ebay-api 8.3.0 → 8.4.1

package/README.md

@@ -9,7 +9,7 @@
 [![npm](https://img.shields.io/npm/dt/ebay-api.svg?style=flat-square)](https://www.npmjs.com/package/ebay-api)
 
 This eBay API implements both Traditional \(xml\) and the RESTful eBay API.
-It supports `client credentials grant` and `authorization code grant` \(Auth'N'Auth, OAuth2 and IAF\).
+It supports `client credentials grant` and `authorization code grant` \(Auth'N'Auth, OAuth2 and IAF\). Digital Signature is supported too.
 
 * [API Browser Examples](https://hendt.github.io/ebay-api/)
 * [API Documentation](https://hendt.gitbook.io/ebay-api/)
@@ -21,7 +21,7 @@ It supports `client credentials grant` and `authorization code grant` \(Auth'N'A
 
 ## Changelog
 
-* `v8.3.0` is the latest release.
+* `v8.4.1` is the latest release.
 * See [here](https://github.com/hendt/ebay-api/blob/master/CHANGELOG.md) for the full changelog.
 
 ## Implementation status
@@ -88,9 +88,9 @@ const eBay = new eBayApi({
 
   siteId: eBayApi.SiteId.EBAY_US, // required for traditional APIs, see https://developer.ebay.com/DevZone/merchandising/docs/Concepts/SiteIDToGlobalID.html
 
-  marketplaceId: eBayApi.MarketplaceId.EBAY_US, // defautl. required for RESTful APIs
-  acceptLanguage: eBayApi.Locale.en_US, // defautl
-  contentLanguage: eBayApi.ContentLanguage.en_US, // defautl.
+  marketplaceId: eBayApi.MarketplaceId.EBAY_US, // default. required for RESTful APIs
+  acceptLanguage: eBayApi.Locale.en_US, // default
+  contentLanguage: eBayApi.ContentLanguage.en_US, // default.
 
   // optional parameters, should be omitted if not used
   devId: '-- devId --', // required for traditional Trading API
@@ -254,6 +254,8 @@ This is how it would look like if you use `express`:
 ```javascript
 import eBayApi from 'ebay-api';
 
+
+// This is your RUName endpoint like https://your-ebay.app/success
 app.get('/success', async function (req, res) {
   // 3. Get the parameter code that is placed as query parameter in redirected page
   const code = req.query.code; // this is provided from eBay
@@ -306,6 +308,41 @@ app.get('/orders/:id', async function (req, res) {
 });
 ```
 
+## Digital Signature
+Signatures are required when the call is made for EU- or UK-domiciled sellers, and only for the following APIs/methods:
+
+* All methods in the Finances API -> (`eBay.finances.XXX.sign.YYY()`)
+* issueRefund in the Fulfillment API -> (`eBay.sell.fulfillment.sign.issueRefund()`)
+* GetAccount in the Trading API -> (`eBay.trading.GetAccount(null, { sign: true }))`)
+* The following methods in the Post-Order API:
+  - Issue Inquiry Refund -> (`eBay.postOrder.inquiry.sign.issueInquiryRefund()`)
+  - Issue case refund -> (`eBay.postOrder.inquiry.sign.issueCaseRefund()`)
+  - Issue return refund -> (`eBay.postOrder.inquiry.sign.issueReturnRefund()`)
+  - Process Return Request -> (`eBay.postOrder.inquiry.sign.processReturnRequest()`)
+  - Create Cancellation Request -> (`eBay.postOrder.inquiry.sign.createCancellation()`)
+  - Approve Cancellation Request -> (`eBay.postOrder.inquiry.sign.approveCancellationRequest()`)
+
+### How to use Digital Signature
+```js
+// 1. Create singning key and save it appropriatly
+const signingKey = await eBay.developer.keyManagement.createSigningKey('ED25519');
+// 2. Set the signature
+eBay.setSignature(signingKey)
+// or in constructor
+eBay = new eBayApi({
+   appId: '...',
+   certId: '...',
+   signature: {
+      jwe: signingKey.jwe,
+      privateKey: signingKey.privateKey
+   }
+});
+// 3. Use the 'sign' keyword in Restful API
+const summary = await eBay.sell.finances.sign.getSellerFundsSummary();
+// 3. Or the 'sign' parameter in traditional API
+const account = await eBay.trading.GetAccount(null, {sign: true});
+```
+
 ## RESTful API
 
