Identity API

Log In with PayPal (formerly PayPal Access) is a commerce identity solution that enables your customers to sign in to your web site quickly and securely using their PayPal login credentials. Log In with PayPal utilizes the latest security standards, and you don't have to worry about storing user data on your system.

For more information, learn about Log In with PayPal.

Get user information

GET /v1/identity/openidconnect/userinfo

Use this call to retrieve user profile attributes.

Parameters

Pass the schema that is used to return as per openidconnect protocol. The only supported schema value is openid.

schema

query_string enum

required

Filters the response by a schema value. Valid value is openid.

Possible values: openid.

SDK samples: Node.js, PHP, Python

Sample Request

curl -v -X GET https://api.sandbox.paypal.com/v1/oauth2/token/userinfo?schema=openid \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer Access-Token"

Response

Returns a userinfo object, containing user profile attributes. The attributes returned depend on the scopes configured for the REST app. For example, if the address scope is not configured for the app, the response does not include the address attribute.

user_id

string

Identifier for the end-user at the issuer.

Read only.
sub

string

The subject ID for the end user at the issuer.

Read only.
name

string

End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the end-user's locale and preferences.

Read only.
given_name

string

Given name(s) or first name(s) of the end-user.

Read only.
family_name

string

Surname(s) or last name(s) of the end-user.

Read only.
middle_name

string

The middle name of the end user.

Read only.
picture

string

The URL of the end user's profile picture.

Read only.
email

string

End-user's preferred email address.

Read only.
email_verified

boolean

True if the End-User's e-mail address has been verified; otherwise false.

Read only.
gender

string

End-user's gender.

Read only.
birthdate

string

End-user's birthday, represented as an YYYY-MM-DD format. They year MAY be 0000, indicating it is omited. To represent only the year, YYYY format would be used.

Read only.
zoneinfo

string

Time zone database representing the End-User's time zone.

Read only.
locale

string

End-user's locale.

Read only.
phone_number

string

End-user's preferred telephone number.

Read only.
address

object

End-user's preferred address.

Read only.
verified_account

boolean

Verified account status.

Read only.
account_type

enum

Account type, either personal or business.

Read only.

Possible values: PERSONAL, BUSINESS, PREMIER.
age_range

string

Account holder age range.

Read only.
payer_id

string

Account payer identifier.

Read only.

Sample Response

{
  "address": {
    "street_address": "7917394 Annursnac Hill Road Unit 0C",
    "locality": "Ventura",
    "region": "CA",
    "postal_code": "93003",
    "country": "US"
  }
}

Common object definitions

address

street_address

string

The full street address. Can include the house number and street name.

Read only.
locality

string

The city or locality.

Read only.
region

string

The state, province, prefecture, or region.

Read only.
postal_code

string

The zip code or postal code.

Read only.
country

string

The country.

Read only.

link

href

string

The URL of the related HATEOAS link that you can use for subsequent calls.
rel

string

The link relationship. Describes how this link relates to the previous call. For example, use a self link to show details for the current call. Use a parent_payment link to show details for the parent payment. The rel value can also be a related call, such as execute or refund.
method

string

The HTTP method required to make the related call.

userinfo

user_id

string

The ID of the end user at the issuer.

Read only.
sub

string

The subject ID for the end user at the issuer.

Read only.
name

string

The end user's full name in displayable form including all name parts. Possibly includes titles and suffixes sorted according to the end user's locale and preferences.

Read only.
given_name

string

The given, or first, name or names of the end user.

Read only.
family_name

string

The surname, or last name or names, of the end user.

Read only.
middle_name

string

The middle name of the end user.

Read only.
picture

string

The URL of the end user's profile picture.

Read only.
email

string

The end user's preferred e-mail address.

Read only.
email_verified

boolean

Indicates whether the end user's email address is verified.

Read only.
gender

string

The end user's gender.

Read only.
birthdate

string

The end user's birthday, in YYYY-MM-DD format. The year MAY be 0000, which indicates that the year is omitted. To represent only the year, use the YYYY format.

Read only.
zoneinfo

string

The end user's time zone.

Read only.
locale

string

The end user's locale.

Read only.
phone_number

string

The end user's preferred telephone number.

Read only.
address

object

The end user's preferred address.

Read only.
verified_account

boolean

The verified account status.

Read only.
account_type

enum

An enumeration of the account types.

Read only.

Possible values: PERSONAL, BUSINESS, PREMIER.
age_range

string

The account holder's age range.

Read only.
payer_id

string

The ID of the account payer.

Read only.

Error messages

In addition to common HTTP status codes that the REST APIs return, the Identity API can return the following errors.

INVALID_CLIENT

Invalid client credentials Invalid credentials provided in authentication header. Set the correct Base64-encoded clientID:clientsecret in the authentication header.
INVALID_REQUEST

Invalid request Incorrect parameter provided. Check for typos and send the correct input parameter.
INVALID_REQUEST

Invalid access token Incorrect access token provided as bearer token. Send a valid access token as bearer token.
INTERNAL_SERVER_ERROR

Internal server error An internal server error has occurred. Check for error messages in the response.

schema

Sample Request

user_id

sub

name

given_name

family_name

middle_name

picture

email

email_verified

gender

birthdate

zoneinfo

locale

phone_number

address

verified_account

account_type

age_range

payer_id

Sample Response

street_address

locality

region

postal_code

country

href

rel

method

user_id

sub

name

given_name

family_name

middle_name

picture

email

email_verified

gender

birthdate

zoneinfo

locale

phone_number

address

verified_account

account_type

age_range

payer_id

Additional API information

Error messages

INVALID_CLIENT

INVALID_REQUEST

INVALID_REQUEST

INTERNAL_SERVER_ERROR

`schema`

`user_id`

`sub`

`name`

`given_name`

`family_name`

`middle_name`

`picture`

`email`

`email_verified`

`gender`

`birthdate`

`zoneinfo`

`locale`

`phone_number`

`address`

`verified_account`

`account_type`

`age_range`

`payer_id`

`street_address`

`locality`

`region`

`postal_code`

`country`

`href`

`rel`

`method`

`user_id`

`sub`

`name`

`given_name`

`family_name`

`middle_name`

`picture`

`email`

`email_verified`

`gender`

`birthdate`

`zoneinfo`

`locale`

`phone_number`

`address`

`verified_account`

`account_type`

`age_range`

`payer_id`

`INVALID_CLIENT`

`INVALID_REQUEST`

`INVALID_REQUEST`

`INTERNAL_SERVER_ERROR`