Navigation Menu

Skip to content


Folders and files

Last commit message
Last commit date

Latest commit


eBay OAuth Client Library (Java)

Build Status

Code Coverage, link=

GitHub license

eBay OAuth client library is a simple and easy-to-use library for integrating with eBay OAuth and designed to be used for OAuth 2.0 specification supported by eBay. There are multiple standard clients that can be used with eBay OAuth, such as Spring OAuth client. However, this library in addition to functioning as a simple eBay OAuth client, helps with additional features such as cached App tokens. There are also future enhancements planned to add id_token support, 'login with eBay' support etc.,

What is OAuth 2.0

OAuth 2.0 is the most widely used standard for authentication and authorization for API based access. The complete end to end documentation on how eBay OAuth functions is available at

Supported Languages

This is created as a Maven based Java project and can be used as a dependency in a Java based application or other JVM based languages such as Groovy, Scala etc.,


Check the releases tab for the latest version. Add following to <dependencies/> section of your pom.xml as given below


Getting Started

All interactions with this library can be performed using OAuth2Api oauth2Api = new OAuth2Api();

Library Setup and getting started

  1. Ensure you have a config file in your source code of type YAML. Refer to ebay-config-sample.yaml.

  2. This file would hold all your application credentials such as AppId, DevId, and CertId. Refer to Creating eBay Developer Account for details on how to get these credentials.

  3. Once the file is created, call CredentialUtil.load(new FileInputStream(<your-config-location>)); to load the credentials.

  4. It is recommended to load the credentials during startup time (initialization) to prevent runtime delays.

  5. Once the credentials are loaded, call any operation on OAuth2Api

Types of Tokens

There are mainly two types of tokens in usage.

Application Token

An application token contains an application identity which is generated using client_credentials grant type. These application tokens are useful for interaction with application specific APIs such as usage statistics etc.,

User Token

A user token (access token or refresh token) contains a user identity and the application’s identity. This is usually generated using the authorization_code grant type or the refresh_token grant type.

Supported Grant Types for OAuth

All of the regular OAuth 2.0 specifications such as client_credentials, authorization_code, and refresh_token are all supported. Refer to eBay Developer Portal

Grant Type: Client Credentials

This grant type can be performed by simply using OAuth2Api.getApplicationToken(). Read more about this grant type at oauth-client-credentials-grant

Grant Type: Authorization Code

This grant type can be performed by a two step process. Call OAuth2Api.generateUserAuthorizationUrl() to get the Authorization URL to redirect the user to. Once the user authenticates and approves the consent, the callback need to be captured by the redirect URL setup by the app and then call OAuth2Api.exchangeCodeForAccessToken() to get the refresh and access tokens.

Read more about this grant type at oauth-authorization-code-grant and Quick Reference

Grant Type: Refresh Token

This grant type can be performed by simply using OAuth2Api.getAccessToken(). Usually access tokens are short lived and if the access token is expired, the caller can use the refresh token to generate a new access token. Read more about it at Using a refresh token to update a user access token


Contributions in terms of patches, features, or comments are always welcome. Refer to CONTRIBUTING for guidelines. Submit Github issues for any feature enhancements, bugs, or documentation problems as well as questions and comments.

Additional Note: Using SnakeYaml in a safe manner

With the latest release (1.16 and above), SafeConstructor is used for Yaml object creation for SnakeYaml. This ensures that only default Java objects would be supported via config. Please ensure there are no tagging of custom classes or any other class in the YAML config files. Refer to SafeConstructor for further details.

Libraries used

  1. okhttp

  2. gson

  3. SnakeYAML

  4. joda-time

  5. slf4j

  6. commons-lang

  7. json

  8. jackson-databind

Developers and Contributors


Copyright (c) 2023 eBay Inc.

Use of this source code is governed by a Apache-2.0 license that can be found in the LICENSE file or at