 ### How to set the Scope
@@ -340,7 +377,7 @@ In any case eBay adds a new subdomain, it's also possible to configure whatever
   eBay.buy.browse.api({subdomain: 'apiy'}).getItem() // now it will use https://apiy.ebay.com
 ```
 
-### Change RESTful API call config
+### Return raw RESTful API response
 
 ```javascript
   eBay.buy.browse.api({
@@ -368,8 +405,8 @@ eBay.OAuth2.on('refreshClientToken', (token) => {
 });
 ```
 
-To manuel refresh the auth token use `eBay.OAuth2.refreshAuthToken()` and for the client
-token `eBay.OAuth2.refreshClientToken()`.
+To manual refresh the auth token use `eBay.OAuth2.refreshAuthToken()` and for the client
+token use `eBay.OAuth2.refreshClientToken()`.
 Keep in mind that you need the 'refresh_token' value set.
 
 ```javascript

package/dist/api/digitalSignature.d.ts

@@ -0,0 +1,43 @@
+import { Cipher, Headers } from '../types/index.js';
+/**
+ * Generates the 'Content-Digest' header value for the input payload.
+ *
+ * @param {any} payload The request payload.
+ * @param {string} cipher The algorithm used to calculate the digest.
+ * @returns {string} contentDigest The 'Content-Digest' header value.
+ */
+export declare const generateContentDigestValue: (payload: unknown, cipher?: Cipher) => string;
+export type SignatureComponents = {
+    method: string;
+    authority: string;
+    path: string;
+};
+/**
+ * Generates the base string.
+ *
+ * @param {any} headers The HTTP request headers.
+ * @param {SignatureComponents} signatureComponents The config.
+ * @param {any} payload The payload.
+ * @param {number} timestamp The timestamp.
+ * @returns {string} payload The base string.
+ */
+export declare function generateBaseString(headers: Headers, signatureComponents: SignatureComponents, payload: any, timestamp?: number): string;
+/**
+ * Generates the Signature-Input header value for the input payload.
+ *
+ * @param {any} payload The input config.
+ * @param {number} timestamp The timestamp.
+ * @returns {string} the 'Signature-Input' header value.
+ */
+export declare const generateSignatureInput: (payload: any, timestamp?: number) => string;
+/**
+ * Generates the 'Signature' header.
+ *
+ * @param {any} headers The HTTP headers.
+ * @param {string} privateKey The HTTP headers.
+ * @param {SignatureComponents} signatureComponents The signature components
+ * @param {any} payload The payload
+ * @param {number} timestamp The payload
+ * @returns {string} the signature header value.
+ */
+export declare function generateSignature(headers: any, privateKey: string, signatureComponents: SignatureComponents, payload: any, timestamp?: number): string;

