rob/estack-laminas
1
1
Code Issues 169 Packages Projects 1 Wiki

Task: Migrate eBay integration to current REST API + fix webhook endpoint #19

New Issue
Open
opened 2026-06-29 08:36:08 +00:00 by rob · 1 comment
rob commented 2026-06-29 08:36:08 +00:00
Owner
Copy Link
Copy Source
No description provided.
rob added the eBay API label 2026-06-29 08:36:08 +00:00
rob added this to the eStack Sprint Board project 2026-06-29 09:46:09 +00:00
rob commented 2026-06-29 09:46:12 +00:00
Author
Owner
Copy Link
Copy Source

Priority: Critical — webhook deadline July 26, 2026 · API migration needed ASAP

Background

eStack's eBay integration is using a very old Traditional API (Auth'n'Auth / XML-based). eBay has been deprecating Traditional APIs in favour of their modern OAuth 2.0 REST API suite. The Finding API and Shopping API were decommissioned in February 2025. The current integration needs to be fully migrated to the REST API.

There are two workstreams here — the urgent webhook fix (30-day deadline) and the broader API migration. Both are covered below.

Part 1 — URGENT: Fix the account deletion/closure webhook endpoint

Deadline: ~July 26, 2026

eBay has flagged https://cb.estack.com/ebay-delete-webhook as down and non-responsive. If not fixed within 30 days, eBay will deactivate the application keys, breaking all eBay order syncing.

Note on cb.estack.com: This subdomain should be reviewed as part of the broader migration — the webhook callback URL registered in the eBay Developer Portal will need to be updated to reflect any new domain/subdomain used for callbacks going forward (e.g. api.estack.com or similar). Coordinate with Rob before changing the registered URL in the portal.

What the endpoint must do

  1. Accept a POST from eBay with a JSON deletion/closure notification payload
  2. Return HTTP 200 to acknowledge receipt
  3. Store/log the notification for data deletion compliance purposes

Diagnosis steps

curl -X POST https://cb.estack.com/ebay-delete-webhook \
  -H "Content-Type: application/json" \
  -d '{}' -v

Check the response code. If 404 → route missing. If 500 → app error. If no response → DNS/SSL issue on cb.estack.com.

Fix

  1. Confirm route exists in Laminas router for POST /ebay-delete-webhook
  2. Controller action must return 200 OK — even a minimal stub is sufficient to stop the clock
  3. Add payload logging for compliance
  4. Once deployed, verify in eBay Developer Portal that the endpoint shows as active

Reference: https://developer.ebay.com/marketplace-account-deletion

Part 2 — eBay REST API migration

Developer portal access

What's changing: Traditional → REST

Old (Traditional API) New (REST API) Notes
Auth'n'Auth tokens (XML) OAuth 2.0 (Bearer tokens) All REST APIs require OAuth
Trading API (GetOrders, etc.) Sell Fulfillment API Primary replacement for order retrieval
Finding API Browse API Finding API decommissioned Feb 2025
XML request/response JSON request/response

Authentication — OAuth 2.0

All REST API calls require an OAuth 2.0 Bearer token. There are two token types:

  • Application token — for non-user-specific data (client credentials grant)
  • User token — for seller-specific data like orders (authorization code grant)

Token endpoint (production): https://api.ebay.com/identity/v1/oauth2/token
Token endpoint (sandbox): https://api.sandbox.ebay.com/identity/v1/oauth2/token

OAuth guide: https://developer.ebay.com/api-docs/static/oauth-tokens.html
Quick OAuth guide: https://developer.ebay.com/support/kb-article?KBid=5075
OAuth credentials: https://developer.ebay.com/api-docs/static/oauth-credentials.html

The App ID (Client ID) and Cert ID (Client Secret) are available on the Application Keys page after sign-in. Sandbox and Production have separate credential sets.

Key REST APIs for eStack's use case

1. Sell Fulfillment API — Order retrieval and shipping confirmation

The primary API for eStack's core workflow: pulling orders from eBay and marking them as shipped.

Required OAuth scope: https://api.ebay.com/oauth/api_scope/sell.fulfillment

2. Sell Inventory API — Listing and inventory management

3. Sell Account API — Account and policy management

4. Marketplace Account Deletion webhook (compliance)

REST API general documentation

Sandbox environment

Use the sandbox for all development and testing before pointing at production.

