Identity API

Log In with PayPal (formerly PayPal Access) is a commerce identity solution that enables your customers to sign in to your web site quickly and securely using their PayPal login credentials. Log In with PayPal utilizes the latest security standards, and you don't have to worry about storing user data on your system.

For more information, learn about Log In with PayPal.

Get user information

GET /v1/identity/openidconnect/userinfo

Use this call to retrieve user profile attributes.

Parameters

Pass the schema that is used to return as per openidconnect protocol. The only supported schema value is openid.

  • schema

    query_string enum

    required

    Filters the response by a schema value. Valid value is openid.

    Possible values: openid.

SDK samples: Node.js, PHP, Python

Sample Request

curl -v -X GET https://api.sandbox.paypal.com/v1/oauth2/token/userinfo?schema=openid \
-H "Content-Type:application/json" \
-H "Authorization: Bearer Access-Token"

Response

Returns a userinfo object, containing user profile attributes. The attributes returned depend on the scopes configured for the REST app. For example, if the address scope is not configured for the app, the response does not include the address attribute.

  • user_id

    string

    Identifier for the end-user at the issuer.

    Read only.

  • sub

    string

    The subject ID for the end user at the issuer.

    Read only.

  • name

    string

    End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the end-user's locale and preferences.

    Read only.

  • given_name

    string

    Given name(s) or first name(s) of the end-user.

    Read only.

  • family_name

    string

    Surname(s) or last name(s) of the end-user.

    Read only.

  • middle_name

    string

    The middle name of the end user.

    Read only.

  • picture

    string

    The URL of the end user's profile picture.

    Read only.

  • email

    string

    End-user's preferred email address.

    Read only.

  • email_verified

    boolean

    True if the End-User's e-mail address has been verified; otherwise false.

    Read only.

  • gender

    string

    End-user's gender.

    Read only.

  • birthdate

    string

    End-user's birthday, represented as an YYYY-MM-DD format. They year MAY be 0000, indicating it is omited. To represent only the year, YYYY format would be used.

    Read only.

  • zoneinfo

    string

    Time zone database representing the End-User's time zone.

    Read only.

  • locale

    string

    End-user's locale.

    Read only.

  • phone_number

    string

    End-user's preferred telephone number.

    Read only.

  • address

    object

    End-user's preferred address.

    Read only.

  • verified_account

    boolean

    Verified account status.

    Read only.

  • account_type

    enum

    Account type, either personal or business.

    Read only.

    Possible values: PERSONAL, BUSINESS, PREMIER.

  • age_range

    string

    Account holder age range.

    Read only.

  • payer_id

    string

    Account payer identifier.

    Read only.

Sample Response

{
  "address": {
    "street_address": "7917394 Annursnac Hill Road Unit 0C",
    "locality": "Ventura",
    "region": "CA",
    "postal_code": "93003",
    "country": "US"
  }
}

Common object definitions

address

  • street_address

    string

    The full street address. Can include the house number and street name.

    Read only.

  • locality

    string

    The city or locality.

    Read only.

  • region

    string

    The state, province, prefecture, or region.

    Read only.

  • postal_code

    string

    The zip code or postal code.

    Read only.

  • country

    string

    The country.

    Read only.

userinfo

  • user_id

    string

    The ID of the end user at the issuer.

    Read only.

  • sub

    string

    The subject ID for the end user at the issuer.

    Read only.

  • name

    string

    The end user's full name in displayable form including all name parts. Possibly includes titles and suffixes sorted according to the end user's locale and preferences.

    Read only.

  • given_name

    string

    The given, or first, name or names of the end user.

    Read only.

  • family_name

    string

    The surname, or last name or names, of the end user.

    Read only.

  • middle_name

    string

    The middle name of the end user.

    Read only.

  • picture

    string

    The URL of the end user's profile picture.

    Read only.

  • email

    string

    The end user's preferred e-mail address.

    Read only.

  • email_verified

    boolean

    Indicates whether the end user's email address is verified.

    Read only.

  • gender

    string

    The end user's gender.

    Read only.

  • birthdate

    string

    The end user's birthday, in YYYY-MM-DD format. The year MAY be 0000, which indicates that the year is omitted. To represent only the year, use the YYYY format.

    Read only.

  • zoneinfo

    string

    The end user's time zone.

    Read only.

  • locale

    string

    The end user's locale.

    Read only.

  • phone_number

    string

    The end user's preferred telephone number.

    Read only.

  • address

    object

    The end user's preferred address.

    Read only.

  • verified_account

    boolean

    The verified account status.

    Read only.

  • account_type

    enum

    An enumeration of the account types.

    Read only.

    Possible values: PERSONAL, BUSINESS, PREMIER.

  • age_range

    string

    The account holder's age range.

    Read only.

  • payer_id

    string

    The ID of the account payer.

    Read only.

Additional API information

Error messages

In addition to common HTTP status codes that the REST APIs return, the Identity API can return the following errors.

  • INVALID_CLIENT

    Invalid client credentials Invalid credentials provided in authentication header. Set the correct Base64-encoded clientID:clientsecret in the authentication header.

  • INVALID_REQUEST

    Invalid request Incorrect parameter provided. Check for typos and send the correct input parameter.

  • INVALID_REQUEST

    Invalid access token Incorrect access token provided as bearer token. Send a valid access token as bearer token.

  • INTERNAL_SERVER_ERROR

    Internal server error An internal server error has occurred. Check for error messages in the response.