package/dist/api/digitalSignature.js

@@ -0,0 +1,105 @@
+import { createHash, sign } from 'crypto';
+const beginPrivateKey = '-----BEGIN PRIVATE KEY-----';
+const endPrivateKey = '-----END PRIVATE KEY-----';
+// based on https://github.com/ebay/digital-signature-nodejs-sdk
+/**
+ * Returns the current UNIX timestamp.
+ *
+ * @returns {number} The unix timestamp.
+ */
+const getUnixTimestamp = () => Date.now() / 1000 | 0;
+const getSignatureParams = (payload) => [
+    ...payload ? ['content-digest'] : [],
+    'x-ebay-signature-key',
+    '@method',
+    '@path',
+    '@authority'
+];
+const getSignatureParamsValue = (payload) => getSignatureParams(payload).map(param => `"${param}"`).join(' ');
+/**
+ * Generates the 'Content-Digest' header value for the input payload.
+ *
+ * @param {any} payload The request payload.
+ * @param {string} cipher The algorithm used to calculate the digest.
+ * @returns {string} contentDigest The 'Content-Digest' header value.
+ */
+export const generateContentDigestValue = (payload, cipher = 'sha256') => {
+    const payloadBuffer = Buffer.from(typeof payload === 'string' ? payload : JSON.stringify(payload));
+    const hash = createHash(cipher).update(payloadBuffer).digest('base64');
+    const algo = cipher === 'sha512' ? 'sha-512' : 'sha-256';
+    return `${algo}=:${hash}:`;
+};
+/**
+ * Generates the base string.
+ *
+ * @param {any} headers The HTTP request headers.
+ * @param {SignatureComponents} signatureComponents The config.
+ * @param {any} payload The payload.
+ * @param {number} timestamp The timestamp.
+ * @returns {string} payload The base string.
+ */
+export function generateBaseString(headers, signatureComponents, payload, timestamp = getUnixTimestamp()) {
+    try {
+        let baseString = '';
+        const signatureParams = getSignatureParams(payload);
+        signatureParams.forEach(param => {
+            baseString += `"${param.toLowerCase()}": `;
+            if (param.startsWith('@')) {
+                switch (param.toLowerCase()) {
+                    case '@method':
+                        baseString += signatureComponents.method;
+                        break;
+                    case '@authority':
+                        baseString += signatureComponents.authority;
+                        break;
+                    case '@path':
+                        baseString += signatureComponents.path;
+                        break;
+                    default:
+                        throw new Error('Unknown pseudo header ' + param);
+                }
+            }
+            else {
+                if (!headers[param]) {
+                    throw new Error('Header ' + param + ' not included in message');
+                }
+                baseString += headers[param];
+            }
+            baseString += '\n';
+        });
+        baseString += `"@signature-params": (${getSignatureParamsValue(payload)});created=${timestamp}`;
+        return baseString;
+    }
+    catch (ex) {
+        throw new Error(`Error calculating signature base: ${ex.message}`);
+    }
+}
+/**
+ * Generates the Signature-Input header value for the input payload.
+ *
+ * @param {any} payload The input config.
+ * @param {number} timestamp The timestamp.
+ * @returns {string} the 'Signature-Input' header value.
+ */
+export const generateSignatureInput = (payload, timestamp = getUnixTimestamp()) => `sig1=(${getSignatureParamsValue(payload)});created=${timestamp}`;
+/**
+ * Generates the 'Signature' header.
+ *
+ * @param {any} headers The HTTP headers.
+ * @param {string} privateKey The HTTP headers.
+ * @param {SignatureComponents} signatureComponents The signature components
+ * @param {any} payload The payload
+ * @param {number} timestamp The payload
+ * @returns {string} the signature header value.
+ */
+export function generateSignature(headers, privateKey, signatureComponents, payload, timestamp = getUnixTimestamp()) {
+    const baseString = generateBaseString(headers, signatureComponents, payload, timestamp);
+    privateKey = privateKey.trim();
+    if (!privateKey.startsWith(beginPrivateKey)) {
+        privateKey = beginPrivateKey + '\n' + privateKey + '\n' + endPrivateKey;
+    }
+    const signatureBuffer = sign(undefined, // If algorithm is undefined, then it is dependent upon the private key type.
+    Buffer.from(baseString), privateKey);
+    const signature = signatureBuffer.toString('base64');
+    return `sig1=:${signature}:`;
+}

package/dist/api/index.d.ts

@@ -2,10 +2,12 @@ import Auth from '../auth/index.js';
 import { IEBayApiRequest } from '../request.js';
 import { AppConfig } from '../types/index.js';
 import Base from './base.js';
+import { SignatureComponents } from './digitalSignature.js';
 /**
  * Superclass with Auth container.
  */
 export default abstract class Api extends Base {
     readonly auth: Auth;
     constructor(config: AppConfig, req?: IEBayApiRequest, auth?: Auth);
+    getDigitalSignatureHeaders(signatureComponents: SignatureComponents, payload: any): {};
 }