  • Sandbox API base URL: https://api.sandbox.ebay.com
  • Sandbox sign-in: https://signin.sandbox.ebay.com

Migration scope for eStack

At minimum, the following existing integration points need to be rewritten:

Current behaviour REST equivalent
Pull new eBay orders GET /sell/fulfillment/v1/order filtered by creationdate
Mark order as shipped + tracking POST /sell/fulfillment/v1/order/{orderId}/shipping_fulfillment
Auth token management OAuth 2.0 client credentials + authorization code flows
Webhook/callback domain (cb.estack.com) Update registered callback URL in Developer Portal after domain decision

Important upcoming change (September 26, 2025)

eBay will replace username data with immutable user IDs for US users in Fulfillment API responses. Any code that stores or displays eBay usernames from API responses needs to be updated to handle the new immutable ID format.

Reference: https://developer.ebay.com/api-docs/sell/fulfillment/types/sel:Order

Files to review / update

Area What to update
eBay connector / service class Replace Traditional API calls with REST Fulfillment API calls
Auth token storage Replace Auth'n'Auth token logic with OAuth 2.0 token management (access + refresh tokens)
cb.estack.com webhook handler Fix immediately (Part 1); update registered URL in portal after domain decision
Channel setup UI Update any eBay setup flow to use OAuth redirect rather than Auth'n'Auth
Order import logic Map Fulfillment API response fields to eStack order entity

