Orders API

The PayPal payer ID, which is a masked version of the PayPal account number intended for use with third parties. The account number is reversibly encrypted and a proprietary variant of Base32 is used to encode the result.

The account identifier for a PayPal account.

The date and time when the transaction occurred, in Internet date and time format.

The date and time when the transaction was last updated, in Internet date and time format.

The 2-character ISO 3166-1 code that identifies the country or region.

Note: The country code for Great Britain is GB and not UK as used in the top-level domain names for that country. Use the C2 country code for China worldwide for comparable uncontrolled price (CUP) method, bank card, and cross-border transactions.

A named locations that represents the premise. Usually a building name or number or collection of buildings with a common name or number. For example, Craven House.

The delivery service. Post office box, bag number, or post office name.

The street name. Just Drury in Drury Lane.

The street number.

The street type. For example, avenue, boulevard, road, or expressway.

The first-order entity below a named building or location that represents the sub-premises. Usually a single building within a collection of buildings with a common name. Can be a flat, story, floor, room, or apartment.

The 2-character ISO 3166-1 code that identifies the country or region.

Note: The country code for Great Britain is GB and not UK as used in the top-level domain names for that country. Use the C2 country code for China worldwide for comparable uncontrolled price (CUP) method, bank card, and cross-border transactions.

The non-portable additional address details include fine-grain address information for Compliance, Risk, and other scenarios. This isn't portable with common third-party and open source applications. This can include data that is redundant with core fields. For example, address_portable.address_line_1 is usually a combination of address_details.street_number, street_name, and street_type.

The first line of the address, such as number and street, for example, 173 Drury Lane. Needed for data entry, and Compliance and Risk checks. This field needs to pass the full address.

The second line of the address, for example, a suite or apartment number.

The third line of the address, if needed. Examples include a street complement for Brazil, direction text, such as next to Walmart, or a landmark in an Indian address.

The highest-level sub-division in a country, which is usually a province, state, or ISO-3166-2 subdivision. This data is formatted for postal delivery, for example, CA and not California. Value, by country, is:

• UK. A county.
• US. A state.
• Canada. A province.
• Japan. A prefecture.
• Switzerland. A kanton.

A city, town, or village. Smaller than admin_area_level_1.

The sub-locality, suburb, neighborhood, or district. This is smaller than admin_area_level_2. Value is:

• Brazil. Suburb, bairro, or neighborhood.
• India. Sub-locality or district. Street name information isn't always available, but a sub-locality or district can be a very small area.

The neighborhood, ward, or district. This is smaller than admin_area_level_3 or sub_locality. Value is:

• The postal sorting code that is used in Guernsey and many French territories, such as French Guiana.
• The fine-grained administrative levels in China.

The postal code, which is the ZIP code or equivalent. Typically required for countries with a postal code or an equivalent. See postal code.

The two-character ISO 3166-1 code that identifies the country or region.

Note: The country code for Great Britain is GB and not UK as used in the top-level domain names for that country. Use the C2 country code for China worldwide for comparable uncontrolled price (CUP) method, bank card, and cross-border transactions.

The non-portable additional address details that are sometimes needed for compliance, risk, or other scenarios where fine-grain address information might be needed. Not portable with common third party and open source. Redundant with core fields.
For example, address_portable.address_line_1 is usually a combination of address_details.street_number, street_name, and street_type.

The first line of the address. For example, number or street. For example, 173 Drury Lane. Required for data entry and compliance and risk checks. Must contain the full address.

The second line of the address. For example, suite or apartment number.

The third line of the address, if needed. For example, a street complement for Brazil, direction text, such as next to Walmart, or a landmark in an Indian address.

The highest level sub-division in a country, which is usually a province, state, or ISO-3166-2 subdivision. Format for postal delivery. For example, CA and not California. Value, by country, is:

• UK. A county.
• US. A state.
• Canada. A province.
• Japan. A prefecture.
• Switzerland. A kanton.

A city, town, or village. Smaller than admin_area_level_1.

A sub-locality, suburb, neighborhood, or district. Smaller than admin_area_level_2. Value is:

• Brazil. Suburb, bairro, or neighborhood.
• India. Sub-locality or district. Street name information is not always available but a sub-locality or district can be a very small area.

The neighborhood, ward, or district. Smaller than admin_area_level_3 or sub_locality. Value is:

• The postal sorting code for Guernsey and many French territories, such as French Guiana.
• The fine-grained administrative levels in China.

The postal code, which is the zip code or equivalent. Typically required for countries with a postal code or an equivalent. See postal code.

The two-character ISO 3166-1 code that identifies the country or region.

Note: The country code for Great Britain is GB and not UK as used in the top-level domain names for that country. Use the C2 country code for China worldwide for comparable uncontrolled price (CUP) method, bank card, and cross-border transactions.

The first line of the address. For example, number or street. For example, 173 Drury Lane. Required for data entry and compliance and risk checks. Must contain the full address.

The second line of the address. For example, suite or apartment number.

The highest level sub-division in a country, which is usually a province, state, or ISO-3166-2 subdivision. Format for postal delivery. For example, CA and not California. Value, by country, is:

• UK. A county.
• US. A state.
• Canada. A province.
• Japan. A prefecture.
• Switzerland. A kanton.

A city, town, or village. Smaller than admin_area_level_1.

The postal code, which is the zip code or equivalent. Typically required for countries with a postal code or an equivalent. See postal code.

The discount for all items within a given purchase_unit. discount.value can not be a negative number.

The handling fee for all items within a given purchase_unit. handling.value can not be a negative number.

The insurance fee for all items within a given purchase_unit. insurance.value can not be a negative number.

The subtotal for all items. Required if the request includes purchase_units[].items[].unit_amount. Must equal the sum of (items[].unit_amount * items[].quantity) for all items. item_total.value can not be a negative number.

The shipping fee for all items within a given purchase_unit. shipping.value can not be a negative number.

The shipping discount for all items within a given purchase_unit. shipping_discount.value can not be a negative number.

The total tax for all items. Required if the request includes purchase_units.items.tax. Must equal the sum of (items[].tax * items[].quantity) for all items. tax_total.value can not be a negative number.

The three-character ISO-4217 currency code that identifies the currency.

