Home
POST/client/register
Note: The Client Registration API is not intended for use by developers who have previously registered for a Developer Account on the eBay platform.
This call registers a new third party financial application with eBay.
Important! When calling the registerClient method, Third Party Providers (TPPs) are required to pass their valid eIDAS certificate to eBay via Mutual Transport Layer Security (MTLS) handshake Certificate Request messages.
This method is supported in Sandbox environment. To access the endpoint, just replace the tppz.ebay.com
root URI with tppz.sandbox.ebay.com
This method has no URI parameters.
All requests made to eBay REST operations require you to provide the Authorization
HTTP header for authentication authorization.
Note: There is no Authorization Header for this API.
In addition, this method requires you to include the Content-Type header and its value should be set to "application/json". See HTTP request headers- opens rest request components page for details.
This request requires an access token created with the client credentials grant flow, using one or more scopes from the following list (please check your Application Keys page for a list of OAuth scopes available to your application):
See OAuth access tokens for more information.
Note: This API does not use an OAuth scope.
Input container/field | Type | Description |
---|---|---|
client_name | string | User-friendly name for the third party financial application. Occurrence: Optional |
contacts | array of string | This container stores an array of email addresses that can be used to contact the registrant. Occurrence: Optional |
policy_uri | string | The URL string pointing to a human-readable privacy policy document that describes how the third party provider collects, uses, retains, and discloses personal data. Occurrence: Optional |
redirect_uris | array of string | An array of redirection URI strings for use in redirect-based flows such as the authorization code and implicit flows. Occurrence: Required |
software_id | string | A unique identifier string assigned by the client developer or software publisher to identify the client software being registered. Occurrence: Optional |
software_statement | string | The Software Statement Assertion (SSA) that has been issued by the OpenBanking identifier. Occurrence: Optional |
This call has no response headers.
Output container/field | Type | Description |
---|---|---|
client_id | string | A unique, eBay-generated id assigned to the third party application at the time it was registered. Occurrence: Always |
client_id_issued_at | integer | The UNIX timestamp when the Occurrence: Always |
client_name | string | User-friendly name for the third party financial application. Occurrence: Conditional |
client_secret | string | A unique OAuth 2.0 secret string assigned by eBay to the third party application at the time it is registered. This value should be unique for multiple instances of a client using the same Occurrence: Always |
client_secret_expires_at | integer | The UNIX timestamp when the Occurrence: Always |
contacts | array of string | This container stores an array of email addresses for representatives at the third party provider responsible for the application being registered. Occurrence: Conditional |
grant_types | array of string | An array of OAuth 2.0 grant type strings that the client software can use at the token endpoint. Supported grant type values are:
grant_type parameter passed to the token endpoint defined in the grant type definition. Authorization servers may allow for other values as defined in the grant type extension process described in OAuth 2.0, Section 4.5. If omitted, the default behavior is that the client will use only the authorization_code Grant Type. Occurrence: Always |
policy_uri | string | The URL string pointing to a human-readable privacy policy document that describes how the third party provider collects, uses, retains, and discloses personal data. Occurrence: Conditional |
redirect_uris | array of string | An eBay system-generated value assigned to the application. This value represents the redirect uri(s) submitted by the user either in the request payload (i.e., the Occurrence: Always |
scope | string | String containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens. The semantics of values in this list are service specific. Occurrence: Always |
software_id | string | A unique identifier string provided by the client developer or software publisher at the time of registration that identifies the client software being registered. Occurrence: Conditional |
software_statement | string | The Software Statement Assertion (SSA), a JSON Web Token (JWT), that has been issued by the OpenBanking identifier. Refer to RFC 7591 - OAuth 2.0 Dynamic Client Registration Protocol for complete information. Occurrence: Conditional |
This call can return one of the following HTTP status codes. For an overview of the status codes, see HTTP status codes in Using eBay RESTful APIs.
Status | Meaning |
---|---|
201 | Created |
400 | Bad Request |
404 | Not Found |
500 | Internal Server Error |
Unlike other eBay REST APIs, the Client Registration API does not return numeric error codes. Instead, errors are reported as text-based messages in the form of an Error followed by its corresponding Description. For example:
"error": "invalid_policy_uri", "error_description": "The policy_uri presented is invalid."
Refer to the following table for the list of errors and their descriptions.
error | error_description |
---|---|
invalid_policy_uri | The policy_uri presented is invalid. |
invalid_contact_email | The value of one or more of the contact email addresses is invalid. |
invalid_software_statement | The software statement presented is invalid. |
invalid redirect_uri | The value of one or more redirection URIs is invalid or missing. |
internal_server_error | There was a problem with an eBay internal system or process. Please retry. |
invalid_request | Empty request or some field has error. |
maximum_limit_keysets_reached | You have exceeded the maximum number of API keysets. For more information, see the API call reference documentation. |
caller_not_registered | Caller is not registered |
invalid_license | Invalid license |
invalid_qtsp | Certificate not issued by a valid Qtsp |
certificate_expired | Certificate expired |
certificate_revoked | Certificate revoked |
invalid_signature | Not a valid signature |
role_mismatch | Role not matching |
invalid_certificate | Invalid certificate |
missing_certificate | Missing certificate |
certificate_validation_error | Internal errors as validating client certificate |
internal_service_error | Internal errors as calling another service |
This call has no warnings.
New to making API calls? Please see Making a Call.
Note: Identifiers, such as order IDs or user IDs, and personal data in these samples might be anonymized or may no longer be active on eBay. If necessary, substitute current, relevant eBay data in your requests.
This sample demonstrates how to register a new third party application with eBay.
The required information is provided in the request payload.
POSThttps://tppz.ebay.com/developer/registration/v1/client/register
If the call is successful, eBay returns an HTTP status code of 201 Created
and the response payload.
eBay's Client Registration API complies with RFC 7591 - OAuth 2.0 Dynamic Client Registration Protocol and as such adheres to all mechanisms it calls out.
Because RFC 7591 does not support numeric error codes, only text-based error information is returned.
This sample demonstrates the text-based system error response when invalid input data has been provided in the request payload.
Required information is provided in the request payload.
In this example, an unsupported redirect_uris
is provided (i.e., HTTP is not supported).
POSThttps://tppz.ebay.com/developer/registration/v1/client/register
The system returns error information.