package/dist/api/index.js

@@ -1,5 +1,6 @@
 import Auth from '../auth/index.js';
 import Base from './base.js';
+import { generateContentDigestValue, generateSignature, generateSignatureInput } from './digitalSignature.js';
 /**
  * Superclass with Auth container.
  */
@@ -8,4 +9,21 @@ export default class Api extends Base {
         super(config, req);
         this.auth = auth || new Auth(this.config, this.req);
     }
+    getDigitalSignatureHeaders(signatureComponents, payload) {
+        if (!this.config.signature) {
+            return {};
+        }
+        const digitalSignatureHeaders = {
+            'x-ebay-enforce-signature': true,
+            'x-ebay-signature-key': this.config.signature.jwe,
+            ...payload ? {
+                'content-digest': generateContentDigestValue(payload, this.config.signature.cipher ?? 'sha256')
+            } : {},
+            'signature-input': generateSignatureInput(payload)
+        };
+        return {
+            ...digitalSignatureHeaders,
+            'signature': generateSignature(digitalSignatureHeaders, this.config.signature.privateKey, signatureComponents, payload)
+        };
+    }
 }

package/dist/api/restful/developer/keyManagement/index.d.ts

@@ -12,11 +12,9 @@ export default class KeyManagement extends Restful {
      */
     getSigningKeys(): Promise<any>;
     /**
-     * his method creates keypairs.
+     * This method creates keypairs.
      */
-    createSigningKey(data: {
-        signingKeyCipher: string;
-    }): Promise<any>;
+    createSigningKey(signingKeyCipher: 'ED25519' | 'RSA'): Promise<any>;
     /**
      * This method returns the <b>Public Key</b>, <b>Public Key as JWE</b>,
      * and metadata for a specified <code>signingKeyId</code> associated with the application key making the call.

package/dist/api/restful/developer/keyManagement/index.js

@@ -17,10 +17,12 @@ export default class KeyManagement extends Restful {
         return this.get(`/signing_key`);
     }
     /**
-     * his method creates keypairs.
+     * This method creates keypairs.
      */
-    createSigningKey(data) {
-        return this.post(`/signing_key`, data);
+    createSigningKey(signingKeyCipher) {
+        return this.post(`/signing_key`, {
+            signingKeyCipher
+        });
     }
     /**
      * This method returns the <b>Public Key</b>, <b>Public Key as JWE</b>,

package/dist/api/restful/index.d.ts

@@ -1,11 +1,12 @@
-import Api from '../index.js';
 import Auth from '../../auth/index.js';
 import { IEBayApiRequest } from '../../request.js';
 import { ApiRequestConfig, AppConfig } from '../../types/index.js';
+import Api from '../index.js';
 export declare const defaultApiHeaders: Record<string, string>;
 export type RestfulApiConfig = {
     subdomain?: string;
     useIaf?: boolean;
+    sign?: boolean;
     apiVersion?: string;
     basePath?: string;
     schema?: string;
@@ -14,7 +15,7 @@ export type RestfulApiConfig = {
 } & ApiRequestConfig;
 export type ApiRequest = {
     method: keyof IEBayApiRequest;
-    url: string;
+    path: string;
     config?: any;
     data?: any;
 };
@@ -50,12 +51,16 @@ export default abstract class Restful extends Api {
      * Use "apiz" subdomain
      */
     get apiz(): this;
-    get(url: string, config?: any, apiConfig?: RestfulApiConfig): Promise<any>;
-    delete(url: string, config?: any, apiConfig?: RestfulApiConfig): Promise<any>;
-    post(url: string, data?: any, config?: any, apiConfig?: RestfulApiConfig): Promise<any>;
-    put(url: string, data?: any, config?: any, apiConfig?: RestfulApiConfig): Promise<any>;
+    /**
+     * Sign request
+     */
+    get sign(): this;
+    get(path: string, config?: any, apiConfig?: RestfulApiConfig): Promise<any>;
+    delete(path: string, config?: any, apiConfig?: RestfulApiConfig): Promise<any>;
+    post(path: string, data?: any, config?: any, apiConfig?: RestfulApiConfig): Promise<any>;
+    put(path: string, data?: any, config?: any, apiConfig?: RestfulApiConfig): Promise<any>;
     get additionalHeaders(): any;
-    enrichRequestConfig(config?: any, apiConfig?: Required<RestfulApiConfig>): Promise<any>;
+    enrichRequestConfig(apiRequest: ApiRequest, payload?: any, apiConfig?: Required<RestfulApiConfig>): Promise<any>;
     private doRequest;
     private shouldRefreshToken;
     private request;

