eBay API Compliance - CoreSeller

CoreSeller is committed to full compliance with eBay's Developer Program policies, API License Agreement, and marketplace rules. This page outlines how our platform meets eBay's technical and policy requirements.

OAuth 2.0 Authorization

CoreSeller exclusively uses eBay's OAuth 2.0 protocol for user authorization. We support both User Access Tokens (for actions on behalf of sellers) and Application Access Tokens (for public data). Key details:

All user authorization flows use the eBay OAuth consent screen
Access tokens are securely stored and encrypted at rest
Refresh tokens are used to maintain access without repeated user consent
Users can revoke access at any time through their eBay account or through CoreSeller
We never store or request eBay passwords

Account Data Protection

CoreSeller adheres to strict data protection standards, including compliance with GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act):

Data minimization: We only collect and store eBay data necessary for the services we provide
No data selling: eBay user data is never sold, rented, or shared with third parties
Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
Access controls: eBay data is only accessible to the authenticated seller who owns the data
Data retention: eBay data is retained only as long as needed and deleted upon account closure

Marketplace Account Deletion

CoreSeller fully supports eBay's Marketplace Account Deletion requirements. When a user requests account deletion through eBay or directly through our platform:

We process deletion requests within 30 days of receipt
All eBay API data associated with the user is permanently deleted from our systems
We handle eBay Marketplace Account Deletion webhook notifications automatically
Deletion confirmations are logged for compliance auditing
Backups containing user data are purged within our standard backup rotation cycle

Modern API Usage

CoreSeller uses eBay's latest RESTful APIs exclusively. We do not use any legacy or deprecated APIs:

Sell Inventory API: For creating and managing inventory items, offers, and inventory locations
Sell Fulfillment API: For retrieving and managing orders, shipping, and tracking
Sell Account API: For managing seller account details, return policies, and fulfillment policies
Commerce Notification API: For subscribing to and receiving event notifications via webhooks
Identity API: For retrieving authenticated user information

Event-Driven Architecture

CoreSeller is built on a webhook-first, event-driven architecture. This approach aligns with eBay's best practices and reduces unnecessary API calls:

Webhook-first: We subscribe to eBay Notification API topics to receive real-time event notifications
No polling: We do not poll eBay APIs for changes. All updates are received via webhooks or triggered by explicit user actions
Rate limit compliance: Our architecture naturally stays well within eBay's API rate limits
Idempotent processing: Webhook events are processed idempotently to prevent duplicate actions
Graceful degradation: If webhooks are temporarily unavailable, the system queues operations and processes them when connectivity is restored

Prohibited Activities

CoreSeller does not engage in any activities prohibited by eBay's API License Agreement:

No sniping or last-second bidding automation
No scraping or crawling of eBay web pages
No automated bulk listing generation that violates eBay policies
No circumvention of eBay's fee structure
No manipulation of search results or feedback systems

Related Policies

For more information about how we handle your data, please review:

Last updated: May 2026. If you have questions about our compliance practices, contact us at support@coreseller.app.