User Info API

Log in with PayPal (formerly Connect with PayPal) is a commerce identity solution that enables your customers to sign in to your web site quickly and securely using their PayPal login credentials. Log in with PayPal uses the latest security standards. You do not need to store user data on your system. For more information, see Log in with PayPal.

Userinfo (resource group)

Use the /userinfo resource to show user information details.

Show user profile information

GET/v1/identity/oauth2/userinfo

Shows user profile information. Filters the response by a schema. Supported schema value is paypalv1.1.

Query parameters

schema
string
required
Filters the response by a schema. Supported value is paypalv1.1.

Header parameters

Authorization
string
required
Bearer token with required permissions.

Sample Request

curl -v -X GET https://api-m.sandbox.paypal.com/v1/identity/oauth2/userinfo?schema=paypalv1.1 \
-H "Content-Type: application/json" \
-H "Authorization: Bearer Access-Token"

Response

A successful request returns the HTTP 200 OK status code and a JSON response body that shows user profile information.

address
object
The end-user's preferred address.
business_address
object
The preferred business address.
business_category
string
category of the business. e.g travel
Maximum length: 100.
business_name
string
business entity name
Maximum length: 300.
business_phone
string
business phone
Maximum length: 50.
emails
array (contains the email object)
An array of email addresses for the user.
Note: Up to 64 characters are allowed before and 255 characters are allowed after the @ sign. However, the generally accepted maximum length for an email address is 254 characters. The pattern verifies that an unquoted @ sign exists.
family_name
string
The surname or family name of the user. Also known as the last name. Used also to store multiple surnames including the matronymic, or mother's, surname.
given_name
string
The given, or first, name of the user.
name
string
The full name of the user. Includes all name parts, including titles and suffixes. The user's locale and preferences determine the syntax.
payer_id
string
The end user's external PayPal account ID. Returned only if the access_token has the https://uri.paypal.com/services/paypalattributes scope.
sub
string
Subject identifier
user_id
string
The Private Personal Identifier (PPID) that is unique for the end user and Relying Party.
verified
boolean
The end user’s PayPal account status. Indicates whether the account is verified or not.
verified_account
boolean
The end user’s PayPal account status. Indicates whether the account is verified or not.

Sample Response

{
  "user_id": "https://www.paypal.com/webapps/auth/identity/user/mWq6_1sU85v5EG9yHdPxJRrhGHrnMJ-1PQKtX6pcsmA",
  "name": "identity test",
  "given_name": "identity",
  "family_name": "test",
  "payer_id": "WDJJHEBZ4X2LY",
  "address": {
    "street_address": "1 Main St",
    "locality": "San Jose",
    "region": "CA",
    "postal_code": "95131",
    "country": "US"
  },
  "verified_account": true,
  "emails": [
    {
      "value": "user1@example.com",
      "primary": true
    }
  ]
}

Account settings (resource group)

Use the /account-settings resource to set and disable merchant account settings.

Set account properties

POST/v1/identity/account-settings

Sets the account properties.

Header parameters

Authorization
string
required
Bearer token with required permissions.
Content-Type
string
required
Request content type.

Request body

account_property
enum
required
The property for an account.
The possible values are:
- BRAINTREE_MERCHANT. A Braintree merchant.
features
object
required
An array of merchant preference categories.

Sample Request

curl -v -X POST https://api-m.sandbox.paypal.com/v1/identity/account-settings \
-H "Content-Type: application/json" \
-H "Authorization: Bearer Access-Token" \
-d '{
  "account_property": "BRAINTREE_MERCHANT",
  "features": {
    "categories": [
      {
        "name": "PAYMENT",
        "groups": [
          {
            "name": "AUTH_SETTLE",
            "preferences": [
              {
                "name": "ENABLE_ENHANCED_AUTH_SETTLE",
                "value": "true"
              }
            ]
          }
        ]
      }
    ]
  }
}'

Response

A successful request returns the HTTP 201 Created status code with no JSON response body.

Sample Response

201 Created

Disable account properties

POST/v1/identity/account-settings/deactivate

Disables account properties.

Header parameters

Authorization
string
required
Bearer token with required permissions.
Content-Type
string
required
Content type of the request.

Request body

account_property
enum
The name of the account property name to disable.
The possible values are:
- BRAINTREE_MERCHANT. A Braintree merchant.