The value, which might be:

• An integer for currencies like JPY that are not typically fractional.
• A decimal fraction for currencies like TND that are subdivided into thousandths.

The breakdown of the amount. Breakdown provides details such as total item amount, total tax amount, shipping, handling, insurance, and discounts, if any.

Apple Pay Hex-encoded device manufacturer identifier. The pattern is defined by an external party and supports Unicode.

Apple Pay payment data object which contains the cryptogram, eci_indicator and other data.

Indicates the type of payment data passed, in case of Non China the payment data is 3DSECURE and for China it is EMV.

The possible values are:

• 3DSECURE. The card was authenticated using 3D Secure (3DS) authentication scheme. While using this value make sure to populate cryptogram and eci_indicator as part of payment data..
• EMV. The card was authenticated using EMV method, which is applicable for China. While using this value make sure to pass emv_data and pin as part of payment data.

Apple Pay tokenized credit card used to pay.

The transaction amount for the payment that the payer has approved on apple platform.

The billing address for this card. Supports only the address_line_1, address_line_2, admin_area_1, admin_area_2, postal_code, and country_code properties.

The card brand or network. Typically used in the response.

The possible values are:

• VISA. Visa card.
• MASTERCARD. Mastecard card.
• DISCOVER. Discover card.
• AMEX. American Express card.
• SOLO. Solo debit card.
• JCB. Japan Credit Bureau card.
• STAR. Military Star card.
• DELTA. Delta Airlines card.
• SWITCH. Switch credit card.
• MAESTRO. Maestro credit card.
• CB_NATIONALE. Carte Bancaire (CB) credit card.
• CONFIGOGA. Configoga credit card.
• CONFIDIS. Confidis credit card.
• ELECTRON. Visa Electron credit card.
• CETELEM. Cetelem credit card.
• CHINA_UNION_PAY. China union pay credit card.

The card brand or network. Typically used in the response.

The possible values are:

• VISA. Visa card.
• MASTERCARD. Mastecard card.
• DISCOVER. Discover card.
• AMEX. American Express card.
• SOLO. Solo debit card.
• JCB. Japan Credit Bureau card.
• STAR. Military Star card.
• DELTA. Delta Airlines card.
• SWITCH. Switch credit card.
• MAESTRO. Maestro credit card.
• CB_NATIONALE. Carte Bancaire (CB) credit card.
• CONFIGOGA. Configoga credit card.
• CONFIDIS. Confidis credit card.
• ELECTRON. Visa Electron credit card.
• CETELEM. Cetelem credit card.
• CHINA_UNION_PAY. China union pay credit card.

The card expiration year and month, in Internet date format.

The card holder's name as it appears on the card.

The primary account number (PAN) for the payment card.

The payment card type.

The possible values are:

• CREDIT. A credit card.
• DEBIT. A debit card.
• PREPAID. A Prepaid card.
• STORE. A store card.
• UNKNOWN. Card type cannot be determined.

Online payment cryptogram, as defined by 3D Secure. The pattern is defined by an external party and supports Unicode.

ECI indicator, as defined by 3- Secure. The pattern is defined by an external party and supports Unicode.

Encoded Apple Pay EMV Payment Structure used for payments in China. The pattern is defined by an external party and supports Unicode.

Bank Key encrypted Apple Pay PIN. The pattern is defined by an external party and supports Unicode.

DEPRECATED. The label that overrides the business name in the PayPal account on the PayPal site. The fields in application_context are now available in the experience_context object under the payment_source which supports them (eg. payment_source.paypal.experience_context.brand_name). Please specify this field in the experience_context object instead of the application_context object.

DEPRECATED. The URL where the customer is redirected after the customer cancels the payment. The fields in application_context are now available in the experience_context object under the payment_source which supports them (eg. payment_source.paypal.experience_context.cancel_url). Please specify this field in the experience_context object instead of the application_context object.

DEPRECATED. DEPRECATED. The type of landing page to show on the PayPal site for customer checkout. The fields in application_context are now available in the experience_context object under the payment_source which supports them (eg. payment_source.paypal.experience_context.landing_page). Please specify this field in the experience_context object instead of the application_context object.

The possible values are:

• LOGIN. When the customer clicks PayPal Checkout, the customer is redirected to a page to log in to PayPal and approve the payment.
• BILLING. When the customer clicks PayPal Checkout, the customer is redirected to a page to enter credit or debit card and other relevant billing information required to complete the purchase.
• NO_PREFERENCE. When the customer clicks PayPal Checkout, the customer is redirected to either a page to log in to PayPal and approve the payment or to a page to enter credit or debit card and other relevant billing information required to complete the purchase, depending on their previous interaction with PayPal.

DEPRECATED. The BCP 47-formatted locale of pages that the PayPal payment experience shows. PayPal supports a five-character code. For example, da-DK, he-IL, id-ID, ja-JP, no-NO, pt-BR, ru-RU, sv-SE, th-TH, zh-CN, zh-HK, or zh-TW. The fields in application_context are now available in the experience_context object under the payment_source which supports them (eg. payment_source.paypal.experience_context.locale). Please specify this field in the experience_context object instead of the application_context object.

DEPRECATED. The customer and merchant payment preferences. The fields in application_context are now available in the experience_context object under the payment_source which supports them (eg. payment_source.paypal.experience_context.payment_method_selected). Please specify this field in the experience_context object instead of the application_context object..

DEPRECATED. The URL where the customer is redirected after the customer approves the payment. The fields in application_context are now available in the experience_context object under the payment_source which supports them (eg. payment_source.paypal.experience_context.return_url). Please specify this field in the experience_context object instead of the application_context object.

DEPRECATED. DEPRECATED. The shipping preference:

• Displays the shipping address to the customer.
• Enables the customer to choose an address on the PayPal site.
• Restricts the customer from changing the address during the payment-approval process.

The possible values are:

• GET_FROM_FILE. Use the customer-provided shipping address on the PayPal site.
• NO_SHIPPING. Redact the shipping address from the PayPal site. Recommended for digital goods.
• SET_PROVIDED_ADDRESS. Use the merchant-provided address. The customer cannot change this address on the PayPal site.

