Note: The Client Registration API is not intended for use by developers who have previously registered for a Developer Account on the eBay platform.
The Client Registration API registers a new regulated third-party financial application with eBay. Payment services regulations applicable in the EU and the UK require all regulated Account Servicing Payment Service Providers (ASPSPs) to provide secure APIs that allow regulated Third Party Payment Providers (TPPs) to access account and payment services on behalf of account holders. The regulations further dictate that a TPP should be able to use a qualified certificate issued by any Electronic Identification, Authentication and Trust Services (eIDAS) Qualified Trust Service Provider (QTSP) in order to identify and authenticate themselves to an ASPSP.
Technical overview
The Client Registration API includes the following method:
- registerClient
Support for multiple applications
Regulated third party providers may register up to 15 different applications with eBay provided each application has its own unique software_id.
Each registerClient call that passes in a unique software_id will create new client_id and client_secret keypairs.
Business use cases
The Client Registration API is used by third party software providers who are, or will be, engaged in financial transactions on behalf of individuals domiciled in the EU/UK.
RFC information
The Client Registration API is based on, and conforms with, RFC 7591 - OAuth 2.0 Dynamic Client Registration Protocol, except as noted in the List of Deviations from RFC 7591.
List of deviations from RFC 7591
This section provides specific information about each of the deviations from RFC 7591.
API request
The Client Registration API deviates from RFC 7591 as follows:
- No language tag is supported. Therefore, the language is assumed to be English. For additional information, refer to RFC 7591, Section 2.2, Human Readable Client Metadata and RFC 5646, Tags for Identifying Languages.
- An Issuer Claim (
iss
) within thesoftware_statement
is not evaluated even when it has been provided. Refer to RFC 7591, Section 2.3: Software Statement, for additional information.
API response
The Client Registration API deviates from RFC 7591 as follows:
- The following errors are not implemented:
invalid_client_metadata
: refer to RFC 7591 Section 3.2.2: Client Registration Error Response, for additional information.unapproved_software_statement
: refer to RFC 7591 Section 3.2.2: Client Registration Error Response, for additional information.
- The error
invalid_software_statement
only checks for base64 encoding. Refer to RFC 7591 Section 3.2.2: Client Registration Error Response, for additional information. - The following
grant_types
are NOT supported:implicit
password
refresh_token
urn:ietf:params:oauth:grant-type:jwt-bearer
urn:ietf:params:oauth:grant-type:saml2-bearer
API restrictions
Before using the Client Registration API, third party providers must possess a valid eIDAS Qualified Website Authentication Certificate (QWAC).
Note: eBay does not support Qualified Electronic Seal (QSEAL).
The Client Registration API is not restricted by marketplace.