According to the eBay docs: "With one-time setup complete, your application can respond to prospective users and get tokens for them." However, the article also mentions that the tokens expire after 48 hours. Does this mean that my users will have to re-login every 48 hours through my website to renew the token? If so, how is this a one-time setup?
Update 1: According to this article, tokens expire after 18 months.
Tokens expire after 18 months. The call returns a HardExpirationWarning element 7 days before the token expires, at which point the user has to go through the consent process again. The token is associated with the session ID for 48 hours, before which the developer has to fetch the user's token and save it for future API calls.
Related
I have a web application that will authorize a user with eBay so that I can post items for them. But I want to cap the limit at 50 per account and eBay account. I can easily track how many item posts they performed in my application. But what prevents the user from opening another account with my application and re-authorize with the same eBay account.
So I tried it with my application and my eBay account and looking at the tokens from account1 and account 2 there's literally 5 characters difference at the beginning of the token String (around character 15). Rest of the token is the same.
Is there a way to tell from the token if it's the same account?
Ok to handle this you would need to get the eBay User and compare to see if they have already registered. Using the user authorized token make a call to get the user details via:
ApiContext.getApiCredential().seteBayToken(FetchTokenCall.fetchToken());
GetUserCall gu = new GetUserCall(ApiContext);
UserType user = gu.getUser();
Now compare and save relevant data.
I am developing a feature that display the recent 5 tweets for a particular tweeter user. I am using the application-only authentication and get the bearer token to query the tweeter API.
I saw there is a limit on the numbers of request to Twitter API in every 15 mins.
https://dev.twitter.com/rest/public/rate-limits
user auth app auth
GET statuses/user_timeline statuses 180 300
My question is the limit is per bearer token or per IP?
For example, If
User A and user B are using the same token, query the same user's timeline(Eg, Yahoo), would the limit will be 300/2 for each user in every 15 mins?
User A and user B are using the same token, query the different user's timeline(Eg, One for Google, One for Yahoo), would the limit will be 300/2 for each user in every 15 mins?
Yes, it will be divided by 2. It is recommended to use User authentication to user credentials for such case.
The rate limits are on the endpoint. So if you do 5 requests that start with statuses/user_timeline statuses only 295 request will remain.
I am not sure if you know c# but you can check this quite easily with the Twitter library Tweetinvi as followed:
var remainingBefore = RateLimit.GetCurrentCredentialsRateLimits().StatusesUserTimelineLimit.Remaining;
var tweets = Timeline.GetUserTimeline(userId);
var remainingAfter = RateLimit.GetCurrentCredentialsRateLimits().StatusesUserTimelineLimit.Remaining;
is it ever possible to authorize twitter app on the desktop without user input (of the seven digit number)?
I am trying to develop a realtime tweet fetching application between a list of friends/followers "suspects" communicating together. But the authorization code that needs to reset after 15 mins is an issue, so unless someone if manually present to handle re authorization after a couple of mins is a serious challenging. Is there a solution to my question.
Joe Mayo or any one, pls help here.
Thanks
There are two different issues at work here: authorization and 15 minute rate limit windows. For authorization, you receive OAuthToken and AccessToken, accessible via IAuthorizer.Credentials after the user authorizes. These tokens never expire. So, you save them when the user first authorizes and then load them into IAuthorizer.Credentials and you won't need to perform authorization again. Here's a more detailed description:
linqtotwitter - grab the saved credentials
Since you mentioned something about "reset after 15 mins", I assume you're referring to Rate Limits, which are set in 15 minute windows. Here's a recent discussion:
How to handle LinqtoTwitter Rate(v2.1) limit exceeded Error
It would be helpful to review the Twitter docs on Rate Limiting.
My upload stopped after 1 hour due to invalid credential. Should I call authorizeRequest on the tickets manually before token expiry? Or is there any better solution?
I suppose the video is quite big enough because it's taking more than 1 hour, and I recommend resumable upload for it.
http://www.youtube.com/watch?v=gzXWnuzxNDQ
https://developers.google.com/youtube/v3/guides/using_resumable_upload_protocol
Unfortunately we can't extend epiration term of OAuth2.0 credentials, so as you say, you have to refresh your credentials with your refresh token.
This 1-hour limitation is a known issue in our side. You can follow this issue tracker ticket to get notified when it's fixed.
https://code.google.com/p/gdata-issues/issues/detail?id=5124
I have searched in eBay manual and google but could not really find any informaton regarding the lifetime of eBayAuthToken. Is it possible to store the token in my DB instead of username and password? I think it is more secure but the concern is that it may become invalid after a week or so/
Thanks
According to the API docs, the lifespan is 18 months:
http://developer.ebay.com/DevZone/guides/ebayfeatures/Basics/Tokens-About.html#LifeSpanandUniqueness
Tokens are valid for 18 months across multiple sessions of the application. Seven (7) days before a token is due to expire, eBay returns the expiration date in the HardExpirationWarning field in the response of all calls the application makes on behalf of that user. When your application detects this field, it must redirect the user to the sign-in page on the eBay site by the date in this warning, or the token ceases to work as a means to authenticate that user.