DEPRECATED. Provides additional details to process a payment using a payment_source that has been stored or is intended to be stored (also referred to as stored_credential or card-on-file).
Parameter compatibility:

• payment_type=ONE_TIME is compatible only with payment_initiator=CUSTOMER.
• usage=FIRST is compatible only with payment_initiator=CUSTOMER.
• previous_transaction_reference or previous_network_transaction_reference is compatible only with payment_initiator=MERCHANT.
• Only one of the parameters - previous_transaction_reference and previous_network_transaction_reference - can be present in the request.

DEPRECATED. Configures a Continue or Pay Now checkout flow. The fields in application_context are now available in the experience_context object under the payment_source which supports them (eg. payment_source.paypal.experience_context.user_action). Please specify this field in the experience_context object instead of the application_context object.

The possible values are:

• CONTINUE. After you redirect the customer to the PayPal payment page, a Continue button appears. Use this option when the final amount is not known when the checkout flow is initiated and you want to redirect the customer to the merchant page without processing the payment.
• PAY_NOW. After you redirect the customer to the PayPal payment page, a Pay Now button appears. Use this option when the final amount is known when the checkout is initiated and you want to process the payment immediately when the customer clicks Pay Now.

Liability shift indicator. The outcome of the issuer's authentication.

The possible values are:

• YES. Liability has shifted to the card issuer. Available only after order is authorized or captured.
• NO. Liability is with the merchant.
• POSSIBLE. Liability may shift to the card issuer. Available only before order is authorized or captured.
• UNKNOWN. The authentication system is not available.

Results of 3D Secure Authentication.

The status for the authorized payment.

The details of the authorized order pending status.

The amount for this authorized payment.

The API caller-provided external ID. Used to reconcile API caller-initiated transactions with PayPal transactions. Appears in transaction and settlement reports.

The date and time when the authorized payment expires, in Internet date and time format.

The PayPal-generated ID for the authorized payment.

The API caller-provided external invoice number for this order. Appears in both the payer's transaction history and the emails that the payer receives.

An array of related HATEOAS links.

The level of protection offered as defined by PayPal Seller Protection for Merchants.

The date and time when the transaction occurred, in Internet date and time format.

The date and time when the transaction was last updated, in Internet date and time format.

The status for the authorized payment.

The possible values are:

• CREATED. The authorized payment is created. No captured payments have been made for this authorized payment.
• CAPTURED. The authorized payment has one or more captures against it. The sum of these captured payments is greater than the amount of the original authorized payment.
• DENIED. PayPal cannot authorize funds for this authorized payment.
• EXPIRED. The authorized payment has expired.
• PARTIALLY_CAPTURED. A captured payment was made for the authorized payment for an amount that is less than the amount of the original authorized payment.
• VOIDED. The authorized payment was voided. No more captured payments can be made against this authorized payment.
• PENDING. The created authorization is in pending state. For more information, see status.details.

The details of the authorized order pending status.

The reason why the authorized status is PENDING.

The possible values are:

• PENDING_REVIEW. Authorization is pending manual review.

The processor response for card transactions.

The bank identification code (BIC).

The last digits of the card used to fund the Bancontact payment.

The two-character ISO 3166-1 country code.

The last characters of the IBAN used to pay.

The name of the account holder associated with this payment method.

The two-character ISO 3166-1 country code.

The name of the account holder associated with this payment method.

Customizes the payer experience during the approval process for the payment.

The business identification code (BIC). In payments systems, a BIC is used to identify a specific business, most commonly a bank.

The two-character ISO 3166-1 country code.

The email address of the account holder associated with this payment method.

The name of the account holder associated with this payment method.

The two-character ISO 3166-1 country code.

The name of the account holder associated with this payment method.

The email address of the account holder associated with this payment method.

Customizes the payer experience during the approval process for the payment.

The label that overrides the business name in the PayPal account on the PayPal site. The pattern is defined by an external party and supports Unicode.

The URL where the customer is redirected after the customer cancels the payment.

The BCP 47-formatted locale of pages that the PayPal payment experience shows. PayPal supports a five-character code. For example, da-DK, he-IL, id-ID, ja-JP, no-NO, pt-BR, ru-RU, sv-SE, th-TH, zh-CN, zh-HK, or zh-TW.

The URL where the customer is redirected after the customer approves the payment.

The location from which the shipping address is derived.

The URL of the merchant's logo.

The status of the captured payment.

The details of the captured payment status.

The amount for this captured payment.

The API caller-provided external ID. Used to reconcile API caller-initiated transactions with PayPal transactions. Appears in transaction and settlement reports.

The funds that are held on behalf of the merchant.

Indicates whether you can make additional captures against the authorized payment. Set to true if you do not intend to capture additional payments against the authorization. Set to false if you intend to capture additional payments against the authorization.

The PayPal-generated ID for the captured payment.

The API caller-provided external invoice number for this order. Appears in both the payer's transaction history and the emails that the payer receives.

An array of related HATEOAS links.

An object that provides additional processor information for a direct credit card transaction.

The level of protection offered as defined by PayPal Seller Protection for Merchants.

The detailed breakdown of the capture activity. This is not available for transactions that are in pending state.

The date and time when the transaction occurred, in Internet date and time format.

The date and time when the transaction was last updated, in Internet date and time format.

The status of the captured payment.

The possible values are:

• COMPLETED. The funds for this captured payment were credited to the payee's PayPal account.
• DECLINED. The funds could not be captured.
• PARTIALLY_REFUNDED. An amount less than this captured payment's amount was partially refunded to the payer.
• PENDING. The funds for this captured payment was not yet credited to the payee's PayPal account. For more information, see status.details.
• REFUNDED. An amount greater than or equal to this captured payment's amount was refunded to the payer.
• FAILED. There was an error while capturing payment.

The details of the captured payment status.

The reason why the captured payment status is PENDING or DENIED.

