Get Started

APICurrent


Before you can integrate a PayPal product or solution, you must set up your development environment to get OAuth 2.0 client ID and secret credentials for the sandbox and live environments. You exchange these credentials for an access token that authorizes your REST API calls. To test your web and mobile apps, you create sandbox accounts.

Logging into the Developer Dashboard to get credentials and create sandbox accounts requires a developer, personal, or business account. Each account provides different levels of access to PayPal functionality.

Capabilities Developer Account1 Personal Account Business Account
Access sandbox x x x
Send and receive money x x
Go live x

Note:

1 You can create developer accounts if you are in the US to test US integrations. For those outside the US or those in the US wanting to test integrations outside the US, use your existing PayPal personal or business account or create a new one.

If you need to access a capability you don't currently have, you can upgrade your account on the My Account page in the Developer Dashboard.

More information:

Get credentials

To generate REST API credentials for the sandbox and live environments:

  1. Log in to the Developer Dashboard with your PayPal account.
  2. Under the DASHBOARD menu, select My Apps & Credentials.
  3. Make sure you're on the Sandbox tab to get the API credentials you'll use while you're developing code. After you test and before you go live, switch to the Live tab to get live credentials.
  4. Under the App Name column, select Default Application, which PayPal creates with a new Developer Dashboard account. Select Create App if you don't see the default app.

Note: To get credentials for the Marketplaces and Platforms product, see that Get Started page.

Get an access token

Your access token authorizes you to use the PayPal REST API server. To call a REST API in your integration, exchange your client ID and secret for an access token in an OAuth 2.0 token call. While there are a few ways to get a token, here are examples using both the Postman app and a cURL command.

Your own environment's HTTP library or function may have username and password fields or an auth parameter in which you pass your client ID and secret. You can also add your Base64 encoded client ID and secret in an Authorization: Basic <clientid:secret> header.

For more on OAuth 2.0 basic authentication, see RFC 2617 Basic Authentication Scheme.

Make REST API calls

In REST API calls, include the URL to the API service for the environment:

  • Sandbox: https://api-m.sandbox.paypal.com
  • Live: https://api-m.paypal.com

Also, include your access token to prove your identity and access protected resources.

This sample call, which shows the Orders v2 API, includes a bearer token in the Authorization request header. This type of token lets you complete an action on behalf of a resource owner.

curl -v -X POST https://api-m.sandbox.paypal.com/v2/checkout/orders \
-H "Content-Type: application/json" \
-H "Authorization: Bearer Access-Token" \
-d '{
  "intent": "CAPTURE",
  "purchase_units": [
    {
      "amount": {
        "currency_code": "USD",
        "value": "100.00"
      }
    }
  ]
}'

The response shows the status and other details:

{
  "id": "5O190127TN364715T",
  "status": "CREATED",
  "links": [
    {
      "href": "https://api-m.paypal.com/v2/checkout/orders/5O190127TN364715T",
      "rel": "self",
      "method": "GET"
    },
    {
      "href": "https://www.paypal.com/checkoutnow?token=5O190127TN364715T",
      "rel": "approve",
      "method": "GET"
    },
    {
      "href": "https://api-m.paypal.com/v2/checkout/orders/5O190127TN364715T",
      "rel": "update",
      "method": "PATCH"
    },
    {
      "href": "https://api-m.paypal.com/v2/checkout/orders/5O190127TN364715T/capture",
      "rel": "capture",
      "method": "POST"
    }
  ]
}

There is no list of IP addresses for api-m. The IP addresses are located behind content delivery network (CDN) providers, and all our zones are DNSSec signed. When merchants do a lookup for api-m.paypal.com, they can use the signature to verify PayPal provides the IP.

If you need to allowlist an IP address, you can use api-m.paypal.com. Expect higher latency and lower availability than api-m.paypal.com.

Don't hard-code IP addresses.

Create sandbox accounts

To test your web and mobile apps with mock transactions, create a personal account to represent a buyer and a business account to represent a merchant.

  1. Log into Dashboard and type your PayPal personal or business account email and password.

    Note: If you do not have an account, click Sign Up.

  2. Under Sandbox, click Accounts, and then click Create Account.

  3. Choose the type of account and country that you want to test, and click Create. PayPal generates an account for you with test values for bank account, credit card, and balance. To edit account features, after the account has been created click on the edit button for that account.

    Note: If you need more customization of the test values, click Create Custom Account in the Create Sandbox Account dialog.