Меню

Paypal API Connection Features

logo
In this article we will consider the REST API, which allows to conveniently interact with all the Paypal entities.
Paypal API Connection Features

API Paypal integration tips

The Paypal service provides two APIs: REST and IPN.

In this article we will consider the REST API, which allows to conveniently interact with all the Paypal entities.

API Paypal is a JSON API. Paypal provides two environments: the production, https://api.paypal.com/, and the sandbox, https://api.sandbox.paypal.com/.

To protect the requests Paypal use OAuth 2.0 authentication, so one have to get an access token. The token can be obtain by sending a POST-request to "v1/oauth2/token" path with the "grant_type" key and the "client_credentials" value. Also pass the "Authorization" header with the following value "Basic " . base64_encode("$clientId:$secret").

Now you will be able to sign all your requests with the token for some time. $clientId and $secret one can find directly from the Paypal website account section. Also the section can be used to change the application mode, production/sandbox. You can use JSON-formatted data to send for all the routes except the OAuth 2.0 token route.

It is enought to have the token to use the Payments API. Therefore one can send payments, see payment history and so on. But by default the payment history is not accessible, you have to allow the access in the Paypal website account section. The sandbox environment payment history is empty by default, so you have to make some test payments to be able to test the refund functionality.

Some routes have the additional protection. You have to sign the request on more time. Pass the "PayPal-Auth-Assertion" header and use base64-encoded JSON-formatted arrays, ['alg' => 'none'] and ['iss' => $clientId, 'email' => $email], concatenated by a dot, ".".

The parameter $clientId we mentioned before and $email - is the email address, you register you Paypal account with. Be careful, in for the sandbox environment you should use a different test email, provided by Paypal, see the account section of the Paypal website.

Besides, you can also replace the "email" key and use the "payer_id" key with your account's "payer_id" as value. Also it should be noticed again that you have to use a dot to concatenate your base64-encoded string, so the result string have to include dots, the Paypal service will use it later as a delimiter.

For example in case of PHP the second signature generation method will look like this:

private function getPaypalAuthAssertion($email, $clientId) {
   $joseHeader = base64_encode(json_encode(['alg' => 'none']));
   $payload = base64_encode(json_encode([
        'iss' => $clientId,
        'email' => $email,
   ]));
   return $joseHeader . '.' . $payload;
}

To provide the error processing in the right way you should take into account that the Paypal service return two types of errors: access errors, if token is wrong for example, and validation errors. So you must have two mechanisms of errors messages reformatting.

Asabix Wins Clutch Award for Top Developer in Ukraine 20.05.2021 Asabix Wins Clutch Award for Top Developer in Ukraine
Today, there’s about 200 million active websites and 1.8 billion web applications. These numbers continue to grow each day, adding more to the clutter. The only way to stand out from the crowd these days is through innovation and creativity—and that’s where we come in!

Admitad API Connection Experience 20.09.2019 Admitad API Connection Experience
Admitad is a global affiliate network with a large selection of affiliate programs, high rates, express payments, and many tools.

Back to the list