The possible values are:

• BUYER_COMPLAINT. The payer initiated a dispute for this captured payment with PayPal.
• CHARGEBACK. The captured funds were reversed in response to the payer disputing this captured payment with the issuer of the financial instrument used to pay for this captured payment.
• ECHECK. The payer paid by an eCheck that has not yet cleared.
• INTERNATIONAL_WITHDRAWAL. Visit your online account. In your **Account Overview**, accept and deny this payment.
• OTHER. No additional specific reason can be provided. For more information about this captured payment, visit your account online or contact PayPal.
• PENDING_REVIEW. The captured payment is pending manual review.
• RECEIVING_PREFERENCE_MANDATES_MANUAL_ACTION. The payee has not yet set up appropriate receiving preferences for their account. For more information about how to accept or deny this payment, visit your account online. This reason is typically offered in scenarios such as when the currency of the captured payment is different from the primary holding currency of the payee.
• REFUNDED. The captured funds were refunded.
• TRANSACTION_APPROVED_AWAITING_FUNDING. The payer must send the funds for this captured payment. This code generally appears for manual EFTs.
• UNILATERAL. The payee does not have a PayPal account.
• VERIFICATION_REQUIRED. The payee's PayPal account is not verified.

The billing address for this card. Supports only the address_line_1, address_line_2, admin_area_1, admin_area_2, postal_code, and country_code properties.

The card brand or network. Typically used in the response.

The possible values are:

• VISA. Visa card.
• MASTERCARD. Mastecard card.
• DISCOVER. Discover card.
• AMEX. American Express card.
• SOLO. Solo debit card.
• JCB. Japan Credit Bureau card.
• STAR. Military Star card.
• DELTA. Delta Airlines card.
• SWITCH. Switch credit card.
• MAESTRO. Maestro credit card.
• CB_NATIONALE. Carte Bancaire (CB) credit card.
• CONFIGOGA. Configoga credit card.
• CONFIDIS. Confidis credit card.
• ELECTRON. Visa Electron credit card.
• CETELEM. Cetelem credit card.
• CHINA_UNION_PAY. China union pay credit card.

The card brand or network. Typically used in the response.

The possible values are:

• VISA. Visa card.
• MASTERCARD. Mastecard card.
• DISCOVER. Discover card.
• AMEX. American Express card.
• SOLO. Solo debit card.
• JCB. Japan Credit Bureau card.
• STAR. Military Star card.
• DELTA. Delta Airlines card.
• SWITCH. Switch credit card.
• MAESTRO. Maestro credit card.
• CB_NATIONALE. Carte Bancaire (CB) credit card.
• CONFIGOGA. Configoga credit card.
• CONFIDIS. Confidis credit card.
• ELECTRON. Visa Electron credit card.
• CETELEM. Cetelem credit card.
• CHINA_UNION_PAY. China union pay credit card.

The card expiration year and month, in Internet date format.

The PayPal-generated ID for the card.

The last digits of the payment card.

The card holder's name as it appears on the card.

The primary account number (PAN) for the payment card.

The three- or four-digit security code of the card. Also known as the CVV, CVC, CVN, CVE, or CID. This parameter cannot be present in the request when payment_initiator=MERCHANT.

The payment card type.

The possible values are:

• CREDIT. A credit card.
• DEBIT. A debit card.
• PREPAID. A Prepaid card.
• STORE. A store card.
• UNKNOWN. Card type cannot be determined.

The billing address for this card. Supports only the address_line_1, address_line_2, admin_area_1, admin_area_2, postal_code, and country_code properties.

The card expiration year and month, in Internet date format.

The card holder's name as it appears on the card.

The primary account number (PAN) for the payment card.

The three- or four-digit security code of the card. Also known as the CVV, CVC, CVN, CVE, or CID. This parameter cannot be present in the request when payment_initiator=MERCHANT.

The two-character ISO 3166-1 code that identifies the country or region.

Note: The country code for Great Britain is GB and not UK as used in the top-level domain names for that country. Use the C2 country code for China worldwide for comparable uncontrolled price (CUP) method, bank card, and cross-border transactions.

The first line of the address. For example, number or street. For example, 173 Drury Lane. Required for data entry and compliance and risk checks. Must contain the full address.

The second line of the address. For example, suite or apartment number.

The highest level sub-division in a country, which is usually a province, state, or ISO-3166-2 subdivision. Format for postal delivery. For example, CA and not California. Value, by country, is:

• UK. A county.
• US. A state.
• Canada. A province.
• Japan. A prefecture.
• Switzerland. A kanton.

A city, town, or village. Smaller than admin_area_level_1.

The postal code, which is the zip code or equivalent. Typically required for countries with a postal code or an equivalent. See postal code.

The two-character ISO 3166-1 code that identifies the country or region.

Note: The country code for Great Britain is GB and not UK as used in the top-level domain names for that country. Use the C2 country code for China worldwide for comparable uncontrolled price (CUP) method, bank card, and cross-border transactions.

The first line of the address. For example, number or street. For example, 173 Drury Lane. Required for data entry and compliance and risk checks. Must contain the full address.

The second line of the address. For example, suite or apartment number.

The highest level sub-division in a country, which is usually a province, state, or ISO-3166-2 subdivision. Format for postal delivery. For example, CA and not California. Value, by country, is:

• UK. A county.
• US. A state.
• Canada. A province.
• Japan. A prefecture.
• Switzerland. A kanton.

A city, town, or village. Smaller than admin_area_level_1.

The postal code, which is the zip code or equivalent. Typically required for countries with a postal code or an equivalent. See postal code.

The card network or brand. Applies to credit, debit, gift, and payment cards.

The possible values are:

• VISA. Visa card.
• MASTERCARD. Mastecard card.
• DISCOVER. Discover card.
• AMEX. American Express card.
• SOLO. Solo debit card.
• JCB. Japan Credit Bureau card.
• STAR. Military Star card.
• DELTA. Delta Airlines card.
• SWITCH. Switch credit card.
• MAESTRO. Maestro credit card.
• CB_NATIONALE. Carte Bancaire (CB) credit card.
• CONFIGOGA. Configoga credit card.
• CONFIDIS. Confidis credit card.
• ELECTRON. Visa Electron credit card.
• CETELEM. Cetelem credit card.
• CHINA_UNION_PAY. China union pay credit card.

The card expiration year and month, in Internet date format.

The last digits of the payment card.

The billing address for this card. Supports only the address_line_1, address_line_2, admin_area_1, admin_area_2, postal_code, and country_code properties.

The card expiration year and month, in Internet date format.

The card holder's name as it appears on the card.

The primary account number (PAN) for the payment card.

