME.

See Standard Data for All Calls for information about how to pass data in your SOAP and XML requests.

Usage Details

Before calling FetchToken, the user must have successfully signed in and accepted the consent form. Next, when calling FetchToken, you must specify the SessionID value that was returned from the GetSessionID request that the application sent when redirecting the user to the eBay sign-in and consent page.

Once completed, the application can make calls to FetchToken for any and all of its end-users. However, other applications created by the same developer still need to meet this requirement, even if the same end-users also use the application.

To call FetchToken, set Username in RequesterCredentials to the user of interest (or supply a SessionID). The attempt to retrieve the token must be made within 48 hours of the time the user signed in on the sign-in and consent page.

See Getting Tokens and Setting Up an Application to Receive Tokens for more details.

FetchToken returns the authentication token for the specified user into the eBayAuthToken field. It also returns the expiration date and time for the token in HardExpirationTime.

You can test FetchToken in the Sandbox environment. In order to test in the Sandbox, you'll need to create at least one test user. For information about creating and using test users, see Testing in the SandBox.

Related Information

See Working with token/authentication calls.

Input

See also Samples.

The box below lists all fields that could be included in the call request. To learn more about an individual field or its type, click its name in the box (or scroll down to find it in the table below the box).

See also the Deprecated Objects link above. Fields presented in this color are deprecated, and fields presented in this color are (or soon will be) non-operational.

The XML prototype does not include requester credentials. This is a documentation limitation only (see Standard Requester Credentials for Making Calls).

<?xml version="1.0" encoding="utf-8"?>
<FetchTokenRequest xmlns="urn:ebay:apis:eBLBaseComponents">
  <!-- Call-specific Input Fields -->
  <SecretID> string </SecretID>
  <SessionID> string </SessionID>
  <!-- Standard Input Fields -->
  <ErrorLanguage> string </ErrorLanguage>
  <MessageID> string </MessageID>
  <Version> string </Version>
  <WarningLevel> WarningLevelCodeType </WarningLevel>
</FetchTokenRequest>

Argument	Type	Occurrence	Meaning

Call-specific Input Fields [Jump to standard fields]

SecretID	string	Optional	A value associated with the token retrieval request. SecretID is defined by the application, and is passed in the redirect URL to the eBay sign-in page. eBay recommends using a UUID for the secret ID value. You must also set Username (part of the RequesterCredentials) for the particular user of interest. SecretID and Username are not required if SessionID is present.
SessionID	string	Optional	A value associated with the token retrieval request. eBay generates the session ID when the application makes a GetSessionID request. SessionID is passed in the redirect URL to the eBay sign-in page. The advantage of using SessionID is that it does not require UserID as part of the FetchToken request. SessionID is not required if SecretID is present.

Standard Input Fields

ErrorLanguage

string

Optional

Use ErrorLanguage to return error strings for the call in a different language from the language commonly associated with the site that the requesting user is registered with. Below are some examples from different countries.

ID	Country
en_AU	Australia
de_AT	Austria
nl_BE	Belgium (Dutch)
fr_BE	Belgium (French)
en_CA	Canada
fr_CA	Canada (French)
zh_CN	China
fr_FR	France
de_DE	Germany
zh_HK	Hong Kong
en_IN	India
en_IE	Ireland
it_IT	Italy
nl_NL	Netherlands
en_SG	Singapore
es_ES	Spain
de_CH	Switzerland
en_GB	United Kingdom
en_US	United States

MessageID string Optional Most Trading API calls support a MessageID element in the request and a CorrelationID element in the response. If you pass in a MessageID in a request, the same value will be returned in the CorrelationID field in the response. Pairing these values can help you track and confirm that a response is returned for every request and to match specific responses to specific requests. If you do not pass a MessageID value in the request, CorrelationID is not returned.

