Getting started
eBay OAuth Setup for Sellers (2026)
By 2026, eBay's API ecosystem has fully transitioned to OAuth 2.0 for all seller-related operations, deprecating older token methods. This guide details the process for experienced dropshippers to establish and maintain secure API access for their eBay stores, crucial for tools like Fetch Order Tracking to automate order management and refund detection.
Understanding eBay OAuth for Sellers
OAuth 2.0 provides a more secure and robust authorization framework compared to traditional methods. Instead of sharing your eBay credentials directly, you grant specific permissions to an application (like Fetch Order Tracking) to perform actions on your behalf. This involves a one-time consent flow, after which the application receives an access token and a refresh token.
- Access Token: Short-lived (typically 2 hours), used to make API calls.
- Refresh Token: Long-lived (up to 18 months), used to obtain new access tokens without requiring re-authentication.
For dropshippers managing multiple eBay accounts or integrating with various tools, understanding this distinction is critical for uninterrupted operation.
The refresh token is the backbone of continuous API access. Secure its storage and ensure your applications are configured to refresh access tokens proactively.
Step 1: Create an eBay Developer Account and Application
If you haven't already, you'll need an eBay Developer Program account. This is distinct from your regular eBay seller account.
- Navigate to the eBay Developer Program website.
- Click 'Register' and follow the prompts to create your developer account. Link your existing eBay seller account during this process.
- Once logged in, go to 'My Account' -> 'Application Keys'.
- Click 'Create a keyset'. You'll need to create keys for both 'Sandbox' (testing) and 'Production' (live environment). For dropshipping operations, focus on Production.
- Provide an 'Application Name' (e.g., 'Fetch Order Tracking Integration').
- Note down your 'App ID' (Client ID) and 'Dev ID'. These are static identifiers for your application.
- Click 'Get a User Token' (or similar button to generate client secret). This will generate your 'Client Secret'. Keep this secret secure; it should never be shared publicly.
Configuring Your Application
After creating the keyset, you need to configure your application's settings, specifically the 'Redirect URI'. This is where eBay sends the user after they grant consent.
- Under 'Application Keys', select the application you just created.
- Go to the 'OAuth Redirect URL' section.
- Add the Redirect URI provided by the tool you're integrating with. For Fetch Order Tracking, this URL will be provided within the setup instructions (e.g.,
https://app.fetchordertracking.com/oauth/ebay/callback). - Save your changes.
Step 2: Initiate the OAuth Consent Flow
Once your application is set up, you need to initiate the consent flow. This is typically done through the application you are integrating with (e.g., Fetch Order Tracking).
- Within Fetch Order Tracking (or your chosen integration tool), navigate to the eBay integration setup.
- You will be prompted to 'Connect to eBay' or 'Authorize eBay'.
- This action will redirect you to an eBay login page. Log in with your primary eBay seller account credentials.
- eBay will then display a consent screen, listing the permissions the application is requesting (e.g., 'View your orders', 'Manage your refunds'). Carefully review these permissions.
- Click 'Agree' or 'Grant Access'.
Upon successful consent, eBay will redirect you back to the specified Redirect URI (e.g., Fetch Order Tracking). The application will then exchange an authorization code for an access token and a refresh token.
Step 3: Managing and Renewing Tokens
Fetch Order Tracking handles the renewal of access tokens automatically using the refresh token. However, refresh tokens themselves have an expiration. eBay refresh tokens typically last for 18 months.
Monitoring Refresh Token Expiration
While Fetch Order Tracking will notify you if a refresh token is nearing expiration or becomes invalid, it's good practice to understand the lifecycle:
- Initial Grant: A refresh token is issued, valid for 18 months.
- Automatic Renewal: Each time Fetch Order Tracking uses the refresh token to get a new access token, eBay may extend the refresh token's validity, but this is not guaranteed to be an indefinite extension.
- Forced Re-authentication: If 18 months pass without renewal or if the refresh token is revoked (e.g., due to a password change on eBay or explicit revocation), you will need to re-initiate the OAuth consent flow (Step 2).
Fetch Order Tracking provides a dashboard view of your connected eBay stores, indicating the status of your API connection. Pay attention to any 'Disconnected' or 'Re-authenticate' warnings.
Revoking Tokens
If you need to disconnect an application or suspect a security compromise, you can revoke tokens directly from your eBay account:
- Log in to your eBay seller account.
- Go to 'My eBay' -> 'Account' -> 'Site Preferences' (or 'Account Settings').
- Look for 'Third-party authorizations' or 'Application access'.
- You will see a list of applications that have access to your account.
- Select the application and click 'Revoke access' or 'Remove'. This immediately invalidates the refresh token and all associated access tokens, requiring a full re-authentication if you wish to reconnect.
Troubleshooting Common OAuth Issues
- Invalid Redirect URI: Double-check that the Redirect URI configured in your eBay Developer Program application exactly matches the one provided by Fetch Order Tracking. Even a trailing slash can cause issues.
- Permissions Mismatch: Ensure the application is requesting the correct scopes (permissions). Fetch Order Tracking will require specific scopes to access order and refund data.
- Client ID/Secret Mismatch: Verify that the App ID (Client ID) and Client Secret you've entered into Fetch Order Tracking are correct and correspond to your Production keyset.
- Expired Refresh Token: If you see consistent errors after 18 months, or if you've changed your eBay password, it's highly likely the refresh token has expired or been invalidated. Re-initiate the consent flow.
- eBay API Rate Limits: While OAuth setup isn't directly affected, be aware that excessive API calls can lead to temporary blocks. Fetch Order Tracking optimizes calls to stay within limits.
Proper OAuth setup is a one-time effort that ensures secure and reliable data flow between your eBay store and essential tools like Fetch Order Tracking. This enables seamless automation of order tracking, refund detection (gmt_refund, end_reason, order_status, logistics_status, BUYER_ACCEPT_GOODS, FINISH), and other critical dropshipping workflows, allowing you to focus on scaling your business.
For further assistance with integrating your eBay store, refer to our main documentation.