The three- or four-digit security code of the card. Also known as the CVV, CVC, CVN, CVE, or CID. This parameter cannot be present in the request when payment_initiator=MERCHANT.

Provides additional details to process a payment using a card that has been stored or is intended to be stored (also referred to as stored_credential or card-on-file).
Parameter compatibility:

• payment_type=ONE_TIME is compatible only with payment_initiator=CUSTOMER.
• usage=FIRST is compatible only with payment_initiator=CUSTOMER.
• previous_transaction_reference or previous_network_transaction_reference is compatible only with payment_initiator=MERCHANT.
• Only one of the parameters - previous_transaction_reference and previous_network_transaction_reference - can be present in the request.

The PayPal-generated ID for the saved card payment source. Typically stored on the merchant's server.

Results of Authentication such as 3D Secure.

The card brand or network. Typically used in the response.

The possible values are:

• VISA. Visa card.
• MASTERCARD. Mastecard card.
• DISCOVER. Discover card.
• AMEX. American Express card.
• SOLO. Solo debit card.
• JCB. Japan Credit Bureau card.
• STAR. Military Star card.
• DELTA. Delta Airlines card.
• SWITCH. Switch credit card.
• MAESTRO. Maestro credit card.
• CB_NATIONALE. Carte Bancaire (CB) credit card.
• CONFIGOGA. Configoga credit card.
• CONFIDIS. Confidis credit card.
• ELECTRON. Visa Electron credit card.
• CETELEM. Cetelem credit card.
• CHINA_UNION_PAY. China union pay credit card.

The card expiration year and month, in Internet date format.

Representation of card details as received in the request.

The last digits of the payment card.

The card holder's name as it appears on the card.

The payment card type.

The possible values are:

• CREDIT. A credit card.
• DEBIT. A debit card.
• PREPAID. A Prepaid card.
• UNKNOWN. Card type cannot be determined.

The person or party who initiated or triggered the payment.

The possible values are:

• CUSTOMER. Payment is initiated with the active engagement of the customer. e.g. a customer checking out on a merchant website.
• MERCHANT. Payment is initiated by merchant on behalf of the customer without the active engagement of customer. e.g. a merchant charging the monthly payment of a subscription to the customer.

Indicates the type of the stored payment_source payment.

The possible values are:

• ONE_TIME. One Time payment such as online purchase or donation. (e.g. Checkout with one-click).
• RECURRING. Payment which is part of a series of payments with fixed or variable amounts, following a fixed time interval. (e.g. Subscription payments).
• UNSCHEDULED. Payment which is part of a series of payments that occur on a non-fixed schedule and/or have variable amounts. (e.g. Account Topup payments).

Reference values used by the card network to identify a transaction.

Indicates if this is a first or subsequent payment using a stored payment source (also referred to as stored credential or card on file).

The possible values are:

• FIRST. Indicates the Initial/First payment with a payment_source that is intended to be stored upon successful processing of the payment.
• SUBSEQUENT. Indicates a payment using a stored payment_source which has been successfully used previously for a payment.
• DERIVED. Indicates that PayPal will derive the value of `FIRST` or `SUBSEQUENT` based on data available to PayPal.

Type of card. i.e Credit, Debit and so on.

The possible values are:

• CREDIT. A credit card.
• DEBIT. A debit card.
• PREPAID. A Prepaid card.
• STORE. A store card.
• UNKNOWN. Card type cannot be determined.

The intent to either capture payment immediately or authorize a payment for an order after order creation.

The possible values are:

• CAPTURE. The merchant intends to capture payment immediately after the customer makes a payment.
• AUTHORIZE. The merchant intends to authorize a payment and place funds on hold after the customer makes a payment. Authorized payments are best captured within three days of authorization but are available to capture for up to 29 days. After the three-day honor period, the original authorized payment expires and you must re-authorize the payment. You must make a separate request to capture payments on demand. This intent is not supported when you have more than one `purchase_unit` within your order.

The payment source definition.

Customizes the payer confirmation experience.

The instruction to process an order.

The possible values are:

• ORDER_COMPLETE_ON_PAYMENT_APPROVAL. API Caller expects the Order to be auto completed (i.e. for PayPal to authorize or capture depending on the intent) on completion of payer approval. This option is not relevant for payment_source that typically do not require a payer approval or interaction. This option is currently only available for the following payment_source: Alipay, Bancontact, BLIK, boletobancario, eps, giropay, GrabPay, iDEAL, Multibanco, MyBank, OXXO, P24, PayU, PUI, SafetyPay, SatisPay, Sofort, Trustly, Verkkopankki, WeChat Pay
• NO_INSTRUCTION. The API caller intends to authorize v2/checkout/orders/id/authorize or capture v2/checkout/orders/id/capture after the payer approves the order.

An action to be taken on a payment method to validate it.

The possible values are:

• 3D_SECURE. When specified, 3D Secure contingency will be triggered on 3DS enabled cards, if required.

The 2-character ISO 3166-1 code that identifies the country or region.

Note: The country code for Great Britain is GB and not UK as used in the top-level domain names for that country. Use the C2 country code for China worldwide for comparable uncontrolled price (CUP) method, bank card, and cross-border transactions.

The two-character ISO 3166-1 code that identifies the country or region.

Note: The country code for Great Britain is GB and not UK as used in the top-level domain names for that country. Use the C2 country code for China worldwide for comparable uncontrolled price (CUP) method, bank card, and cross-border transactions.

The three-character ISO-4217 currency code that identifies the currency.

The 3-character ISO-4217 currency code that identifies the currency.

The contact address for the merchant's customer service.

The stand-alone date, in Internet date and time format. To represent special legal values, such as a date of birth, you should use dates with no associated time or time-zone data. Whenever possible, use the standard date_time type. This regular expression does not validate all dates. For example, February 31 is valid and nothing is known about leap years.

The stand-alone date, in Internet date and time format. To represent special legal values, such as a date of birth, you should use dates with no associated time or time-zone data. Whenever possible, use the standard date_time type. This regular expression does not validate all dates. For example, February 31 is valid and nothing is known about leap years.

The date and time, in Internet date and time format. Seconds are required while fractional seconds are optional.

Note: The regular expression provides guidance but does not reject all invalid dates.