Sample Request

curl -v -X POST https://api-m.sandbox.paypal.com/v1/identity/account-settings/deactivate \
-H "Content-Type: application/json" \
-H "Authorization: Bearer Access-Token" \
-d '{
  "account_property": "BRAINTREE_MERCHANT"
}'

Response

A successful request returns the HTTP 204 No Response status code with no JSON response body.

Sample Response

204 No Content

Common object definitions

account_property

account_property
enum
The property for an account.
The possible values are:
- BRAINTREE_MERCHANT. A Braintree merchant.

account_settings

account_property
enum
required
The property for an account.
The possible values are:
- BRAINTREE_MERCHANT. A Braintree merchant.
features
object
required
An array of merchant preference categories.

address

country
string
The country name.
locality
string
The city or locality.
postal_code
string
The zip code or postal code.
region
string
The state, province, prefecture, or region.
street_address
string
The full street address component. Can include house number, street name.

address

businessCity
string
The city of prefered business address.
Maximum length: 200.
businessCountry
string
The country of of prefered business address.
Maximum length: 200.
businessPostalCode
string
The zip code of prefered business address.
Maximum length: 200.
businessState
string
The state of preferered business address
Maximum length: 300.
businessStreet1
string
Can include house number, street name
Maximum length: 300.
businessStreet2
string
Can include street number and street name
Maximum length: 300.
businessStreetAddress
string
The full street address component. Can include house number, street name.
Maximum length: 200.
business_city
string
The city of prefered business address.
Maximum length: 200.
business_country
string
The country of of prefered business address.
Maximum length: 200.
business_postal_code
string
The zip code of prefered business address.
Maximum length: 200.
business_state
string
The state of preferered business address
Maximum length: 300.
business_street1
string
Can include house number, street name
Maximum length: 300.
business_street2
string
Can include street number and street name
Maximum length: 300.
business_street_address
string
The full street address component. Can include house number, street name.
Maximum length: 200.

category_collection

categories
array (contains the category object)
An array of categories.

disable_account_property

account_property
enum
The name of the account property name to disable.
The possible values are:
- BRAINTREE_MERCHANT. A Braintree merchant.

email

value
string
required
The email address for the user, in canonical format.
primary
boolean
Indicates whether this email address is the primary email address.
type
string
The email type. For example, work or home.

error

debug_id
string
required
The PayPal internal ID. Used for correlation purposes.
message
string
required
The message that describes the error.
name
string
required
The human-readable, unique name of the error.
details
array (contains the error_details object)
An array of additional details about the error.
information_link
string
The information link, or URI, that shows detailed information about this error for the developer.
Read only.
links
array (contains the link_description object)
An array of request-related HATEOAS links.
Read only.

error_details

issue
string
required
The unique, fine-grained application-level error code.
description
string
The human-readable description for an issue. The description can change over the lifetime of an API, so clients must not depend on this value.
field
string
The field that caused the error. If this field is in the body, set this value to the field's JSON pointer value. Required for client-side errors.
location
string
The location of the field that caused the error. Value is body, path, or query.
value
string
The value of the field that caused the error.

group

name
string
required
The group name.
description
string
The group description.
preferences
array (contains the preference object)
An array of preferences in this group.
subgroups
array (contains the subgroup object)
An array of sub-groups.

link_description

href
string
required
The complete target URL. To make the related call, combine the method with this URI Template-formatted link. For pre-processing, include the $, (, and ) characters. The href is the key HATEOAS component that links a completed call with a subsequent call.
rel
string
required
The link relation type, which serves as an ID for a link that unambiguously describes the semantics of the link. See Link Relations.
method
enum
The HTTP method required to make the related call.
Possible values: GET,POST,PUT,DELETE,HEAD,CONNECT,OPTIONS,PATCH.

override_notification_settings

preference

name
string
required
The preference name.
value
string
required
The current preference value.
description
string
The preference description.
memo
string
An optional memo. Used for activity logging. Meaningful only during create and update operations.
override_notification_settings
object
The override notification settings. The client can override the notification settings when the preference is changed to a particular state or value. Meaningful only during create and update operations.
status
enum
The status of the preference.
The possible values are:
- A. Active.
- I. Inactive.
supported_countries
array (contains the supported_country object)
An array of supported countries supported. If you omit this parameter, default is the preference metadata country list.
supported_languages
array (contains the supported_language object)
An array of supported languages. If you omit this value, default is the preference metadata language list.
time_created
string
The date and time when the preference was created, in Internet date and time format. Available only for a set of preferences, such as the presentation settings. Meaningful only for the GET operation. This value is ignored during the update operation.
time_updated
string
The date and time when the preference was last changed, in Internet date and time format. Available only for a set of preferences, such as the presentation settings. Meaningful only for the GET operation. This value is ignored during the update operation.

