# Get Application Access Token

This example obtains an application access token and dumps it to the console. Get an OAuth token is the first step in any program meant to use the eBay RESTful API.

Application access tokens have lower privileges than user access tokens.

This program requires your App ID and Cert Id, which you can obtain on the Application Keys page.

# Getting the Application Access token using curl

Here's what the process would look like in Curl:

curl -X POST 'https://api.ebay.com/identity/v1/oauth2/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Authorization: Basic ZRmaXItUFJELTAwQtMDhmNjU1YzkyM2ZkLWY0Y2MtNDY0ZS04Yzk5LTg0YzY=' \
-d 'grant_type=client_credentials&scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope'

# ebayrest source code

A general-purpose version of this code appears in the source tree for [apptoken.go](https://github.com/tomcam/ebayrest/apptoken.go]

# See also

Application access tokens vs User access tokens
The client credentials grant flow has some of the actual HTTP parameters.
OAuth 2.0 Protocol

// Get an application access token from eBay.
// Supports both sandbox and production versions.
package main

import (
	b64 "encoding/base64"
	"errors"
	"fmt"
	"io/ioutil"
	"net/http"
	"strings"
)

type InProduction int

const (
	useProduction InProduction = iota
	useSandbox
)

// Replace the following with your secrets.
// Obviously DON'T embed them in your
// source code. Read them from the
// environment or from a config file.
// This just keeps the code listing short.
const (
	sandboxClientId        = "Your-SBX-client-id-70902ebe9-78dace17"
	sandboxClientSecret    = "SBX-236496l-59ed-47f601-99f7-422204"
	productionClientId     = "Your-coproject-PRD-008fFFFF-a01b"
	productionClientSecret = "PRD-02FEDEADBEEF-f4cc-464e-201e"
)

// The HTTP parameter expects the client ID and
// client secrets separated by a colon and
// base64 encoded.
func encodeCredentials(production InProduction) string {
	var toEncode string
	if production == useProduction {
		toEncode = productionClientId + ":" + productionClientSecret
	} else {
		toEncode = sandboxClientId + ":" + sandboxClientSecret
	}
	return (b64.StdEncoding.EncodeToString([]byte(toEncode)))
}

// The REST endpoint and its scope.
func restEndpoint(production InProduction) string {
	if production == useProduction {
		return "https://api.ebay.com/identity/v1/oauth2/token"
	}
	return "https://api.sandbox.ebay.com/identity/v1/oauth2/token"
}

// Obtain an access token, using
// either production or
// sandbox credentials,
// in the form of a big long string.
//
// Theese tokens only last a few hours, so
// beware the time to live returned in JSON.
// Reference:
// https://developer.ebay.com/api-docs/static/oauth-client-credentials-grant.html#sequence
func getApplicationAccessToken(production InProduction) (string, error) {
	// Build up the POST request.
	params := "grant_type=client_credentials" +
		"&scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope"

	b := strings.NewReader(params)
	req, err := http.NewRequest("POST", restEndpoint(production), b)
	if err != nil {
		return "", errors.New("Unable to create request")
	}
	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Add("Authorization", "Basic "+encodeCredentials(production))
	client := &http.Client{}

	// Execute the POST request.
	// Return with JSON payload in resp.Body
	resp, err := client.Do(req)
	defer resp.Body.Close()

	if err != nil {
		return "", err
	}
	// Item information was available.
	// More information than you could
	// possibly want has been returned
	// in resp.Body.
	data, err := ioutil.ReadAll(resp.Body)
	return string(data), nil
}

// Driver program shows how to obtain the
// application access token for either
// production or sandbox use.
// Dumps the contents of both to the
// terminal. Normally you'd write them
// to a variable and pass it to subsequent
// calls to the eBay RESTful API.
func main() {
	token, err := getApplicationAccessToken(useSandbox)
	if err != nil {
		fmt.Println(err)
	} else {
		fmt.Println("Application Access token for Sandbox:\n%s", token)
	}
	token, err = getApplicationAccessToken(useProduction)
	if err != nil {
		fmt.Println(err)
	} else {
		fmt.Println("Application Access token for Production:\n%s", token)
	}
}