package/dist/api/restful/index.js

@@ -1,5 +1,5 @@
-import Api from '../index.js';
 import { EBayInvalidAccessToken, handleEBayError } from '../../errors/index.js';
+import Api from '../index.js';
 export const defaultApiHeaders = {
     'Content-Type': 'application/json',
     'Cache-Control': 'no-cache',
@@ -53,7 +53,8 @@ export default class Restful extends Api {
             sandbox: this.config.sandbox,
             tld: 'ebay.com',
             headers: {},
-            returnResponse: false
+            returnResponse: false,
+            sign: false
         };
     }
     get baseUrl() {
@@ -79,17 +80,23 @@ export default class Restful extends Api {
     get apiz() {
         return this.api({ subdomain: 'apiz' });
     }
-    async get(url, config = {}, apiConfig) {
-        return this.doRequest({ method: 'get', url, config }, apiConfig);
+    /**
+     * Sign request
+     */
+    get sign() {
+        return this.api({ sign: true });
     }
-    async delete(url, config = {}, apiConfig) {
-        return this.doRequest({ method: 'delete', url, config }, apiConfig);
+    async get(path, config = {}, apiConfig) {
+        return this.doRequest({ method: 'get', path, config }, apiConfig);
     }
-    async post(url, data, config = {}, apiConfig) {
-        return this.doRequest({ method: 'post', url, data, config }, apiConfig);
+    async delete(path, config = {}, apiConfig) {
+        return this.doRequest({ method: 'delete', path, config }, apiConfig);
     }
-    async put(url, data, config = {}, apiConfig) {
-        return this.doRequest({ method: 'put', url, data, config }, apiConfig);
+    async post(path, data, config = {}, apiConfig) {
+        return this.doRequest({ method: 'post', path, data, config }, apiConfig);
+    }
+    async put(path, data, config = {}, apiConfig) {
+        return this.doRequest({ method: 'put', path, data, config }, apiConfig);
     }
     get additionalHeaders() {
         return Object.keys(additionalHeaders)
@@ -101,18 +108,24 @@ export default class Restful extends Api {
             return headers;
         }, {});
     }
-    async enrichRequestConfig(config = {}, apiConfig = this.apiConfig) {
+    async enrichRequestConfig(apiRequest, payload = null, apiConfig = this.apiConfig) {
         const authHeader = await this.auth.getHeaderAuthorization(apiConfig.useIaf);
+        const signatureHeaders = apiConfig.sign ? this.getDigitalSignatureHeaders({
+            method: apiRequest.method.toUpperCase(),
+            authority: Restful.buildServerUrl('', apiConfig.subdomain, apiConfig.sandbox, apiConfig.tld),
+            path: apiConfig.apiVersion + apiConfig.basePath + apiRequest.path
+        }, payload) : {};
         const headers = {
             ...defaultApiHeaders,
             ...this.additionalHeaders,
             ...authHeader,
-            ...apiConfig.headers
+            ...apiConfig.headers,
+            ...signatureHeaders
         };
         return {
-            ...config,
+            ...apiRequest.config,
             headers: {
-                ...(config.headers || {}),
+                ...(apiRequest.config.headers || {}),
                 ...headers
             }
         };
@@ -136,17 +149,20 @@ export default class Restful extends Api {
         if (error.name === EBayInvalidAccessToken.name) {
             return true;
         }
+        else if (error?.meta?.res?.status === 403 && this.apiConfig.basePath === '/sell/inventory/v1') {
+            return true;
+        }
         return error?.meta?.res?.status === 401 && this.apiConfig.basePath === '/post-order/v2';
     }
     async request(apiRequest, apiConfig = this.apiConfig, refreshToken = false) {
-        const { url, method, data, config } = apiRequest;
+        const { path, method, data } = apiRequest;
         const apiCfg = { ...this.apiConfig, ...apiConfig };
-        const endpoint = this.getServerUrl(apiCfg) + url;
+        const endpoint = this.getServerUrl(apiCfg) + path;
         try {
             if (refreshToken) {
                 await this.auth.OAuth2.refreshToken();
             }
-            const enrichedConfig = await this.enrichRequestConfig(config, apiCfg);
+            const enrichedConfig = await this.enrichRequestConfig(apiRequest, data, apiCfg);
             const args = ['get', 'delete'].includes(method) ? [enrichedConfig] : [data, enrichedConfig];
             // @ts-ignore
             const response = await this.req[method](endpoint, ...args);