Note: GetCategories is designed to retrieve very large sets of metadata that change once a day or less often. To improve performance, these calls return cached responses when you request all available data (with no filters). When this occurs, the MessageID and CorrelationID fields aren't applicable. However, if you specify an input filter to reduce the amount of data returned, the calls retrieve the latest data (not cached). When this occurs, MessageID and CorrelationID are applicable.

Version

string

Conditional

The version number of the API code that you are programming against (e.g., 1149). The version you specify for a call has these basic effects:

It indicates the version of the code lists and other data that eBay should use to process your request.
It indicates the schema version you are using.

You need to use a version that is greater than or equal to the lowest supported version.
For the SOAP API: If you are using the SOAP API, this field is required. Specify the version of the WSDL your application is using.

For the XML API: If you are using the XML API, this field has no effect. Instead, specify the version in the X-EBAY-API-COMPATIBILITY-LEVEL HTTP header. (If you specify Version in the body of an XML API request and it is different from the value in the HTTP header, eBay returns an informational warning that the value in the HTTP header was used instead.)

See:
    HTTP headers
    eBay Schema Versioning Strategy
    Lowest Supported Version

WarningLevel

WarningLevelCodeType

Optional

Controls whether or not to return warnings when the application passes unrecognized or deprecated elements in a request.

An unrecognized element is one that is not defined in any supported version of the schema. Schema element names are case-sensitive, so using WarningLevel can also help you remove any potential hidden bugs within your application due to incorrect case or spelling in field names before you put your application into the Production environment.

WarningLevel only validates elements; it doesn't validate XML attributes. It also doesn't control warnings related to user-entered strings or numbers, or warnings for logical errors.

We recommend that you only use this during development and debugging. Do not use this in requests performed in the Production environment.

Applicable values:

High

(in) The WarningLevel value is set to High if the user wishes to receive warnings when the application passes unrecognized or deprecated elements in an API call request. Setting the WarningLevel value to High is not recommended in a production environment. Instead, it should only be used during the development/debugging stage.

Low

(in) The WarningLevel value is set to Low if the user does not wish to receive warnings when the application passes unrecognized or deprecated elements in an API call request. This is the default value if WarningLevel is not specified in the call request.

See Warning Level.

Output

See also Samples.

The box below lists all fields that might be returned in the response. To learn more about an individual field or its type, click its name in the box (or scroll down to find it in the table below the box).

See also the Deprecated Objects link above. Fields presented in this color are deprecated, and fields presented in this color are not returned (or soon will not be returned) or are not operational (or soon will be non-operational).

<?xml version="1.0" encoding="utf-8"?>
<FetchTokenResponse xmlns="urn:ebay:apis:eBLBaseComponents">
  <!-- Call-specific Output Fields -->
  <eBayAuthToken> string </eBayAuthToken>
  <HardExpirationTime> dateTime </HardExpirationTime>
  <RESTToken> string </RESTToken>
  <!-- Standard Output Fields -->
  <Ack> AckCodeType </Ack>
  <Build> string </Build>
  <CorrelationID> string </CorrelationID>
  <Errors> ErrorType
    <ErrorClassification> ErrorClassificationCodeType </ErrorClassification>
    <ErrorCode> token </ErrorCode>
    <ErrorParameters ParamID="string"> ErrorParameterType
      <Value> string </Value>
    </ErrorParameters>
    <!-- ... more ErrorParameters nodes allowed here ... -->
    <LongMessage> string </LongMessage>
    <SeverityCode> SeverityCodeType </SeverityCode>
    <ShortMessage> string </ShortMessage>
  </Errors>
  <!-- ... more Errors nodes allowed here ... -->
  <Timestamp> dateTime </Timestamp>
  <Version> string </Version>
</FetchTokenResponse>

Return Value	Type	Occurrence	Meaning

Call-specific Output Fields [Jump to standard fields]

eBayAuthToken	string	Always	The authentication token for the user. See Working with token/authentication calls.
HardExpirationTime	dateTime	Always	Date and time at which the token returned in eBayAuthToken expires and can no longer be used to authenticate the user for that application.
RESTToken	string	Conditionally	The REST authentication token for the user.

