Third-party applications can request access to your account in order to provide you with helpful tools. We explain how your password is always secure.


justin.jpgIn this edition of our Handmade Code series, Etsy Admin Justin explains a change in how third-party applications connect to your Etsy account.  We all know that we shouldn't give our Etsy passwords out to anyone. A password is a bit like the key to your car: it gives unlimited access. But some cars also come with a "valet key" that allows someone else to use your car temporarily. The valet key usually has some restrictions — it might only open the driver's side door, or it might even limit the speed of the car. The valet key lets you turn your car over to the parking attendant, while still keeping overall control of the situation. Bear with me while I explain why the metaphor is relevant. Until recently, independent software developers who wanted to make neat and helpful applications for Etsy sellers and shoppers could only "read" from the site. That means they could display the information already on Etsy in a million different ways, but they couldn't give tools to their users to create new information on Etsy. In the terminology of developers, they couldn't "write" to the site. So, tasks like uploading new listings, adding and removing Favorites, and many other common functions could only be done directly on Etsy.com. This is about to change. Recently, we've made a feature called OAuth available to our developer community. OAuth is an open web standard, used by many sites including Google. Think of OAuth as the valet key to your Etsy account. Here's how it works:
  • You visit an application and it asks permission to access your Etsy account. (By now you've pulled into the parking lot of a fancy restaurant.)
  • The application directs you to a special approval page on Etsy. You'll be asked to sign in to Etsy if you haven't signed in recently. The application won't be able to access your account and allow you to take actions unless you click the blue "Allow Access" button on the approval page. (This is like the parking attendant asking for your key.)
  • After you approve the access, you're either taken back to the application, or you're asked to return to the application and enter a special "verifier" code. The application is now linked to your Etsy account. (You have turned your valet key over to the parking attendant.)
  • The application will stay linked to your account, and you won't need to approve it again the next time you use it. At any time, you can visit Your Etsy and revoke the access you've granted to any application. (This is like getting your key back at the end of the night.)
  • You will need to repeat this process again for each application you wish to use with your account.  You can see a list of all the applications you've authorized in Your Etsy.
The important thing to understand here is that at no time are you being asked to hand over your password to this third-party application. Instead, the application sends you to Etsy, and you sign in on the Etsy site. You know you're providing your password only to Etsy, because the address in your browser starts with "http://www.etsy.com." The application then uses OAuth "access tokens" to help you access your Etsy account. These token values don't contain any personally-identifying information about you, your account, or your shop. Your password is safe. Once you authorize applications, what can they do for you? Well, eventually we hope they can help you conveniently manage all aspects of your Etsy account. We're still at work, but here is a list of actions you can now do through third-party apps, using OAuth:
  • Add and remove Favorites
  • Read your Favorites, if you've made them private
  • Read your sales and purchase history
  • Create and edit listings
  • Manage shipping profiles
  • Manage your payment options
  • Create and edit shop sections
  • Read your billing and payment history
More features are on the way, so keep watching this blog for new Handmade Code articles. In the meantime, here are some OAuth-enabled Etsy applications that you can try now:
  • 200markets: Displays recent listings from your favorite shops
  • Metricly: A dashboard that aggregates all your sales statistics
  • Craftopolis: Displays a calendar with your sales totals, favorites activity, and views
You'll find more helpful applications on our Featured Applications page. And check out the related items for this article from members of the developer community or their families. In our Handmade Code series, we bring you news and how-to's about the innovations emerging from the Etsy Developer Community. Located at developer.etsy.com, the Etsy Developer Community serves as a hub for third-party software developers who are making neat and helpful programs for Etsy shoppers and sellers.