-
You are expected to use the eBay-provided secured and authenticated services to perform user authentication with eBay.
-
Encourage users to reset their passwords if they suspect their sign-in credentials are compromised.
-
Periodically reset your cert ids (client secrets) and if there is a cert ID breach, ask eBay Developer Technical Support to revoke any active tokens. Active tokens can exist for a considerable post-reset period.
-
Never send cert IDs via email to anyone including eBay employees.