Standard Output Fields

Ack	AckCodeType	Always	A token representing the application-level acknowledgement code that indicates the response status (e.g., success). The AckCodeType list specifies the possible values for the Ack field. Applicable values: CustomCode (out) Reserved for internal or future use. Failure (out) This value indicates that the call request processing failed. Success (out) This value indicates that the call request was processed successfully without any issues. Warning (out) This value indicates that the call request was successful, but processing was not without any issues. These issues can be checked in the Errors container, that will also be returned when one or more known issues occur with the call request. (Not all values in AckCodeType apply to this field.) Code so that your app gracefully handles any future changes to this list.
Build	string	Always	This refers to the specific software build that eBay used when processing the request and generating the response. This includes the version number plus additional information. eBay Developer Support may request the build information when helping you resolve technical issues.
CorrelationID	string	Conditionally	Most Trading API calls support a MessageID element in the request and a CorrelationID element in the response. If you pass in a MessageID in a request, the same value will be returned in the CorrelationID field in the response. Pairing these values can help you track and confirm that a response is returned for every request and to match specific responses to specific requests. If you do not pass a MessageID value in the request, CorrelationID is not returned. Note: GetCategories is designed to retrieve very large sets of metadata that change once a day or less often. To improve performance, these calls return cached responses when you request all available data (with no filters). When this occurs, the MessageID and CorrelationID fields aren't applicable. However, if you specify an input filter to reduce the amount of data returned, the calls retrieve the latest data (not cached). When this occurs, MessageID and CorrelationID are applicable.
Errors	ErrorType	Conditionally, repeatable: [0..*]	A list of application-level errors (if any) that occurred when eBay processed the request.
Errors.ErrorClassification	ErrorClassificationCodeType	Conditionally	API errors are divided between two classes: system errors and request errors. Applicable values: CustomCode (out) Reserved for internal or future use. RequestError (out) An error has occurred either as a result of a problem in the sending application or because the application's end-user has attempted to submit invalid data (or missing data). In these cases, do not retry the request. The problem must be corrected before the request can be made again. If the problem is due to something in the application (such as a missing required field), the application must be changed. If the problem is a result of end-user data, the application must alert the end-user to the problem and provide the means for the end-user to correct the data. Once the problem in the application or data is resolved, resend the request to eBay with the corrected data. SystemError (out) Indicates that an error has occurred on the eBay system side, such as a database or server down. An application can retry the request as-is a reasonable number of times (eBay recommends twice). If the error persists, contact Developer Technical Support. Once the problem has been resolved, the request may be resent in its original form. Code so that your app gracefully handles any future changes to this list.
Errors.ErrorCode	token	Conditionally	A unique code that identifies the particular error condition that occurred. Your application can use error codes as identifiers in your customized error-handling algorithms. See Errors By Number.
Errors.ErrorParameters	ErrorParameterType	Conditionally, repeatable: [0..*]	This optional element carries a list of context-specific error variables that indicate details about the error condition. These are useful when multiple instances of ErrorType are returned.
Errors.ErrorParameters [ attribute ParamID ]	string	Conditionally	This optional element carries a list of context-specific error variables that indicate details about the error condition. These are useful when multiple instances of ErrorType are returned.
Errors.ErrorParameters.Value	string	Conditionally	This is the value of the request parameter noted in the ParamID attribute. So, if the ParamID value was ItemID, the value in this field would be the actual value of that ItemID.
Errors.LongMessage	string	Conditionally	A more detailed description of the condition that raised the error.
Errors.SeverityCode	SeverityCodeType	Conditionally	Indicates whether the error is a severe error (causing the request to fail) or an informational error (a warning) that should be communicated to the user. Applicable values: CustomCode (out) Reserved for internal or future use. Error (out) The request that triggered the error was not processed successfully. When a serious application-level error occurs, the error is returned instead of the business data. If the source of the problem is within the application (such as a missing required element), change the application before you retry the request. If the problem is due to end-user input data, please alert the end-user to the problem and provide the means for them to correct the data. Once the problem in the application or data is resolved, you can attempt to re-send the request to eBay. If the source of the problem is on eBay's side, An application can retry the request as-is a reasonable number of times (eBay recommends twice). If the error persists, contact Developer Technical Support. Once the problem has been resolved, the request may be resent in its original form. See the Error handling section of the Making a Trading API call guide for more information. Warning (out) The request was processed successfully, but something occurred that may affect your application or the user. For example, eBay may have changed a value the user sent in. In this case, eBay returns a normal, successful response and also returns the warning. When a warning occurs, the error is returned in addition to the business data. In this case, you do not need to retry the request (as the original request was successful). However, depending on the cause or nature of the warning, you might need to contact either the end user or eBay to effect a long term solution to the problem to prevent it from reoccurring in the future. Code so that your app gracefully handles any future changes to this list.
Errors.ShortMessage	string	Conditionally	A brief description of the condition that raised the error.
Timestamp	dateTime	Always	This value represents the date and time when eBay processed the request. The time zone of this value is GMT and the format is the ISO 8601 date and time format (YYYY-MM-DDTHH:MM:SS.SSSZ). See the Time Values section in the eBay Features Guide for information about this time format and converting to and from the GMT time zone. Note: GetCategories and other Trading API calls are designed to retrieve very large sets of metadata that change once a day or less often. To improve performance, these calls return cached responses when you request all available data (with no filters). When this occurs, this time value reflects the time the cached response was created. Thus, this value is not necessarily when the request was processed. However, if you specify an input filter to reduce the amount of data returned, the calls retrieve the latest data (not cached). When this occurs, this time value does reflect when the request was processed.
Version	string	Always	The version of the response payload schema. Indicates the version of the schema that eBay used to process the request. See the Standard Data for All Calls section in the eBay Features Guide for information on using the response version when troubleshooting CustomCode values that appear in the response.

