Get Started

Before you can integrate a PayPal product or solution, you must set up your development environment to get OAuth 2.0 client ID and secret credentials for the sandbox and live environments. You exchange these credentials for an access token that authorizes your REST API calls. To test your web and mobile apps, you create sandbox accounts.

Logging into the Developer Dashboard to get credentials and create sandbox accounts requires a developer, personal, or business account. Each account provides different levels of access to PayPal functionality.

Capabilities Developer Account Personal Account Business Account
Access sandbox x x x
Send and receive money x x
Go live x

If you need to access a capability you don't currently have, you can upgrade your account on the My Account page in the Developer Dashboard.

More information:

Get credentials

To generate REST API credentials for the sandbox and live environments:

  1. Log into the Developer Dashboard with your PayPal account credentials. If you don't have an account, you can click on the sign up option.

  2. On My Apps & Credentials, use the toggle to switch between live and sandbox testing apps.

    Note: If you are creating a Sandbox app, you will also need to select a test business account that will act as the API caller. For more details, see Get Started.

  3. Navigate to the REST API apps section and click Create App.

  4. Type a name for your app and click Create App. The app details page opens and displays your credentials.

  5. Copy and save the client ID and secret for your app.

  6. Review your app details and save your app.

Get an access token

To get an access token, pass your OAuth 2.0 credentials through either:

Make REST API calls

In REST API calls, include the URL to the API service for the environment:

  • Sandbox:
  • Live:

Also, include your access token to prove your identity and access protected resources.

This sample call, which shows the Orders v2 API, includes a bearer token in the Authorization request header. This type of token lets you complete an action on behalf of a resource owner.

curl -v -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer Access-Token" \
-d '{
  "intent": "CAPTURE",
  "purchase_units": [
      "amount": {
        "currency_code": "USD",
        "value": "100.00"

The response shows the status and other details:

  "id": "5O190127TN364715T",
  "status": "CREATED",
  "links": [
      "href": "",
      "rel": "self",
      "method": "GET"
      "href": "",
      "rel": "approve",
      "method": "GET"
      "href": "",
      "rel": "update",
      "method": "PATCH"
      "href": "",
      "rel": "capture",
      "method": "POST"

There is no list of IP addresses for api-m. The IP addresses are located behind content delivery network (CDN) providers, and all our zones are DNSSec signed. When merchants do a lookup for, they can use the signature to verify PayPal provides the IP.

If you need to allowlist an IP address, you can use Expect higher latency and lower availability than

Don't hard-code IP addresses.

Create sandbox accounts

To test your web and mobile apps with mock transactions, create a personal account to represent a buyer and a business account to represent a merchant.

  1. Log into Dashboard and type your PayPal personal or business account email and password.

    Note: If you do not have an account, click Sign Up.

  2. Under Sandbox, click Accounts, and then click Create Account.

  3. Choose the type of account and country that you want to test, and click Create. PayPal generates an account for you with test values for bank account, credit card, and balance. To edit account features, after the account has been created click on the edit button for that account.

    Note: If you need more customization of the test values, click Create Custom Account in the Create Sandbox Account dialog.