Skip to content
Takedown guides·2026-07-11·8 min read

Filing eBay VeRO notices by API: how programmatic NOCI works (attestation first)

eBay's Verified Rights Owner program has always meant a human pasting a notice into a portal or emailing vero@ebay.com. The Commerce VeRO API replaces that step with a programmatic filing — but only once your attestation gate has already run. Here's exactly what it does, what it requires, and where eBay, not us, still gets the final word.

Brand Protector teamTakedown engineering

If you already run a VeRO program, you know the shape of the work: find the infringing listing, build the notice, and then do the clerical part — log into the VeRO Portal and paste, or compose an email to vero@ebay.com. The judgment is in the first two steps. The third is transcription, and transcription is exactly the kind of step that goes to an API. This post covers what the VeRO API actually changes, what it needs from you first, and — the part that matters in a legal-liability workflow — what it deliberately does not change. For how the VeRO program itself works (enrollment, what qualifies, counter-notices), read the VeRO program guide first; this is the API layer on top of it.

What manual step does the API replace?

Nothing about drafting or reviewing a NOCI moves. What moves is the submission channel. A VeRO takedown in Brand Protector has three possible submission_method values, chosen per tenant by what that tenant has connected:

MethodWhen it’s usedHow the notice reaches eBay
apiOAuth-connected AND entitlement is not not_entitledcreateVeroReport fires the instant attestation passes
form_pasteVeRO-enrolled but not API-connectedA human pastes the drafted notice into the VeRO Portal
emailNeither of the aboveEmail NOCI to vero@ebay.com

The API path is strictly additive: the human-readable NOCI body is still generated for every takedown — it’s the record, and the fallback if a tenant later disconnects. The API branch just carries the extra structured fields (reason-code ids, message to seller, country) the endpoint needs alongside it.

What do you need before API filing works?

Two things, and they are separate grants that fail in different places. Getting this distinction wrong is the single most common source of “I connected it but nothing files” confusion.

  • VeRO Program membership, then API reporting on your account. Membership is a legal enrollment — you email a completed NOCI plus proof of IP ownership to vero@ebay.com. No software files that for you. Separately, the exact eBay user account you connect needs an API-reporting subscription, which is bound to that user id, not to your brand or to our app.
  • An OAuth connection from that account.A workspace owner or admin connects the eBay account once from Settings → Legal. eBay redirects back, we store a per-tenant refresh token in Secret Manager, and short-lived access tokens are minted on demand and never stored.

Here is the trap the integration is built around: OAuth connect succeeds even for an account that has membership but notthe API-reporting subscription. The consent screen, the callback, the “Connected” badge all complete — and the entitlement failure only surfaces at the first filing, as an HTTP 403. So a connect-time probe checks entitlement up front and the card warns you before you ever draft. (Verified against eBay on 2026-07-10; entitlement is a per-account state that consent-time OAuth never checks.)

The connect → attest → file flow, step by step

  1. Connect once. An owner or admin clicks Connect eBay VeRO APIin Settings → Legal. That starts an OAuth flow; on return we stamp the account as connected and run the read-only entitlement probe. If the probe (or a later Re-check) comes back not_entitled— eBay’s own 403 verdict — the card shows the remediation and drafts fall back to portal or email until it’s fixed.
  2. Draft and review as always.The detection is confirmed, a human reviews it (the anti-rubber-stamp step), and the NOCI body is generated. Nothing about this is API-specific — it’s the same flow the portal and email methods use.
  3. Attest.At admin attestation the operator sees the exact eBay reason code and eBay’s brief text they’re swearing to, and confirms the specific identifier. This is the only place the sworn good-faith certification is captured, because eBay’s API request body has no declaration field. It runs before the call — never after.
  4. File. The instant attestation passes, the app mints an access token and calls createVeroReport. On a 201, eBay’s write-once report id is persisted as the takedown’s reference number, an audit row is written, and the takedown moves to submitted.
  5. Check status when you want it. eBay reports asynchronously with no inbound reply to parse, so a Check status action calls getVeroReport by the stored id on demand and reads back the report and item status.

Which reason code gets sent, and why the conservative one?

eBay’s VeRO reasons are a fixed, per-marketplace code list. Brand Protector maps its two honest claim types to the least-overclaiming codes available:

  • Trademark → 9038 “listing contains unlawful use of trademark.” Deliberately not9036 (“item is a counterfeit product which infringes a trademark”). Your monitoring establishes unlawful use of your mark; it does not, on its own, prove the physical good is counterfeit. Claiming the narrower, provable thing is the defensible posture — overclaiming counterfeit is precisely the kind of statement that draws a bad-faith-notice challenge.
  • Copyright → 9046 “listing contains unlawful copy of copyrighted image.” Our copyright detections are image-similarity based, so the image code is the precise claim rather than a broader copyright assertion.

These are EBAY_US ids verified against eBay’s getVeroReasonCodeson 2026-07-09 and treated as pinned constants, not fetched live at submit time. Because reason codes are per-marketplace and can change, they carry a re-verify-before-expansion note in the code — and the operator sees the chosen code plus eBay’s own brief text in the attestation modal, so nothing is filed behind their back.

What does eBay decide, not us?

