eBay API ability to use refresh token to generate new authorization token

App: Pulls minimum and maximum estimated delivery dates for eBay items
Background: I am planning on introducing APIs to my grade 4-8 students. I already have a part of the tutorial working that fetches data from a weather station and I am trying to tie that with an API from eBay.
Issue: Authorization token has a very short expiration and therefore the app needs a solution which involves the refresh token to generate a new authorization token and then integrates the new auth token in the API request.

I apologize if this seems trivial or there is a solution already out that I have missed. I am new to APIs and after being pleased with myself in creating an app to do what I wanted, was humbled very quickly the next morning when I learnt about the short expiration of authorization tokens.

The app works whilst the authorization token is valid, however it would need to manually updated very regularly. The issue is I am new to APIs and not familiar with the terminology and therefore struggling to find the answer. I think I have seen that I should use some kind of service that deals with the API request server-side, but I’m not entirely sure if makes sense as a sentence, as I’m getting to grasps with the concepts. I know I need to transition to using a refresh token but cannot work out the next steps.

I would love either a pointer to a useful resource, previous solution or explanation.

I have chosen the eBay API as I have not seen any age limitation in their terms of agreement, which is important as I’m hoping to pass on the knowledge to my students once I have figured it out and they can follow along themselves with a tutorial. It is also free.

Here is the current working code for the eBay part (when the token is valid)


This is definitely the most difficult thing I’ve had to do in Thunkable. I’m working on getting API calls to work with the Adobe Acrobat API and it’s a similar process. For that API, you also have to renew the authorization token each time you call the API.

I don’t know that I have much in the way of advice and it looks like you have a good start in those blocks. What would help here is for you to provide a link to the documentation for the specific API call you are tying to make. Then someone may be able to provide you with the next step or fix for your blocks.

1 Like

Thank you. I feel like I’ve jumped in the deep-end, but slowly getting there and starting to understand the language. I have managed to get it to work by renewing the authorization token, which I only now understand what you mean.

As I’m already on this learning curve… I know there would be security issues having the Authorization code in sharing the project, but would there be any if publishing as is? I’m new to this and not entirely sure about the process in which data is sent and if that data could be intercepted. What is considered best practice?