Store Fulfillment API

This document describes the methods available in Version 4 of the Store Fulfillment API. This document covers API versions 45.4 and newer, and focuses on Version 4 method definitions only. All API functionality from previous versions is still available.

The API utilizes basic header authentication for all methods. The credentials used to access the API are managed as user logins in Store Fulfillment for each Store.

Authentication Requirements

User Credentials

User credentials (user name and password) are created on the company’s primary Store Fulfillment site. The user credentials are used in conjunction with session identifiers to validate and maintain a user’s session and right to communicate with the Store Fulfillment application. Validated users can gather, review, and submit information, based on that user account’s security settings and Store configuration.

NOTE: All user settings are set using a primary Store Fulfillment site and cannot be modified using third-party applications. All limitations defined for a user, such as time out or access to specific functionality, override any settings defined by any third-party application consuming this API.

Session Tokens

All successfully authenticated requests will return a session token which can be used for authentication in place of a user name and password. The length of time that a session token will be valid is determined by the session time out configuration on the user account used to create the session.

Request Header Parameters

Authorization

This is how data should be passed in the Authorization parameter of the request header on all requests:

This value should be Base-64 encoded in the following format: “username:password:sessiontoken”
Either of the following combinations of username/password/sessiontoken are required:
- Username and password
- Username and sessiontoken

X-EBAY-API-LOCALE

This is how data should be passed in the X-EBAY-API-LOCALE parameter of the request header on all requests:

• This value is the culture code (localization) of the request. Ex: en-us

Content-Type

This is how data should be passed in the Content-Type parameter of the request header on all requests:

• This API supports either JSON or XML, with UTF-8 encoding

• The default Content-Type is JSON

Accept-Encoding

This API supports HTTP compression (gzip). As a best practice for all API requests, compression should be enabled.

Example Request Header

Authorization: Basic YWRtaW46YWRtaW40Mjo=
X-EBAY-API-LOCALE: en-US
Content-Type: application/json; charset=utf-8
Expect: 100-continue
Connection: Keep-Alive
Accept-Encoding : gzip,deflate

Error Codes

All Action Methods

All action methods called by the Store Fulfillment API may return the following error codes:

not Implemented: The Action, Method, or Type is not implemented
Internal Server Error (500): The server returns the verbose error message from the exception

User Authentication Error Codes

Error Code	Description
Unauthorized (401)	This error can apply to the following action calls: User: Authenticate and Release Authentication Authentication: Authenticate and Release Authentication
The supplied credentials are invalid. Error Code -3.	This error is returned if a user tries to log in using a session token and the username and the session token does not match.
Invalid batch type. Error Code -2.	If a user starts a process without completely finalizing the previous one, for example from printing to shipping, this error is returned. Users may not see this error based on the way Store Fulfillment handles batch setting on the backend for a specific implementation.
Account has been locked. Error Code -1
Unable to log on with the supplied credentials. Error Code 0

API Calls

For information on specific API calls, see the following pages.