REST APIs
    Get Started with PayPal REST APIs
    Authentication
    Postman Guide
    API requests
    API responses
    Core Resources
    Overview
    API Integration
    Release Notes
    Add Tracking
    Catalog Products
    Disputes
    Identity
    Invoicing
    Orders
    Partner Referrals
    Payment Experience
    Payment Method Tokens
    Payments
    Payouts
    Referenced Payouts
    Subscriptions
    Transaction Search
    Webhooks Management
    Webhooks
    Overview
    Webhook event names
    Webhooks Events dashboard
    Webhooks simulator
    Integration
    Sandbox
    Overview
    Accounts
    Bulk Accounts
    Card testing
    Codespaces
    PayPal for Visual Studio Code
    Negative Testing
    Go Live
    Production Environment
    PayPal Application Guidelines
    PayPal Security Guidelines
    Rate Limiting Guidelines
    Idempotency
    Troubleshooting
    Not authorized
    Resource not found
    Unprocessable entity
    Validation error
    Reference
    Currency Codes
    Country Codes
    State & Province Codes
    Locale codes
    Deprecated Resources
    Deprecated resources
    Billing Agreements
    Billing Plans
    Invoicing v1
    Orders v1
    Partner Referrals v1
    Payments v1

Authentication

PayPal REST APIs use OAuth 2.0 access tokens to authenticate requests. Your access token authorizes you to use the PayPal REST API server.

To call a REST API in your integration, you'll need to exchange your client ID and client secret for an access token. You can find your client ID and client secret by following the instructions in Get started with PayPal APIs.

You can make the API call in any programming language. The following examples show you how to get your access token using cURL or Postman.

cURL

Copy the following code and modify it:

1curl -v -X POST "https://api-m.sandbox.paypal.com/v1/oauth2/token" \
2 -u "CLIENT_ID:CLIENT_SECRET" \
3 -H "Content-Type: application/x-www-form-urlencoded" \
4 -d "grant_type=client_credentials"
  1. Change CLIENT_ID to your client ID.
  2. Change CLIENT_SECRET to your secret.
Note: Encode CLIENT_ID:CLIENT_SECRET in Base64 before sending it in the API call.

Postman

In the Postman app, complete the following:

  1. Set the verb to POST.
  2. Enter https://api-m.sandbox.paypal.com/v1/oauth2/token as the request URL.
  3. Select the Authorization tab.
  4. From the TYPE list, select Basic Auth.
  5. In the Username field, enter your client ID.
  6. In the Password field, enter your secret.
  7. Select the Body tab.
  8. Select the x-www-form-urlencoded option.
  9. In the KEY field, enter grant_type.
  10. In the VALUE field, enter client_credentials.
  11. Select Send.

Step result

PayPal returns an access token and the number of seconds the access token is valid. When you make calls to a REST API, include the access token in the authorization header: -H Authorization: Bearer ACCESS-TOKEN. When your access token expires, call /v1/oauth2/token again to request a new access token.

Sample response

1{
2 "scope": "https://uri.paypal.com/services/invoicing https://uri.paypal.com/services/disputes/read-buyer https://uri.paypal.com/services/payments/realtimepayment https://uri.paypal.com/services/disputes/update-seller https://uri.paypal.com/services/payments/payment/authcapture openid https://uri.paypal.com/services/disputes/read-seller https://uri.paypal.com/services/payments/refund https://api-m.paypal.com/v1/vault/credit-card https://api-m.paypal.com/v1/payments/.* https://uri.paypal.com/payments/payouts https://api-m.paypal.com/v1/vault/credit-card/.* https://uri.paypal.com/services/subscriptions https://uri.paypal.com/services/applications/webhooks",
3 "access_token": "A21AAFEpH4PsADK7qSS7pSRsgzfENtu-Q1ysgEDVDESseMHBYXVJYE8ovjj68elIDy8nF26AwPhfXTIeWAZHSLIsQkSYz9ifg",
4 "token_type": "Bearer",
5 "app_id": "APP-80W284485P519543T",
6 "expires_in": 31668,
7 "nonce": "2020-04-03T15:35:36ZaYZlGvEkV4yVSz8g6bAKFoGSEzuy3CQcz3ljhibkOHg"
8}
Reference
PayPal.com
Privacy
Support
Legal
Contact