Basic Steps
All applications follow a basic pattern when accessing the StubHub API. At a high level, you follow three steps:
1. Obtain an access token​
In order to make authenticated requests to the StubHub API, your application must first obtain an OAuth access token. The way you obtain an access token depends on your use case.
If you... | Use... |
---|---|
Want to access public data like categories, events and listings... | Application-Only Flow |
Want to manage user-specific data like payment methods, listings, purchases and sales... | User-Login Flow |
2. Use the access token to make a request​
After your application obtains an access token, it sends the access_token
property in a token in an Bearer
authorization header when making API
requests. Your application check the scope
property in a token to make sure it
has been granted the scopes it needs before making requests. The
expires_in
property in a token response represents the number of seconds
before the token expires. Tokens can be re-used in multiple requests up until
they expire.
3. Refresh the access token when it expires​
Access tokens have limited lifetimes. If your application needs to make requests
beyond the lifetime of an access token, it should use the refresh_token
value
from the token to obtain a new token. See Token Expiration