package/dist/api/traditional/XMLRequest.d.ts

@@ -34,12 +34,14 @@ export type TraditionalApiConfig = {
     raw?: boolean;
     parseOptions?: object;
     useIaf?: boolean;
+    sign?: boolean;
     hook?: (xml: string) => BodyHeaders;
 } & ApiRequestConfig;
 export type XMLReqConfig = TraditionalApiConfig & {
     endpoint: string;
     xmlns: string;
     eBayAuthToken?: string | null;
+    digitalSignatureHeaders?: (payload: any) => Headers;
 };
 export declare const defaultApiConfig: Required<Omit<TraditionalApiConfig, 'hook'>>;
 export declare const defaultHeaders: {
@@ -63,7 +65,7 @@ export default class XMLRequest {
      * @param      {Object} req the request
      * @param      {XMLReqConfig}  config
      */
-    constructor(callName: string, fields: Fields, config: XMLReqConfig, req: IEBayApiRequest);
+    constructor(callName: string, fields: Fields | null, config: XMLReqConfig, req: IEBayApiRequest);
     /**
      * returns the expected name of XML node of a Request
      *

package/dist/api/traditional/XMLRequest.js

@@ -1,5 +1,5 @@
 import debug from 'debug';
-import { XMLParser, XMLBuilder } from 'fast-xml-parser';
+import { XMLBuilder, XMLParser } from 'fast-xml-parser';
 import { checkEBayResponse, EbayNoCallError } from '../../errors/index.js';
 const log = debug('ebay:xml:request');
 export const defaultJSON2XMLOptions = {
@@ -32,6 +32,7 @@ export const defaultApiConfig = {
     raw: false,
     parseOptions: defaultXML2JSONParseOptions,
     useIaf: true,
+    sign: false,
     headers: {},
     returnResponse: false
 };
@@ -137,6 +138,7 @@ export default class XMLRequest {
             const config = {
                 headers: {
                     ...this.getHeaders(),
+                    ...this.config.digitalSignatureHeaders ? this.config.digitalSignatureHeaders(body) : {},
                     ...(headers ? headers : {})
                 }
             };

package/dist/api/traditional/index.d.ts

@@ -1,5 +1,5 @@
-import Api from '../index.js';
 import { ClientAlerts, Finding, Merchandising, Shopping, Trading } from '../../types/index.js';
+import Api from '../index.js';
 /**
  * Traditional eBay API.
  */

