eBay API Compatible Application Check

Posted on December 5, 2009
Filed Under EPN (eBay Partner Network) | Leave a Comment

So as you know I have been flirting with the API call limit for a while now. I thought I backed things down and had them under control and today to my surprise I exceeded the limit again.

eBay has the 5,000 daily limit per IP address. What I am seeing though is that it must also be per API.  I use the Finding API and the Shopping API. I am exceeding the limit on the Finding API but not on the Shopping API.

I applied a little while back to the Compatible Application Check, since this is the only way to get increased API call limits. When I filled out the form I was very brief and put in N/A to a lot of fields. I also only gave them my domain with my most traffic. Some folks that read my blog wanted me to share their response. So I am going to do that here. Also I plan to try and fix all the problems they found and get the calls increased.

1) Compatibility Version:
——————————-
You have mentioned that currently your application supports version 533 of API. In February and August of each year, eBay increments the lowest supported schema version. The lowest supported version as of today is 551.

Please upgrade your application to a higher/latest version of the API when you can since the version that your application uses will no longer be supported starting February 2010.

For details refer: link

2) Required to use the Right Now on eBay Logo:
———————————————————–
We do require that you use the RightNow on eBay logo when you display eBay items.

There are two intentions here. One is to make the ad attractive and meaningful. The other is to show the content is on eBay. Showing this is eBay content is critical so the user (clicker) is not surprised when clicking on an ad and winding up at eBay.

You can download the logo from this knowledge base article:
Title: What eBay logo should be used in API application?
URL:  linkDetails regarding usage of the “Right Now on eBay” logo are here: link

 

Here is another knowledge base article regarding public display of eBay data and the need to display the eBay logo : link

3) Please share the URLs of all the blogs/applications that is going to use the Application ID for which you are seeking higher call limits. It is required that all the apps using the Application ID are compatible as per the guidelines.

4) You mention that you do not have a mechanism in place to handle DoS attacks.
—————————————————————————————————–
We require that your application handle DoS attacks. We need to ensure that the DOS protection you have will protect eBay and your users against excessive or inappropriate calls.

5) Please mention what measures are taken to counter XSS attacks .
———————————————————————————–
eBay’s standard method for protecting against XSS attacks is an input whitelist and output encoding. Please see the OWASP website for more details on secure coding: link

So there you have it. That is what I need to fix to be considered for approval. I am not real excited to tell them I have 75+ blogs and counting. I am not sure that is going to go over well. Guess we will find out. I will need to get that logo on all my sites. I guess I have some researching to do about Denial of Service attacks and XSS attacks. If anyone has any valuable input on correcting any of these 5 issues please let me know.

Comments

Leave a Reply