This is where honesty about an external system matters most. The connect-time probe stamps one of three entitlement states, and only one of them is treated as certain:

  • not_entitledis definitive — it only ever comes from eBay’s own 403 (errorId 235002 “subscription missing” or 235003 “insufficient subscription level”), via the probe, a Re-check, or a real filing. It drives behavior: newly drafted eBay VeRO takedowns fall back to portal or email automatically.
  • entitled is advisory. It means the read probe reached VeRO resource resolution without hitting the entitlement gate — an inference that filing shouldwork, not a promise from eBay. The filing path’s own 403 handling stays authoritative.
  • unknownis exactly that — the probe couldn’t decide (a 5xx, a network or token failure, a timeout) or has never run. It never downgrades anything, and an inconclusive Re-check never overwrites a stored definitive verdict.

The plain-language version we hold ourselves to: filing should work; eBay gives the final verdict at your first filing.We don’t promise entitlement, and we don’t render a confident green state that eBay hasn’t actually confirmed. If a filing does 403, the takedown stays drafted — nothing is marked submitted — and you can retry or disconnect to fall back. That failure-stays-honest behavior is the same discipline behind keeping false positives out of your takedown pipeline in general.

Where the API fits your existing takedown discipline

The VeRO API doesn’t make takedowns hands-off. It removes one clerical step — the portal paste — from a workflow whose judgment steps are all still there. Every eBay VeRO notice clears the triple-validated gate before it’s filed, the same as an Amazon counterfeit report does, and the same evidence discipline applies: the evidence pack that backs the notice is built whether it goes out by API, portal, or email. What you gain is speed and a clean audit trail on the transmission itself — the report id comes straight back from eBay and lives on the takedown record.

eBay VeRO API filing ships in Brand Protector’s $199/mo all-in plan with a 7-day trial, alongside the marketplace takedown workflow across Amazon, Walmart, eBay and more. If you want to see the connect flow and the attestation gate in a real workspace, take the product tour or read how marketplace takedowns work end to end.

This is not legal advice. VeRO Program membership, API-reporting entitlement, reason-code definitions, and eBay’s intake process are eBay’s to define and can change; verify the current requirements with eBay and your own counsel before filing.

Frequently asked questions

Can you file eBay VeRO reports via API?

Yes. eBay's Commerce VeRO API exposes createVeroReport, which files a Notice of Claimed Infringement (NOCI) programmatically instead of a human pasting it into the VeRO Portal or emailing vero@ebay.com. Brand Protector calls it the moment an operator completes the in-app attestation gate. It requires an OAuth-connected eBay account that is an active VeRO Program member with API reporting enabled — API filing is not available to non-members.

Do you need to be a VeRO member to use the API?

Yes. VeRO Program membership is a legal enrollment (you email a completed NOCI plus proof of IP ownership to vero@ebay.com) that no software can automate on your behalf. On top of membership, the specific eBay user account you OAuth-connect needs an API-reporting subscription — a separate grant. Without both, createVeroReport returns HTTP 403 and Brand Protector falls back to the VeRO Portal or an email notice.

Does automated filing skip the human review step?

No. The API changes only how the notice is transmitted, not whether it is reviewed. Every eBay VeRO takedown still clears the same triple-step gate — AI confirmation, then human review, then admin attestation with an explicit identifier confirmation — before createVeroReport is ever called. eBay's API request body carries no sworn-declaration field, so the in-app attestation is the only place the good-faith certification is captured; it must run first.

What eBay reason codes does the API use for trademark and copyright?

Brand Protector maps a trademark claim to reason code 9038 (“listing contains unlawful use of trademark”) and a copyright claim to 9046 (“listing contains unlawful copy of copyrighted image”). 9038 is deliberately the conservative choice over the counterfeit code 9036 — monitoring establishes unlawful use, not that the physical good is counterfeit. These are EBAY_US ids verified against getVeroReasonCodes on 2026-07-09; they are per-marketplace and can change, so re-verify before relying on them elsewhere.

How do you know a filing will be accepted before you send it?

You don't get a guarantee. A connect-time probe stamps an entitlement state — entitled, not_entitled, or unknown — but only not_entitled (which comes from eBay's own 403 verdict) is treated as definitive. An entitled reading is an advisory inference from a read probe; eBay gives the final verdict at the first real filing. The honest framing is “filing should work; eBay decides.”

What happens if the API call fails?

The takedown stays in drafted status — nothing is marked submitted. The operator can retry, or disconnect the account to fall back to the VeRO Portal (if the account is enrolled) or an email NOCI. If eBay returns a 403 with errorId 235002 or 235003, the tenant's entitlement flag flips to not_entitled and newly drafted eBay VeRO takedowns route to portal or email automatically until the subscription is enabled.

Is the report status available after filing?

Yes, on demand. eBay returns a write-once report id in the createVeroReport response, which Brand Protector stores as the takedown's reference number. A “Check status” action calls getVeroReport by that id and reads back eBay's report and item status. eBay reports asynchronously and there's no inbound reply to parse, so status is pull-based; losing the stored report id means losing API status access for that packet.

Stop filing takedowns by hand.

Daily scans find the listings, evidence packs are built for each platform's intake, and a triple-validated gate reviews every notice before it's filed.

7-day free trial · card required, no charge until day 8 · cancel in-app