The year and month, in ISO-8601 YYYY-MM date format. See Internet date and time format.

Name of the person or business that owns the bank account.

The name of the bank.

The bank identification code (BIC).

International Bank Account Number (IBAN) is used internationally by financial institutions to uniquely identify the account of a customer. Further specifications of the format and content of the IBAN can be found in the standard ISO 13616 'Banking and related financial services - International Bank Account Number (IBAN)' version 1997-10-01, or later revisions. Either JWT unsecured or encrypted. This doesn't support Unicode characters.

The funds that are held on behalf of the merchant.

The possible values are:

• INSTANT. The funds are released to the merchant immediately.
• DELAYED. The funds are held for a finite number of days. The actual duration depends on the region and type of integration. You can release the funds through a referenced payout. Otherwise, the funds disbursed automatically after the specified duration.

The condition that is covered for the transaction.

The possible values are:

• ITEM_NOT_RECEIVED. The payer paid for an item that they did not receive.
• UNAUTHORIZED_TRANSACTION. The payer did not authorize the payment.

The country code where document was issued.

The entity that issued the identity document. For example, registration authority.

The state or province code that issued the identity document, as defined by ISO 3166-2:2013.

The internationalized email address.

Note: Up to 64 characters are allowed before and 255 characters are allowed after the @ sign. However, the generally accepted maximum length for an email address is 254 characters. The pattern verifies that an unquoted @ sign exists.

The internationalized email address.

Note: Up to 64 characters are allowed before and 255 characters are allowed after the @ sign. However, the generally accepted maximum length for an email address is 254 characters. The pattern verifies that an unquoted @ sign exists.

The internationalized email address.

Note: Up to 64 characters are allowed before and 255 characters are allowed after the @ sign. However, the generally accepted maximum length for an email address is 254 characters. The pattern verifies that an unquoted @ sign exists.

Status of Authentication eligibility.

The possible values are:

• Y. Yes. The bank is participating in 3-D Secure protocol and will return the ACSUrl.
• N. No. The bank is not participating in 3-D Secure protocol.
• U. Unavailable. The DS or ACS is not available for authentication at the time of the request.
• B. Bypass. The merchant authentication rule is triggered to bypass authentication.

The bank identification code (BIC).

The two-character ISO 3166-1 country code.

The name of the account holder associated with this payment method.

The two-character ISO 3166-1 country code.

The name of the account holder associated with this payment method.

Customizes the payer experience during the approval process for the payment.

The PayPal internal ID. Used for correlation purposes.

The message that describes the error.

The human-readable, unique name of the error.

An array of additional details about the error.

The information link, or URI, that shows detailed information about this error for the developer.

An array of request-related HATEOAS links.

The unique, fine-grained application-level error code.

The human-readable description for an issue. The description can change over the lifetime of an API, so clients must not depend on this value.

The field that caused the error. If this field is in the body, set this value to the field's JSON pointer value. Required for client-side errors.

The location of the field that caused the error. Value is body, path, or query.

The value of the field that caused the error.

The source currency from which to convert an amount.

The target currency to which to convert an amount.

The target currency amount. Equivalent to one unit of the source currency. Formatted as integer or decimal value with one to 15 digits to the right of the decimal point.

The label that overrides the business name in the PayPal account on the PayPal site. The pattern is defined by an external party and supports Unicode.

The URL where the customer is redirected after the customer cancels the payment.

The BCP 47-formatted locale of pages that the PayPal payment experience shows. PayPal supports a five-character code. For example, da-DK, he-IL, id-ID, ja-JP, no-NO, pt-BR, ru-RU, sv-SE, th-TH, zh-CN, zh-HK, or zh-TW.

The URL where the customer is redirected after the customer approves the payment.

The location from which the shipping address is derived.

The possible values are:

• GET_FROM_FILE. Get the customer-provided shipping address on the PayPal site.
• NO_SHIPPING. Redacts the shipping address from the PayPal site. Recommended for digital goods.
• SET_PROVIDED_ADDRESS. Get the merchant-provided address. The customer cannot change this address on the PayPal site. If merchant does not pass an address, customer can choose the address on PayPal pages.

The identifier of the instrument.

Describes the URL.

The bank identification code (BIC).

The two-character ISO 3166-1 country code.

The name of the account holder associated with this payment method.

The two-character ISO 3166-1 country code.

The name of the account holder associated with this payment method.

Customizes the payer experience during the approval process for the payment.

The last characters of the IBAN used to pay.

The bank identification code (BIC).

The two-character ISO 3166-1 country code.

The last characters of the IBAN used to pay.

The name of the account holder associated with this payment method.

The two-character ISO 3166-1 country code.

The name of the account holder associated with this payment method.

The bank identification code (BIC).

Customizes the payer experience during the approval process for the payment.

The identity document type.

The possible values are:

• SOCIAL_SECURITY_NUMBER. Social security number.
• INDIVIDUAL_TAXPAYER_IDENTIFICATION_NUMBER. Individual tax identification number.
• NATIONAL_IDENTIFICATION_NUMBER. National identification number, such as Brazil's *Cadastro de Pessoas Fisicas* (CPF) or India's *Aadhaar* number.
• TAX_IDENTIFICATION_NUMBER. The tax identification number, such as PAN CARD.
• PASSPORT_NUMBER. The passport number.
• SSN4. The last 4 digits of the social security number.

The issuer of the credit financing offer.

The possible values are:

• PAYPAL. Issued by PayPal.
• CARD_ISSUER_INSTALLMENTS. Issued by card issuer.

The item name or title.

The item quantity. Must be a whole number.

The item price or rate per unit. If you specify unit_amount, purchase_units[].amount.breakdown.item_total is required. Must equal unit_amount * quantity for all items. unit_amount.value can not be a negative number.

The item category type.

The possible values are:

• DIGITAL_GOODS. Goods that are stored, delivered, and used in their electronic format. This value is not currently supported for API callers that leverage the PayPal for Commerce Platform product.
• PHYSICAL_GOODS. A tangible item that can be shipped with proof of delivery.
• DONATION. A contribution or gift for which no good or service is exchanged, usually to a not for profit organization.

The detailed item description.

The stock keeping unit (SKU) for the item.

