Find the answer to your question
eBay's Authentication & Authorization (Auth & Auth) process is formally documented at Get Auth`n`Auth tokens guide.
Here is a quick summary of how to get setup for Auth & Auth in the context of a web application.
To get setup for Auth & Auth:
1. Log into developer.ebay.com and navigate to Home > Application Keys
2. Select the sandbox or production keyset you want to setup for Auth & Auth and click the User Tokens link that's displayed next to your Client ID:
3. Click the Get a Token from eBay via Your Application drop down and create an RuName if you don't already have one (generally you need only one RuName per keyset).
5. Initiate the Auth & Auth flow. In a web application, this is typically done with a HTML form with a Submit button like this :
<INPUT TYPE=\"submit\" NAME=AUTHORIZE VALUE=\"Launch Auth & Auth\" "
Where $runame is your RuName (known) and $sessid is your SessionID which is made by calling GetSessionID and storing the result in a session variable.
In other words, the SessionID is simply a unique ID that is retained for comparison with the subsequent FetchToken call to ensure that the FetchToken call is made by the same person who went thru the Auth & Auth web flow. This is to help prevent "man-in-the-middle" attacks.
NOTE. Before passing the SessionID string to the above URL, you will need to URLEncode the string obtained from the GetSessionID API
6. Make a FetchToken call, providing the same SessionID (the Original string obtained in GetSessionID API response) generated when the user went thru the Auth & Auth flow.
7. Once you get a token back, you can persist the token in a secure database. FetchToken need only be called once per user (and when the token expires again in 18 months).