Authenticating SOAP API calls

When using the SOAP version of the Trading API, calls can be authenticated as follows:

• Authentication token

  To authenticate the requester for a call using an authentication token, pass the token in the header for the request.

  The following example illustrates the header element that contains the token, as well as the Developer's Program keys:

  <?xml version="1.0" encoding="utf-8"?>
  <soap:Envelope xmlns:soap="https://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xs="https://www.w3.org/2001/XMLSchema"
  xmlns:ebl="urn:ebay:apis:eBLBaseComponents">
  <soap:Header>
  <ebl:RequesterCredentials soapenv:mustUnderstand="0">
  <eBayAuthToken>
  ... AUTHENTICATION TOKEN GOES HERE ...
  </eBayAuthToken
  </ebl:RequesterCredentials>
  </soap:Header>
  ... Call body ...
  </soap:Envelope>
  

  A sample delivered with the eBay SDK for Java shows how to add this element in Java and populate it with an authentication token. Specifically, refer to the Global.java file in the signingredirect folder in the eBay SDK for Java.

  The following example shows how to add this header child element in C# and populate it with an authentication token.

  service.RequesterCredentials = new CustomSecurityHeaderType();
  // Specify the authentication token for the requesting user
  service.RequesterCredentials.eBayAuthToken = UserToken;
  

  When using the eBay SDK for Java, pass the authentication token for the requesting user in the ApiCredential property of the ApiContext object used for the call. The ApiContext.ApiCredential.eBayToken property holds the authentication token for a call. The authentication token is passed in the variable token, which is of type string. For an example in Java, refer to the Global.java file in the signingredirect folder of the eBay SDK for Java.

  In the eBay SDK for .NET, pass the authentication token for the requesting user in the ApiCredential property of the ApiContext object used for the call. The ApiContext.ApiCredential.eBayToken property holds the authentication token for a call.

  In the following example the authentication token is passed in the variable token, which is of type string.

  // Create the ApiContext object and specify the credentials
  ApiContext context = new ApiContext();
  context.ApiCredential.ApiAccount.Application = "YourAppId";
  context.ApiCredential.ApiAccount.Certificate = "Your";
  context.ApiCredential.ApiAccount.Developer = "YourDevID";
  context.ApiCredential.eBayToken = "ABC...123";
  

• Full keyset and session ID

  The use of the full application keyset (i.e., DevID, AppID, and AuthCert,) to authenticate the requester of a call is not required for most calls. However, the following calls, which are associated with authentication and tokens, require that these keyset values be included in the request header:

  • FetchToken
  • GetSessionID
  • GetTokenStatus
  • RevokeToken

  The following example illustrates SOAP header elements that contain the keyset-based authentication data:

  <soap:Envelope xmlns:soap="https://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xs="https://www.w3.org/2001/XMLSchema"
  xmlns:ebl="urn:ebay:apis:eBLBaseComponents">
  <soap:Header>
  <ebl:RequesterCredentials soapenv:mustUnderstand="0">
  <Credentials>
  <DevId>MyDevId</DevId>
  <AppId>MyAppId</AppId>
  <AuthCert>MyCertId</AuthCert>
  </Credentials>
  </ebl:RequesterCredentials>
  </soap:Header>
  <FetchTokenRequest xmlns="urn:ebay:apis:eBLBaseComponents">
  <SessionID>MySessionID</SessionID>
  <Version>1081</Version>
  </FetchTokenRequest>
  </soap:Envelope>
  

  A sample included with the eBay SDK for Java shows how to pass authentication data based on your eBay Developer's Program credentials in Java. Refer to the ClientAuthenticationHandler.java file in the handler folder of the eBay SDK for Java for details.

  When using the eBay SDK for Java, pass your eBay Developer's Program credentials within an API call request in the ApiCredential property of the ApiContext object. The ApiCredential object has an ApiAccount property to contain the application's credentials and an eBayAccount property to hold the requesting user's eBay Developer's Program credentials. These are used to authenticate the user for the call. Variables are used for the application's credentials (i.e., mDevID, mAppID, and mCert,) and for the eBay Developer's Program credentials. The variables are all of type String.

  When using eBay SDK for .NET, pass your eBay Developer's Program credentials within an API call request in the ApiCredential property of the ApiContext object. The ApiCredential object has an ApiAccount property to contain the application's credentials and an eBayAccount property to hold the requesting user's eBay Developer's Program credentials, which are used to authenticate the user for the call. The variables used to express the application's credentials (i.e., devID, appID, and cert,) and the variables containing the eBay Developer's Program credentials are all of type string.