The item tax for each unit. If tax is specified, purchase_units[].amount.breakdown.tax_total is required. Must equal tax * quantity for all items. tax.value can not be a negative number.

The language tag for the language in which to localize the error-related strings, such as messages, issues, and suggested actions. The tag is made up of the ISO 639-2 language code, the optional ISO-15924 script tag, and the ISO-3166 alpha-2 country code or M49 region code.

The language tag for the language in which to localize the error-related strings, such as messages, issues, and suggested actions. The tag is made up of the ISO 639-2 language code, the optional ISO-15924 script tag, and the ISO-3166 alpha-2 country code or M49 region code.

Liability shift indicator. The outcome of the issuer's authentication.

The possible values are:

• YES. Liability has shifted to the card issuer. Available only after order is authorized or captured.
• NO. Liability is with the merchant.
• POSSIBLE. Liability may shift to the card issuer. Available only before order is authorized or captured.
• UNKNOWN. The authentication system is not available.

The complete target URL. To make the related call, combine the method with this URI Template-formatted link. For pre-processing, include the $, (, and ) characters. The href is the key HATEOAS component that links a completed call with a subsequent call.

The link relation type, which serves as an ID for a link that unambiguously describes the semantics of the link. See Link Relations.

The HTTP method required to make the related call.

The unique ID for a customer generated by PayPal.

The three-character ISO-4217 currency code that identifies the currency.

The value, which might be:

• An integer for currencies like JPY that are not typically fractional.
• A decimal fraction for currencies like TND that are subdivided into thousandths.

The 3-character ISO-4217 currency code that identifies the currency.

The value, which might be:

• An integer for currencies like JPY that are not typically fractional.
• A decimal fraction for currencies like TND that are subdivided into thousandths.

The bank identification code (BIC).

The two-character ISO 3166-1 country code.

The last characters of the IBAN used to pay.

The name of the account holder associated with this payment method.

The two-character ISO 3166-1 country code.

The name of the account holder associated with this payment method.

Customizes the payer experience during the approval process for the payment.

When the party is a person, the party's full name.

When the party is a person, the party's given, or first, name.

When the party is a person, the party's middle name. Use also to store multiple middle names including the patronymic, or father's, middle name.

The prefix, or title, to the party's name.

The suffix for the party's name.

When the party is a person, the party's surname or family name. Also known as the last name. Required when the party is a person. Use also to store multiple surnames including the matronymic, or mother's, surname.

The full name representation like Mr J Smith.

DEPRECATED. The party's alternate name. Can be a business name, nickname, or any other name that cannot be split into first, last name. Required when the party is a business.

When the party is a person, the party's full name.

When the party is a person, the party's given, or first, name.

When the party is a person, the party's middle name. Use also to store multiple middle names including the patronymic, or father's, middle name.

The prefix, or title, to the party's name.

The suffix for the party's name.

When the party is a person, the party's surname or family name. Also known as the last name. Required when the party is a person. Use also to store multiple surnames including the matronymic, or mother's, surname.

When the party is a person, the party's given, or first, name.

When the party is a person, the party's surname or family name. Also known as the last name. Required when the party is a person. Use also to store multiple surnames including the matronymic, or mother's, surname.

The converted payable amount.

The exchange rate that determines the amount that was debited from the merchant's PayPal account.

The net amount debited from the merchant's PayPal account.

Transaction reference id returned by the scheme. For Visa and Amex, this is the "Tran id" field in response. For MasterCard, this is the "BankNet reference id" field in response. For Discover, this is the "NRID" field in response.

Name of the card network through which the transaction was routed.

The possible values are:

• VISA. Visa card.
• MASTERCARD. Mastecard card.
• DISCOVER. Discover card.
• AMEX. American Express card.
• SOLO. Solo debit card.
• JCB. Japan Credit Bureau card.
• STAR. Military Star card.
• DELTA. Delta Airlines card.
• SWITCH. Switch credit card.
• MAESTRO. Maestro credit card.
• CB_NATIONALE. Carte Bancaire (CB) credit card.
• CONFIGOGA. Configoga credit card.
• CONFIDIS. Confidis credit card.
• ELECTRON. Visa Electron credit card.
• CETELEM. Cetelem credit card.
• CHINA_UNION_PAY. China union pay credit card.

The date that the transaction was authorized by the scheme. For MasterCard, this is the "BankNet reference date" field in response.

The date and time when the transaction occurred, in Internet date and time format.

The date and time when the transaction was last updated, in Internet date and time format.

The ID of the order.

The intent to either capture payment immediately or authorize a payment for an order after order creation.

An array of request-related HATEOAS links. To complete payer approval, use the approve link to redirect the payer. The API caller has 3 hours (default setting, this which can be changed by your account manager to 24/48/72 hours to accommodate your use case) from the time the order is created, to redirect your payer. Once redirected, the API caller has 3 hours for the payer to approve the order and either authorize or capture the order. If you are not using the PayPal JavaScript SDK to initiate PayPal Checkout (in context) ensure that you include application_context.return_url is specified or you will get "We're sorry, Things don't appear to be working at the moment" after the payer approves the payment.

DEPRECATED. The customer is also known as the payer. The Payer object was intended to only be used with the payment_source.paypal object. In order to make this design more clear, the details in the payer object are now available under payment_source.paypal. Please use payment_source.paypal.

The payment source used to fund the payment.

The instruction to process an order.

An array of purchase units. Each purchase unit establishes a contract between a customer and merchant. Each purchase unit represents either a full or partial order that the customer intends to purchase from the merchant.

The order status.

The source of payment for the order, which can be a token or a card. Use this object only if you have not redirected the user after order creation to approve the payment. In such cases, the user-selected payment method in the PayPal flow is implicitly used.

The payment card to use to fund a payment. Can be a credit or debit card.

Note: Passing card number, cvv and expiry directly via the API requires PCI SAQ D compliance.
PayPal offers a mechanism by which you do not have to take on the PCI SAQ D burden by using hosted fields - refer to this Integration Guide.

Indicates that PayPal Wallet is the payment source. Main use of this selection is to provide additional instructions associated with this choice like vaulting.

The tokenized payment source to fund a payment.

The date and time when the transaction occurred, in Internet date and time format.

The date and time when the transaction was last updated, in Internet date and time format.