Detail Controls

DetailLevel

This call does not support varying Detail Levels. You do not need to pass DetailLevel in the request.

Samples

New to making API calls? Please see Making a Call.

Note: Some item IDs, user IDs, or other data in these samples might no longer be active on eBay. If necessary, you can substitute current eBay data in your requests.

Sample: Basic Call

Retrieves an authentication token for the specified user.

Description

The following sample submits the SessionID for the user. The request also contains application keys (X-EBAY-API-DEV-NAME, X-EBAY-API-APP-NAME, and X-EBAY-API-CERT-NAME). For XML-formatted requests, the application keys are provided as HTTP header values. For SOAP requests, these values are provided in the SOAP header. The response contains the user's new eBayAuthToken, along with its date of expiration.

Input

XML format.

<?xml version="1.0" encoding="utf-8"?>
<FetchTokenRequest xmlns="urn:ebay:apis:eBLBaseComponents">
  <SessionID>YourSessionIDHere</SessionID>
</FetchTokenRequest>

Output

XML format.
<?xml version="1.0" encoding="utf-8"?>
<FetchTokenResponse xmlns="urn:ebay:apis:eBLBaseComponents">
  <Timestamp>2019-11-04T17:42:00.657Z</Timestamp>
  <Ack>Success</Ack>
  <Version>1123</Version>
  <Build>E1123_CORE_APISIGNIN_19059235_R1</Build>
  <eBayAuthToken>YourAuthToken</eBayAuthToken>
  <HardExpirationTime>2020-05-03T20:36:32.000Z</HardExpirationTime>
</FetchTokenResponse>

Change History

Change Date	Description
557 2008-03-20	SessionID (modified): You can use the FetchToken call to retrieve a session ID for a user, for use in the user consent flow.
529 2007-09-05	IncludeRESTToken, RESTToken (added): You can use the Fetchtoken call to retrieve a REST token for a user.
475 2006-8-23	Username (added): Added SOAP sample.