package/dist/api/traditional/index.js

@@ -1,6 +1,6 @@
 import { stringify } from 'qs';
-import Api from '../index.js';
 import { EBayIAFTokenExpired, EBayIAFTokenInvalid, handleEBayError } from '../../errors/index.js';
+import Api from '../index.js';
 import ClientAlertsCalls from './clientAlerts/index.js';
 import FindingCalls from './finding/index.js';
 import MerchandisingCalls from './merchandising/index.js';
@@ -28,17 +28,15 @@ export default class Traditional extends Api {
         };
     }
     createTradingApi() {
-        if (!this.config.devId) {
-            throw new Error('devId is required for trading API.');
-        }
         if (typeof this.config.siteId !== 'number') {
             throw new Error('siteId is required for trading API.');
         }
         return this.createTraditionalXMLApi({
             endpoint: {
-                production: 'https://api.ebay.com/ws/api.dll',
-                sandbox: 'https://api.sandbox.ebay.com/ws/api.dll'
+                production: 'api.ebay.com',
+                sandbox: 'api.sandbox.ebay.com'
             },
+            path: '/ws/api.dll',
             calls: TradingCalls,
             xmlns: 'urn:ebay:apis:eBLBaseComponents',
             headers: (callName, accessToken) => ({
@@ -58,9 +56,10 @@ export default class Traditional extends Api {
         }
         return this.createTraditionalXMLApi({
             endpoint: {
-                production: 'https://open.api.ebay.com/shopping',
-                sandbox: 'https://open.api.sandbox.ebay.com/shopping'
+                production: 'open.api.ebay.com',
+                sandbox: 'open.api.sandbox.ebay.com'
             },
+            path: '/shopping',
             xmlns: 'urn:ebay:apis:eBLBaseComponents',
             calls: ShoppingCalls,
             headers: (callName, accessToken) => ({
@@ -76,9 +75,10 @@ export default class Traditional extends Api {
     createFindingApi() {
         return this.createTraditionalXMLApi({
             endpoint: {
-                production: 'https://svcs.ebay.com/services/search/FindingService/v1',
-                sandbox: 'https://svcs.sandbox.ebay.com/services/search/FindingService/v1'
+                production: 'svcs.ebay.com',
+                sandbox: 'svcs.sandbox.ebay.com'
             },
+            path: '/services/search/FindingService/v1',
             xmlns: 'http://www.ebay.com/marketplace/search/v1/services',
             calls: FindingCalls,
             headers: (callName) => ({
@@ -93,9 +93,10 @@ export default class Traditional extends Api {
         }
         const api = {
             endpoint: {
-                production: 'https://clientalerts.ebay.com/ws/ecasvc/ClientAlerts',
-                sandbox: 'https://clientalerts.sandbox.ebay.com/ws/ecasvc/ClientAlerts'
+                production: 'clientalerts.ebay.com',
+                sandbox: 'clientalerts.sandbox.ebay.com'
             },
+            path: '/ws/ecasvc/ClientAlerts',
             calls: ClientAlertsCalls
         };
         const endpoint = api.endpoint[this.config.sandbox ? 'sandbox' : 'production'];
@@ -129,9 +130,10 @@ export default class Traditional extends Api {
     createMerchandisingApi() {
         return this.createTraditionalXMLApi({
             endpoint: {
-                production: 'https://svcs.ebay.com/MerchandisingService',
-                sandbox: 'https://svcs.sandbox.ebay.com/MerchandisingService'
+                production: 'svcs.ebay.com',
+                sandbox: 'svcs.sandbox.ebay.com'
             },
+            path: '/MerchandisingService',
             xmlns: 'http://www.ebay.com/marketplace/services',
             calls: MerchandisingCalls,
             headers: (callName) => ({
@@ -160,14 +162,22 @@ export default class Traditional extends Api {
         const eBayAuthToken = this.auth.authNAuth.eBayAuthToken;
         const accessToken = !eBayAuthToken && apiConfig.useIaf ? (await this.auth.OAuth2.getAccessToken()) : null;
         const useIaf = !eBayAuthToken && accessToken;
+        const host = this.config.sandbox ? api.endpoint.sandbox : api.endpoint.production;
         return {
             ...apiConfig,
             xmlns: api.xmlns,
-            endpoint: api.endpoint[this.config.sandbox ? 'sandbox' : 'production'],
+            endpoint: `https://${host}${api.path}`,
             headers: {
                 ...api.headers(callName, useIaf ? accessToken : null),
                 ...apiConfig.headers
             },
+            digitalSignatureHeaders: payload => {
+                return apiConfig.sign ? this.getDigitalSignatureHeaders({
+                    method: 'POST',
+                    authority: host,
+                    path: api.path
+                }, payload) : {};
+            },
             ...(!useIaf ? { eBayAuthToken } : {})
         };
     }

package/dist/eBayApi.d.ts

@@ -11,7 +11,7 @@ import { ContentLanguage, Locale, MarketplaceId, SiteId } from './enums/index.js
 import * as errors from './errors/index.js';
 import { IEBayApiRequest } from './request.js';
 import * as types from './types/index.js';
-import { AppConfig, ClientAlerts, Finding, Merchandising, Shopping, Trading } from './types/index.js';
+import { AppConfig, ClientAlerts, Finding, Merchandising, Shopping, Signature, Trading } from './types/index.js';
 export default class eBayApi extends Api {
     static readonly SiteId: typeof enums.SiteId;
     static readonly MarketplaceId: typeof enums.MarketplaceId;
@@ -54,5 +54,6 @@ export default class eBayApi extends Api {
     get shopping(): Shopping;
     get merchandising(): Merchandising;
     get clientAlerts(): ClientAlerts;
+    setSignature(signature: Signature): void;
 }
 export { eBayApi, SiteId, MarketplaceId, ContentLanguage, Locale, enums, errors, types };