Screenshot_2026-06-28_at_9.50.09_PM.png

**Priority:** Critical — webhook deadline July 26, 2026 · API migration needed ASAP --- ### Background eStack's eBay integration is using a very old Traditional API (Auth'n'Auth / XML-based). eBay has been deprecating Traditional APIs in favour of their modern OAuth 2.0 REST API suite. The Finding API and Shopping API were decommissioned in February 2025. The current integration needs to be fully migrated to the REST API. There are two workstreams here — the urgent webhook fix (30-day deadline) and the broader API migration. Both are covered below. --- ## Part 1 — URGENT: Fix the account deletion/closure webhook endpoint **Deadline: ~July 26, 2026** eBay has flagged `https://cb.estack.com/ebay-delete-webhook` as down and non-responsive. If not fixed within 30 days, eBay will deactivate the application keys, breaking all eBay order syncing. **Note on `cb.estack.com`:** This subdomain should be reviewed as part of the broader migration — the webhook callback URL registered in the eBay Developer Portal will need to be updated to reflect any new domain/subdomain used for callbacks going forward (e.g. `api.estack.com` or similar). Coordinate with Rob before changing the registered URL in the portal. ### What the endpoint must do 1. Accept a `POST` from eBay with a JSON deletion/closure notification payload 2. Return HTTP `200` to acknowledge receipt 3. Store/log the notification for data deletion compliance purposes ### Diagnosis steps ```bash curl -X POST https://cb.estack.com/ebay-delete-webhook \ -H "Content-Type: application/json" \ -d '{}' -v ``` Check the response code. If 404 → route missing. If 500 → app error. If no response → DNS/SSL issue on `cb.estack.com`. ### Fix 1. Confirm route exists in Laminas router for `POST /ebay-delete-webhook` 2. Controller action must return `200 OK` — even a minimal stub is sufficient to stop the clock 3. Add payload logging for compliance 4. Once deployed, verify in eBay Developer Portal that the endpoint shows as active **Reference:** https://developer.ebay.com/marketplace-account-deletion --- ## Part 2 — eBay REST API migration ### Developer portal access - **Sign in:** https://developer.ebay.com/signin - **Username:** estack - **Password:** H7@df7/#@X@vf2Tr - **Application Keys page:** https://developer.ebay.com/my/keys (after sign-in) - **API deprecation status:** https://developer.ebay.com/develop/get-started/api-deprecation-status ### What's changing: Traditional → REST | Old (Traditional API) | New (REST API) | Notes | |---|---|---| | Auth'n'Auth tokens (XML) | OAuth 2.0 (Bearer tokens) | All REST APIs require OAuth | | Trading API (GetOrders, etc.) | Sell Fulfillment API | Primary replacement for order retrieval | | Finding API | Browse API | Finding API decommissioned Feb 2025 | | XML request/response | JSON request/response | | ### Authentication — OAuth 2.0 All REST API calls require an OAuth 2.0 Bearer token. There are two token types: - **Application token** — for non-user-specific data (client credentials grant) - **User token** — for seller-specific data like orders (authorization code grant) **Token endpoint (production):** `https://api.ebay.com/identity/v1/oauth2/token` **Token endpoint (sandbox):** `https://api.sandbox.ebay.com/identity/v1/oauth2/token` **OAuth guide:** https://developer.ebay.com/api-docs/static/oauth-tokens.html **Quick OAuth guide:** https://developer.ebay.com/support/kb-article?KBid=5075 **OAuth credentials:** https://developer.ebay.com/api-docs/static/oauth-credentials.html The App ID (Client ID) and Cert ID (Client Secret) are available on the Application Keys page after sign-in. Sandbox and Production have separate credential sets. ### Key REST APIs for eStack's use case #### 1. Sell Fulfillment API — Order retrieval and shipping confirmation The primary API for eStack's core workflow: pulling orders from eBay and marking them as shipped. - **Overview:** https://developer.ebay.com/api-docs/sell/fulfillment/overview.html - **Get orders:** `GET https://api.ebay.com/sell/fulfillment/v1/order` - **Get single order:** `GET https://api.ebay.com/sell/fulfillment/v1/order/{orderId}` - **Create shipping fulfillment (mark shipped + tracking):** `POST https://api.ebay.com/sell/fulfillment/v1/order/{orderId}/shipping_fulfillment` - **API reference:** https://developer.ebay.com/api-docs/sell/fulfillment/resources/methods Required OAuth scope: `https://api.ebay.com/oauth/api_scope/sell.fulfillment` #### 2. Sell Inventory API — Listing and inventory management - **Overview:** https://developer.ebay.com/api-docs/sell/inventory/overview.html #### 3. Sell Account API — Account and policy management - **Overview:** https://developer.ebay.com/api-docs/sell/account/overview.html #### 4. Marketplace Account Deletion webhook (compliance) - **Docs:** https://developer.ebay.com/marketplace-account-deletion ### REST API general documentation - **REST API landing page:** https://developer.ebay.com/api-docs/static/ebay-rest-landing.html - **Making a REST call:** https://developer.ebay.com/api-docs/static/making-a-call.html - **Versioning:** https://developer.ebay.com/api-docs/static/versioning.html - **All APIs overview:** https://developer.ebay.com/docs ### Sandbox environment Use the sandbox for all development and testing before pointing at production. - **Sandbox API base URL:** `https://api.sandbox.ebay.com` - **Sandbox sign-in:** `https://signin.sandbox.ebay.com` ### Migration scope for eStack At minimum, the following existing integration points need to be rewritten: | Current behaviour | REST equivalent | |---|---| | Pull new eBay orders | `GET /sell/fulfillment/v1/order` filtered by `creationdate` | | Mark order as shipped + tracking | `POST /sell/fulfillment/v1/order/{orderId}/shipping_fulfillment` | | Auth token management | OAuth 2.0 client credentials + authorization code flows | | Webhook/callback domain (`cb.estack.com`) | Update registered callback URL in Developer Portal after domain decision | ### Important upcoming change (September 26, 2025) eBay will replace username data with immutable user IDs for US users in Fulfillment API responses. Any code that stores or displays eBay usernames from API responses needs to be updated to handle the new immutable ID format. Reference: https://developer.ebay.com/api-docs/sell/fulfillment/types/sel:Order ### Files to review / update | Area | What to update | |---|---| | eBay connector / service class | Replace Traditional API calls with REST Fulfillment API calls | | Auth token storage | Replace Auth'n'Auth token logic with OAuth 2.0 token management (access + refresh tokens) | | `cb.estack.com` webhook handler | Fix immediately (Part 1); update registered URL in portal after domain decision | | Channel setup UI | Update any eBay setup flow to use OAuth redirect rather than Auth'n'Auth | | Order import logic | Map Fulfillment API response fields to eStack order entity | ![Screenshot_2026-06-28_at_9.50.09_PM.png](/attachments/9d2099d4-2c0f-4ad4-8d95-86eca3695ae5)
Screenshot_2026-06-28_at_9.50.09_PM.png
140 KiB
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Amazon SP-API
bug
Doing
eBay API
FBA Restock
FBA Restock
FBA Restock
fulfillment
Planning
Planning
Planning
Planning
Planning
prod
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
QA
shipstation
shipstation
No Label eBay API
Milestone
No items
No Milestone
Projects
Clear projects
No project eStack Sprint Board
Assignees
Clear assignees
rob
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: rob/estack-laminas#19
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?