eBay integration

Automated digital delivery for eBay sellers

YourSender connects to your eBay seller account via OAuth, listens for paid orders through eBay's Marketplace Notification API, and automatically marks each order as digitally delivered with the buyer's licence key or download link.

Connect your eBay account →What data do you access? ↓
How it works

Six steps, fully automatic

  1. 1

    The seller authorises YourSender

    The seller signs in to YourSender and clicks Connect on the eBay card. We open eBay's OAuth 2.0 consent screen and the seller approves the read-only Sell Fulfillment scope. eBay returns a refresh token; we store it encrypted at rest with AES-256-GCM.

  2. 2

    The seller maps a listing to a digital product

    In the YourSender dashboard, the seller picks one of their eBay listings and points it at a digital product they have already uploaded — a downloadable file, a license-key pool, or a combination of both. The seller stays in control of which listings are managed by YourSender.

  3. 3

    A buyer purchases the listing on eBay

    The buyer checks out on ebay.com as normal. eBay collects payment, captures buyer details, and creates an order. YourSender plays no role in this step — we are not a payment processor, marketplace, or store.

  4. 4

    eBay notifies YourSender of the new order

    eBay's Marketplace Notification API delivers a signed event to our webhook endpoint. We verify the ECDSA signature against eBay's published public key (cached for one hour) before doing anything else. Unverified payloads are rejected.

  5. 5

    YourSender fetches the order and delivers

    With the order id from the notification, we call eBay's Sell Fulfillment API to fetch the order's line items. We match each line to a YourSender product, generate the licence key or download link, and email the buyer the seller's branded delivery template.

  6. 6

    The order is marked digitally delivered on eBay

    After successful email delivery, we call eBay's createShippingFulfillment endpoint with carrier_code=Other and tracking_number=DIGITAL_DELIVERY. The buyer sees the order as shipped on eBay; the seller sees the same in Seller Hub.

OAuth scopes

What we request, and why

YourSender requests only the minimum scopes needed to fulfil orders.

sell.fulfillment

Read orders and post digital fulfillment

Fetch the line items of new paid orders and post a 'shipped' status with carrier=Other and tracking=DIGITAL_DELIVERY once delivered.

GET /sell/fulfillment/v1/order/{orderId}POST /sell/fulfillment/v1/order/{orderId}/shipping_fulfillment
sell.fulfillment.readonly

Read-only fallback

Granted alongside the writeable scope so we can read order details even if a future scope-narrowing changes which scopes are required.

GET /sell/fulfillment/v1/order/{orderId}

What we do not request

  • Inventory or listing scopes: we do not edit listings, change prices, or manage inventory.
  • Account or finances scopes: no access to seller payouts, refunds, fees, or account-level settings.
  • Marketing or messaging scopes: we do not currently send eBay Member Messages. If a seller opts in to that feature in the future, we will request the relevant scope at that time and clearly disclose it.
  • Buyer demographic data beyond what is on the order the buyer just placed.
Buyer data

How buyer information is handled

What we store

The buyer's name (where eBay exposes it), email (where eBay exposes it), the listing they purchased, the quantity, the order's creation date, and a record of the delivery email we sent. Nothing else.

How long

For as long as the seller's account remains active, plus up to 24 months after closure. After that, buyer records are deleted or anonymised.

Encryption

All OAuth tokens, refresh tokens, and webhook secrets are encrypted at rest using AES-256-GCM. All traffic between YourSender and eBay uses TLS 1.2 or higher.

Deletion path

A buyer who wants their record removed can write to the seller (the data controller) or directly to [email protected]. We respond within 30 days. Our Marketplace Account Deletion endpoint also processes deletion notifications from eBay automatically.

Full details in our Privacy Policy.

Compliance

Built to follow eBay's rules

  • Marketplace Account Deletion compliance. We expose the required endpoint at /webhooks/ebay/{tenantId} and respond to eBay's SHA-256 challenge handshake exactly as specified.
  • Signed-state OAuth. The OAuth state parameter is signed with HMAC-SHA256 and bound to a 10-minute TTL plus a single-use nonce in Redis, preventing replay and CSRF.
  • ECDSA signature verification. Every Marketplace Notification payload is signature-verified against eBay's public key (fetched on demand, cached for one hour). Unverified payloads are rejected with a 401.
  • Token rotation and revocation handling. Refresh tokens rotate per eBay's expiry windows. On revocation we deactivate the connection within minutes and notify the seller to reauthorise.
  • Rate-limit awareness. Order-detail fetches honour eBay's 429 Retry-After header and back off automatically.

Connect your eBay account in two minutes.

Sign up for a YourSender account, click Connect on the eBay card, and authorise the Sell Fulfillment scope. Free for the first 50 deliveries — no credit card.

Start for free →

Operated by Pageey.com Jakub Rozanski (Poland) · Privacy · Terms