The requested scope is invalid

[RahmanM]

Hi there,
I get this error when I cloned and changed the info with my ClientId/Secret Key etc.

The error is: ""{"error":"invalid_scope","error_description":"The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client"}"

The scopes I supply are only and I definitely have access to these scopes:
https://api.ebay.com/oauth/api_scope, https://api.ebay.com/oauth/api_scope/sell.fulfillment

If I try only https://api.ebay.com/oauth/api_scope then it works and returns an access token. Which means my configurations are correct.

What is this error and why this should happen?

I have access to all these scopes. See below:

TIA

[RahmanM]

Is this an really ebay? Does anyone even care to look at a potential bug?

[arpetris]

I had this error because of a difference between the scopes allowed for a sandbox account and a production account. Once I logged in with the correct account type to match my scopes in the eBay dev account everything worked.

[RahmanM]

Hi,
Thanks for the reply.

What you exactly did to solve the issue?

I just realised my Client Credential Grant Type is only for the https://api.ebay.com/oauth/api_scope API only.

How did you manage to Grant access to your Client Credential?

[arpetris]

I am assuming you are asking about the code. I based my code on the test cases in the library. I created a UserCredential object with the username and password matching my eBay production credentials. Then to GenerateUserAuthorizationUrl I passed OAuthEnvironment.PRODUCTION and an list of user scopes defined as:

private readonly IList userScopes = new List()
{
"https://api.ebay.com/oauth/api_scope/sell.fulfillment",
"https://api.ebay.com/oauth/api_scope/sell.inventory"
};

This is defined in OAuth2ApiTest class. The scopes https://api.ebay.com/oauth/api_scope/commerce.catalog.readonly and https://api.ebay.com/oauth/api_scope/buy.shopping.cart weren't valid for my production account. I believe there are limitations for some apis in production accounts that require special requests to eBay to add them to your account.

I hope that helps.

[princewebkul]

I am facing also this error when trying to get application access token with accessible scope parameter .
The error is : The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client.
even not working for primary scope (https://api.ebay.com/oauth/api_scope) for me.

[kdekarin]

You have to HTML encode your scope first, see example below:

Following C# code worked for me....

                    CredentialUtil.Load(streamReader);//your ebay-config-sample.yaml file
                    List<String> scopes = new List<String>();
                    scopes.Add(HttpUtility.UrlEncode("https://api.ebay.com/oauth/api_scope"));
                    OAuth2Api oAuth2Api = new OAuth2Api();
                    OAuthResponse asd = oAuth2Api.GetApplicationToken(OAuthEnvironment.SANDBOX, scopes);

Your app is beeing granted only for following scopes:

[ppprakhar]

"https://api.ebay.com/oauth/api_scope/buy.item.feed https://api.ebay.com/oauth/api_scope/buy.product.feed"
these 2 api scope, result get "invalic_scope"
and when I check user access token list these 2s are not available there

How could I resolve this ?

[AhmedX6]

Hi,

Also have :
{"error":"invalid_scope","error_description":"The requested scope is invalid, unknown, malformed, or exceeds the scope granted to the client"}

when I add https://api.ebay.com/oauth/api_scope/sell.inventory

If I have only https://api.ebay.com/oauth/api_scope I got an access token. Any solution ?

[estebananot]

Maestros lo he logrado aquí les comparto mi código, me base en la respuesta de @arpetris poniendo los alcances en una lista

const base64Encode = (encodeData) => { const buff = new Buffer.from(encodeData); // eslint-disable-line return buff.toString('base64'); };
const scopes = ['https://api.ebay.com/oauth/api_scope']; //scopes const getTokenNoLib = () => { const encodedAuth = base64Encode(${clientId}:${clientSecret}`);

const data = new URLSearchParams();
data.append('grant_type', 'client_credentials');
data.append('scope', scopes.join('%20'));

const options = {
    headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Authorization': `Basic ${encodedAuth}`
    },
    hostname: 'api.ebay.com',
    path: '/identity/v1/oauth2/token',
    method: 'POST'
};

return new Promise((resolve, reject) => {
    const req = https.request(options, res => {
        let data = '';
        res.on('data', chunk => {
            data += chunk;
        });
        res.on('end', () => {
            console.log('Sex');
            const token = JSON.parse(data).access_token;
            resolve(token)
        });
    });
    req.on('error', error => {
        reject(error);
    });

    req.write(data.toString());
    req.end();
});

};` No he probado mas alcances de mi clave por que no los requiero en lo que estoy haciendo , pero espero les pueda servir

[nazirahmad7340]

Hi, First of all, you need to get the token here is an example.

curl -X POST 'https://api.ebay.com/identity/v1/oauth2/token'
-H 'Content-Type: application/x-www-form-urlencoded'
-H 'Authorization: Basic V2FoYWJFc2.........' \

-d 'grant_type=authorization_code
&code=v^1.1#i^1#I^3 ....&
redirect_uri=RuName get from eBay developer dashboard'

Details:

  Authorization: Basic <client_id>:<client_secret> // you have to encode with base64 encode 
  code= eBay user consent - will give you a temporary code from all required Gran Types (run in browser required password) copy the code from URL parm(code=....) need to be url_decode 
  
  eBay will give you a response like 
  access_token,
  expires_in,
  refresh_token,
  refresh_token_expires_in,
  token_type": "User Access Token"
  
  Then you can use this token to receive data from Restfullapi 
  
  
  link: 

Getting user consent
Using OAuth to access eBay APIs
Exchanging the authorization code for a User access token
base64encode

[alijani1]

Hi, Thanks for the reply.

What you exactly did to solve the issue?

I just realised my Client Credential Grant Type is only for the https://api.ebay.com/oauth/api_scope API only.

How did you manage to Grant access to your Client Credential?

Did you ever figure this out?

I have the same issue and from what i gather eBay does not provide the broader set of scoped under the client credential grant work flow and it seems the only option is to use the user consent workflow which required redirect uri... so I am not sue what desktop apps that dont have anyway to provide redirect URIs without setting up webservers and opening ports,, are to do... If you or anyone has figured out how to add additional scoped to "client credential grant type" for your application keysets, please let us know.

[shafaqat-ali-cms365]

Looks like client credentials can read public data only. Unfortunate.