subgroup

name
string
required
The subgroup name.
preferences
array (contains the preference object)
required
An array of preferences in this group.
description
string
The subgroup description.

supported_country

supported_country
string
The country code.

supported_language

supported_language
string
The language code.

userinfo

user_id
string
required
The Private Personal Identifier (PPID) that is unique for the end user and Relying Party.
address
object
The end-user's preferred address.
business_address
object
The preferred business address.
business_category
string
category of the business. e.g travel
Maximum length: 100.
business_name
string
business entity name
Maximum length: 300.
business_phone
string
business phone
Maximum length: 50.
emails
array (contains the email object)
An array of email addresses for the user.
Note: Up to 64 characters are allowed before and 255 characters are allowed after the @ sign. However, the generally accepted maximum length for an email address is 254 characters. The pattern verifies that an unquoted @ sign exists.
family_name
string
The surname or family name of the user. Also known as the last name. Used also to store multiple surnames including the matronymic, or mother's, surname.
given_name
string
The given, or first, name of the user.
name
string
The full name of the user. Includes all name parts, including titles and suffixes. The user's locale and preferences determine the syntax.
payer_id
string
The end user's external PayPal account ID. Returned only if the access_token has the https://uri.paypal.com/services/paypalattributes scope.
sub
string
Subject identifier
verified
boolean
The end user’s PayPal account status. Indicates whether the account is verified or not.
verified_account
boolean
The end user’s PayPal account status. Indicates whether the account is verified or not.

Error messages

In addition to the common HTTP status codes that the REST APIs return, the User Info API can return the following errors.

INVALID_CLIENT
Invalid client credentials.
Invalid credentials provided in authentication header. Set the correct Base64-encoded clientID:clientsecret in the authentication header.
INVALID_REQUEST
Invalid request.
Incorrect parameter provided. Check for typos and send the correct input parameter.
INVALID_TOKEN
Invalid access token.
Incorrect access token provided as bearer token. Send a valid access token as the bearer token.
INTERNAL_SERVER_ERROR
Internal server error.
An internal server error has occurred. Check for error messages in the response.

schema

Authorization

Sample Request

address

business_address

business_category

business_name

business_phone

emails

family_name

given_name

name

payer_id

sub

user_id

verified

verified_account

Sample Response

Authorization

Content-Type

account_property

features

Sample Request

Sample Response

Authorization

Content-Type

account_property

Sample Request

Sample Response

account_property

account_property

features

country

locality

postal_code

region

street_address

businessCity

businessCountry

businessPostalCode

businessState

businessStreet1

businessStreet2

businessStreetAddress

business_city

business_country

business_postal_code

business_state

business_street1

business_street2

business_street_address

groups

name

description

categories

account_property

value

primary

type

debug_id

message

name

details

information_link

links

issue

description

field

location

value

name

description

preferences

subgroups

href

rel

method

name

value

description

`schema`

`Authorization`

`address`

`business_address`

`business_category`

`business_name`

`business_phone`

`emails`

`family_name`

`given_name`

`name`

`payer_id`

`sub`

`user_id`

`verified`

`verified_account`

`Authorization`

`Content-Type`

`account_property`

`features`

`Authorization`

`Content-Type`

`account_property`

`account_property`

`account_property`

`features`

`country`

`locality`

`postal_code`

`region`

`street_address`

`businessCity`

`businessCountry`

`businessPostalCode`

`businessState`

`businessStreet1`

`businessStreet2`

`businessStreetAddress`

`business_city`

`business_country`

`business_postal_code`

`business_state`

`business_street1`

`business_street2`

`business_street_address`

`groups`

`name`

`description`

`categories`

`account_property`

`value`

`primary`

`type`

`debug_id`

`message`

`name`

`details`

`information_link`

`links`

`issue`

`description`

`field`

`location`

`value`

`name`

`description`

`preferences`

`subgroups`

`href`

`rel`

`method`

`name`

`value`

`description`

`memo`

`override_notification_settings`

`status`

`supported_countries`

`supported_languages`

`time_created`