• You are expected to use the eBay-provided secured and authenticated services to perform user authentication with eBay.

  • Encourage users to reset their passwords if they suspect their sign-in credentials are compromised.

  • Periodically reset your cert ids (client secrets) and if there is a cert ID breach, ask eBay Developer Technical Support to revoke any active tokens. Active tokens can exist for a considerable post-reset period.

  • Never send cert IDs via email to anyone including eBay employees.