The ID of the order.

The intent to either capture payment immediately or authorize a payment for an order after order creation.

An array of request-related HATEOAS links. To complete payer approval, use the approve link to redirect the payer. The API caller has 3 hours (default setting, this which can be changed by your account manager to 24/48/72 hours to accommodate your use case) from the time the order is created, to redirect your payer. Once redirected, the API caller has 3 hours for the payer to approve the order and either authorize or capture the order. If you are not using the PayPal JavaScript SDK to initiate PayPal Checkout (in context) ensure that you include application_context.return_url is specified or you will get "We're sorry, Things don't appear to be working at the moment" after the payer approves the payment.

The customer who approves and pays for the order. The customer is also known as the payer.

The payment source used to fund the payment.

The instruction to process an order.

An array of purchase units. Each purchase unit establishes a contract between a customer and merchant. Each purchase unit represents either a full or partial order that the customer intends to purchase from the merchant.

The order status.

The payment source definition.

The payment card to use to fund a payment. Can be a credit or debit card.

Note: Passing card number, cvv and expiry directly via the API requires PCI SAQ D compliance.
PayPal offers a mechanism by which you do not have to take on the PCI SAQ D burden by using hosted fields - refer to this Integration Guide.

Indicates that PayPal Wallet is the payment source. Main use of this selection is to provide additional instructions associated with this choice like vaulting.

The tokenized payment source to fund a payment.

Label to present to your payer as part of the PayPal hosted web experience.

The URL where the customer is redirected after the customer cancels the payment.

The BCP 47-formatted locale of pages that the PayPal payment experience shows. PayPal supports a five-character code. For example, da-DK, he-IL, id-ID, ja-JP, no-NO, pt-BR, ru-RU, sv-SE, th-TH, zh-CN, zh-HK, or zh-TW.

The URL where the customer is redirected after the customer approves the payment.

Provides additional details to process a payment using a payment_source that has been stored or is intended to be stored (also referred to as stored_credential or card-on-file).
Parameter compatibility:

• payment_type=ONE_TIME is compatible only with payment_initiator=CUSTOMER.
• usage=FIRST is compatible only with payment_initiator=CUSTOMER.
• previous_transaction_reference or previous_network_transaction_reference is compatible only with payment_initiator=MERCHANT.
• Only one of the parameters - previous_transaction_reference and previous_network_transaction_reference - can be present in the request.

The intent to either capture payment immediately or authorize a payment for an order after order creation.

The possible values are:

• CAPTURE. The merchant intends to capture payment immediately after the customer makes a payment.
• AUTHORIZE. The merchant intends to authorize a payment and place funds on hold after the customer makes a payment. Authorized payments are best captured within three days of authorization but are available to capture for up to 29 days. After the three-day honor period, the original authorized payment expires and you must re-authorize the payment. You must make a separate request to capture payments on demand. This intent is not supported when you have more than one `purchase_unit` within your order.

An array of purchase units. Each purchase unit establishes a contract between a payer and the payee. Each purchase unit represents either a full or partial order that the payer intends to purchase from the payee.

Customize the payer experience during the approval process for the payment with PayPal.

DEPRECATED. The customer is also known as the payer. The Payer object was intended to only be used with the payment_source.paypal object. In order to make this design more clear, the details in the payer object are now available under payment_source.paypal. Please use payment_source.paypal.

The order status.

The possible values are:

• CREATED. The order was created with the specified context.
• SAVED. The order was saved and persisted. The order status continues to be in progress until a capture is made with final_capture = true for all purchase units within the order.
• APPROVED. The customer approved the payment through the PayPal wallet or another form of guest or unbranded payment. For example, a card, bank account, or so on.
• VOIDED. All purchase units in the order are voided.
• COMPLETED. The payment was authorized or the authorized payment was captured for the order.
• PAYER_ACTION_REQUIRED. The order requires an action from the payer (e.g. 3DS authentication). Redirect the payer to the "rel":"payer-action" HATEOAS link returned as part of the response prior to authorizing or capturing the order.

The orthography type based on the ISO 15924 names for scripts. Scipts are chosen based on most widely used writing systems.

The possible values are:

• Zyyy. The orthography cannot be determined.
• Zzzz. The orthography is unknown.
• Kana. An angular form of Japanese writing for words of foreign origin.
• Cyrl. The Slavic languages alphabet. Used in eastern Europe.
• Arab. The Arabic language alphabet.
• Armn. The Armenian alphabet.
• Beng. The Bengali alphabet. Used in eastern India.
• Cans. The Unified Canadian Aboriginal Syllabics alphabet.
• Deva. The Devanagari (Nagari) alphabet.
• Ethi. The Ethiopic alphabet.
• Geor. The Georgian (Mkhedruli and Mtavruli) alphabet.
• Grek. The Greek alphabet.
• Gujr. The Gujurati language alphabet. Used in western India.
• Guru. The Gurmukhi alphabet. Used in the northern Indian state of Punjab.
• Hani. The Han (Hanzi, Kanji, Hanja) alphabet.
• Hebr. The Hebrew alphabet.
• Java. The Javanese alphabet.
• Jpan. The Japanese (alias for Han + Hiragana + Katakana) alphabet.
• Khmr. The Khmer alphabet.
• Knda. The Kannada alphabet. Used in the southern Indian state of Karnataka.
• Kore. Korean (alias for Hangul + Han).
• Laoo. The Lao alphabet.
• Latn. The Latin alphabet.
• Mlym. The Malayalam alphabet. Used in the southern Indian state of Kerala.
• Mong. The Mongolian alphabet.
• Mymr. The Myanmar (Burmese) alphabet.
• Orya. The Oriya (Odia) alphabet. Used in the eastern Indian state of Odisha.
• Sinh. The Sinhala alphabet.
• Sund. The Sundanese alphabet.
• Syrc. The Syriac alphabet.
• Taml. The Tamil alphabet. Used in the southern Indian state of Tamilnadu.
• Telu. The Telugu language alphabet. Used in the southern Indian state of Andhra pradesh.
• Thaa. The Thaana (Maldivian) alphabet.
• Thai. The Thai alphabet. Used in Thailand.
• Tibt. The Tibetan alphabet.
• Yiii. The Yi alphabet.