Redirect the user to eBay's authorization endpoint with query parameters: `client_id`, `redirect_uri` (your RuName registered in the developer portal), `response_type=code`, and `scope` (space-separated list of required scopes).
After user consent, eBay redirects to your `redirect_uri` with a `code` parameter; exchange it for tokens by POSTing to eBay's token endpoint with `grant_type=authorization_code`, `code`, and `redirect_uri`, using HTTP Basic Auth with your client ID and secret.
Store the returned `access_token` (short-lived, typically 2 hours) and `refresh_token` (long-lived, typically 18 months) securely, associated with the user.
When the access token expires (check the `expires_in` field or catch a 401), obtain a new one by POSTing to the token endpoint with `grant_type=refresh_token` and `refresh_token`.
If the refresh token itself expires or is revoked, re-initiate the full authorization flow — detect this when the refresh token exchange returns an error.
For application-level calls that don't require user context, use the client credentials grant (`grant_type=client_credentials`) to obtain an application token.
Known gotchas
The `redirect_uri` parameter in eBay OAuth must exactly match the RuName (eBay's registered URI alias) configured in your developer account, not the literal callback URL — this is unique to eBay and differs from most OAuth implementations.
eBay refresh tokens can be revoked by the user or by eBay for policy violations; always handle refresh failures gracefully by prompting re-authorization rather than hard-failing.
Scopes must be declared at authorization time and cannot be added later without re-authorizing; request all scopes your application will need upfront.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp