Authorize an order
Call the Orders API from your server to authorize an order.
Know before you code
- To install the PayPal SDK on your server, see Set up Server-Side SDK. If you are calling the API directly, you do not need to install the SDK.
-
This client and server-side integration uses the following:
Use cases
- You want your server to decide which parameters to use when setting up the transaction, such as cart totals and line items.
- You need to get transaction details, capture a transaction, or authorize a transaction from a different page.
1. Add server code
This code:
- Sets up your server to make calls to PayPal.
- Sets up your server to receive a call from the client with the order ID.
- Calls PayPal to create the authorization.
- Saves the authorization ID to your database.
- Handles any errors from the call.
- Returns a successful response to the client.
// Note: This is example code. Each server platform and programming language has a different way of handling requests, making HTTP API calls, and serving responses to the browser.
// 1. Set up your server to make calls to PayPal
// 1a. Add your client ID and secret
PAYPAL_CLIENT = 'PAYPAL_SANDBOX_CLIENT';
PAYPAL_SECRET = 'PAYPAL_SANDBOX_SECRET';
// 1b. Point your server to the PayPal API
PAYPAL_OAUTH_API = 'https://api-m.sandbox.paypal.com/v1/oauth2/token/';
PAYPAL_ORDER_API = 'https://api-m.sandbox.paypal.com/v2/checkout/orders/';
// 1c. Get an access token from the PayPal API
basicAuth = base64encode(`${ PAYPAL_CLIENT }:${ PAYPAL_SECRET }`);
auth = http.post(PAYPAL_OAUTH_API {
headers: {
Accept: `application/json`,
Authorization: `Basic ${ basicAuth }`
},
data: `grant_type=client_credentials`
});
// 2. Set up your server to receive a call from the client
function handleRequest(request, response) {
// 2a. Get the order ID from the request body
orderID = request.body.orderID;
// 3. Call PayPal to create the authorization
authorization = http.post(PAYPAL_ORDER_API + orderID + '/authorize', {
headers: {
Accept: `application/json`,
Authorization: `Bearer ${ auth.access_token }`
}
});
// 4. Save the authorization ID to your database
if (!authorization.error) {
authorizationID = authorization.purchase_units[0]
.payments.authorizations[0].id
database.saveAuthorizationID(authorizationID);
}
// 5. Handle any errors from the call
if (authorization.error) {
return response.send(500);
}
// 6. Return a successful response to the client
response.send(200);
}
curl -v -X POST https://api-m.sandbox.paypal.com/v2/checkout/orders/ <order-id>/authorize \ -H "Content-Type: application/json" \ -H "Authorization: Bearer Access-Token" \ -H "PayPal-Request-Id: 7b92603e-77ed-4896-8e78-5dea2050476a"
// 1. Set up your server to make calls to PayPal
// 1a. Import the SDK package
const checkoutNodeJssdk = require('@paypal/checkout-server-sdk');
// 1b. Import the PayPal SDK client that was created in `Set up Server-Side SDK`.
/**
*
* PayPal HTTP client dependency
*/
const payPalClient = require('../Common/payPalClient');
// 2. Set up your server to receive a call from the client
module.exports = async function handleRequest(req, res) {
// 2a. Get the order ID from the request body
const orderID = req.body.orderID;
// 3. Call PayPal to create the authorization
const request = new checkoutNodeJssdk.orders.OrdersAuthorizeRequest(orderID);
request.requestBody({});
try {
const authorization = await payPalClient.client().execute(request);
// 4. Save the authorization ID to your database
const authorizationID = authorization.result.purchase_units[0]
.payments.authorizations[0].id
// await database.saveAuthorizationID(authorizationID);
} catch (err) {
// 5. Handle any errors from the call
console.error(err);
return res.send(500);
}
// 6. Return a successful response to the client
res.send(200);
}
<?php
namespace Sample\AuthorizeIntentExamples;
require __DIR__ . '/vendor/autoload.php';
//1. Import the PayPal SDK client that was created in `Set up Server-Side SDK`.
use Sample\PayPalClient;
use PayPalCheckoutSdk\Orders\OrdersAuthorizeRequest;
class AuthorizeOrder
{
// 2. Set up your server to receive a call from the client
/**
*Use this function to perform authorization on the approved order
*Pass a valid, approved order ID as an argument.
*/
public static function authorizeOrder($orderId, $debug=false)
{
$request = new OrdersAuthorizeRequest($orderId);
$request->body = self::buildRequestBody();
// 3. Call PayPal to authorize an order
$client = PayPalClient::client();
$response = $client->execute($request);
// 4. Save the authorization ID to your database. Implement logic to save authorization to your database for future reference.
if ($debug)
{
print "Status Code: {$response->statusCode}\n";
print "Status: {$response->result->status}\n";
print "Order ID: {$response->result->id}\n";
print "Authorization ID: {$response->result->purchase_units[0]->payments->authorizations[0]->id}\n";
print "Links:\n";
foreach($response->result->links as $link)
{
print "\t{$link->rel}: {$link->href}\tCall Type: {$link->method}\n";
}
print "Authorization Links:\n";
foreach($response->result->purchase_units[0]->payments->authorizations[0]->links as $link)
{
print "\t{$link->rel}: {$link->href}\tCall Type: {$link->method}\n";
}
// To toggle printing the whole response body comment/uncomment the following line
echo json_encode($response->result, JSON_PRETTY_PRINT), "\n";
}
return $response;
}
/**
*Setting up request body for authorization.
*Refer to API reference for details.
*/
public static function buildRequestBody()
{
return "{}";
}
}
/**
*This driver function invokes authorize order.
*/
if (!count(debug_backtrace()))
{
AuthorizeOrder::authorizeOrder('<REPLACE-WITH-VALID-APPROVED-ORDER-ID>', true);
}
?>
# 1. Import the PayPal SDK client that was created in `Set up Server-Side SDK`.
from sample import PayPalClient
from paypalcheckoutsdk.orders import OrdersAuthorizeRequest
import json
class AuthorizeOrder(PayPalClient):
#2. Set up your server to receive a call from the client
"""Use this function to authorize an approved order.
Pass a valid, authorized order ID as an argument to this
function."""
def authorize_order(self, order_id, debug=False):
"""Method to authorize order using order_id"""
request = OrdersAuthorizeRequest(order_id)
request.prefer("return=representation")
# 3. Call PayPal to authorize an order
request.request_body(self.build_request_body())
response = self.client.execute(request)
# 4. Save the authorization ID to your database. Implement logic to save authorization to your database for future reference.
if debug:
print 'Status Code: ', response.status_code
print 'Status: ', response.result.status
print 'Order ID: ', response.result.id
print ('Authorization ID:',
response.result.purchase_units[0].payments.authorizations[0].id)
print 'Links:'
for link in response.result.links:
print('\t{}: {}\tCall Type: {}'
.format(link.rel, link.href, link.method))
print 'Authorization Links:'
for link in response.result.purchase_units[0].payments.authorizations[0].links:
print('\t{}: {}\tCall Type: {}'
.format(link.rel, link.href, link.method))
print "Buyer:"
print ("\tEmail Address: {}\n\tPhone Number: {}"
.format(response.result.payer.email_address,
response.result.payer.phone.phone_number.national_number))
json_data = self.object_to_json(response.result)
print "json_data: ", json.dumps(json_data,indent=4)
return response
"""Sample request body to authorize order. You can update this with
the required fields, as needed."""
@staticmethod
def build_request_body():
return {}
"""This driver function invokes the authorize_order function with
a valid, approved order ID to authorize the sample order.
Replace the Order ID value with a valid, approved order ID"""
if __name__ == "__main__":
order_id = '<REPLACE-WITH-VALID-APPROVED-ORDER-ID>'
AuthorizeOrder().authorize_order(order_id, debug=True)
# 1. Import the PayPal SDK client that was created in `Set up Server-Side SDK`.
require_relative '../paypal_client'
include PayPalCheckoutSdk::Orders
module Samples
module AuthorizeIntentExamples
class AuthorizeOrder
#2. Set up your server to receive a call from the client
# Use this function to authorize an approved order.
def authorize_order (order_id, debug=false)
request = OrdersAuthorizeRequest::new(order_id)
request.prefer("return=representation")
# You can update this request body with fields as needed.
# Refer API docs for more information.
request.request_body({})
# 3. Call PayPal to authorize an order
response = PayPalClient::client::execute(request)
# 4. Save the authorization ID to your database. Implement logic to save authorization your database for future reference.
if debug
puts "Status Code: " + response.status_code.to_s
puts "Status: " + response.result.status
puts "Order ID: " + response.result.id
puts "Authorization ID: " + response.result.purchase_units[0].payments.authorizations[0].id
puts "Intent: " + response.result.intent
puts "Links:"
for link in response.result.links
# This could also be named link.rel or link.href, but method
# is a reserved keyword for Ruby. Avoid calling link.method.
puts "\t#{link["rel"]}: #{link["href"]}\tCall Type: #{link["method"]}"
end
puts "Authorization Links:"
for link in response.result.purchase_units[0].payments.authorizations[0].links
# This could also be named link.rel or link.href, but method
# is a reserved keyword for Ruby. Avoid calling link.method.
puts "\t#{link["rel"]}: #{link["href"]}\tCall Type: #{link["method"]}"
end
puts "Buyer:"
buyer = response.result.payer
puts "\tEmail Address: #{buyer.email_address}\n\tName: #{buyer.name.given_name} #{buyer.name.surname}\n\tPhone Number: #{buyer.phone.phone_number.national_number}"
puts PayPalClient::openstruct_to_hash(response.result).to_json
end
return response
end
end
end
end
# This driver function invokes the authorize_order function with
# approved order ID. Replace order ID with a valid, approved order ID
if __FILE__ == $0
Samples::AuthorizeIntentExamples::AuthorizeOrder::new::authorize_order('<REPLACE-WITH-VALID-APPROVED-ORDER-ID>',true)
end
package com.paypal.AuthorizeIntentExamples;
import java.io.IOException;
import org.json.JSONObject;
import com.braintreepayments.http.HttpResponse;
import com.braintreepayments.http.serializer.Json;
import com.paypal.PayPalClient;
import com.paypal.orders.LinkDescription;
import com.paypal.orders.Order;
import com.paypal.orders.OrderActionRequest;
import com.paypal.orders.OrdersAuthorizeRequest;
/*
*
*1. Import the PayPal SDK client that was created in `Set up Server-Side SDK`.
*This step extends the SDK client. It's not mandatory to extend the client, you can also inject it.
*/
public class AuthorizeOrder extends PayPalClient {
//2. Set up your server to receive a call from the client
/**
*Method to authorize order after creation
*
*@param orderId Valid Approved Order ID from createOrder response
*@param debug true = print response data
*@return HttpResponse<Order> response received from API
*@throws IOException Exceptions from API if any
*/
public HttpResponse<Order> authorizeOrder(String orderId, boolean debug) throws IOException {
OrdersAuthorizeRequest request = new OrdersAuthorizeRequest(orderId);
request.requestBody(buildRequestBody());
// 3. Call PayPal to authorization an order
HttpResponse<Order> response = client().execute(request);
// 4. Save the authorization ID to your database. Implement logic to save the authorization to your database for future reference.
if (debug) {
System.out.println("Authorization Ids:");
response.result().purchaseUnits()
.forEach(purchaseUnit -> purchaseUnit.payments()
.authorizations().stream()
.map(authorization -> authorization.id())
.forEach(System.out::println));
System.out.println("Link Descriptions: ");
for (LinkDescription link : response.result().links()) {
System.out.println("\t" + link.rel() + ": " + link.href());
}
System.out.println("Full response body:");
System.out.println(new JSONObject(new Json().serialize(response.result())).toString(4));
}
return response;
}
/**
*Building empty request body.
*
*@return OrderActionRequest with empty body
*/
private OrderActionRequest buildRequestBody() {
return new OrderActionRequest();
}
/**
*This driver function invokes the authorizeOrder function to
*create a sample order.
*
*@param args
*/
public static void main(String[] args) {
try {
new AuthorizeOrder().authorizeOrder("<REPLACE-WITH-VALID-APPROVED-ORDER-ID>", true);
} catch (Exception e) {
e.printStackTrace();
}
}
}
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
//1. Import the PayPal SDK client that was created in `Set up Server-Side SDK`.
using Samples;
using PayPalCheckoutSdk.Orders;
using BraintreeHttp;
namespace Samples.AuthorizeIntentExamples
{
public class AuthorizeOrderSample
{
//2. Set up your server to receive a call from the client
//Use this function to perform authorization on the approved order.
public async static Task<HttpResponse> AuthorizeOrder(string OrderId, bool debug = false)
{
var request = new OrdersAuthorizeRequest(OrderId);
request.Prefer("return=representation");
request.RequestBody(new OrderActionRequest());
//3. Call PayPal to authorization an order
var response = await PayPalClient.client().Execute(request);
//4. Save the authorization ID to your database. Implement logic to save the authorization to your database for future reference.
if (debug)
{
var result = response.Result<Order>();
Console.WriteLine("Status: {0}", result.Status);
Console.WriteLine("Order Id: {0}", result.Id);
Console.WriteLine("Authorization Id: {0}",
result.PurchaseUnits[0].Payments.Authorizations[0].Id);
Console.WriteLine("Intent: {0}", result.Intent);
Console.WriteLine("Links:");
foreach (LinkDescription link in result.Links)
{
Console.WriteLine("\t{0}: {1}\tCall Type: {2}", link.Rel,
link.Href,
link.Method);
}
AmountWithBreakdown amount = result.PurchaseUnits[0].Amount;
Console.WriteLine("Buyer:");
Console.WriteLine("\tEmail Address: {0}", result.Payer.EmailAddress);
Console.WriteLine("Response JSON: \n {0}",
PayPalClient.ObjectToJSONString(result));
}
return response;
}
static void Main(string[] args)
{
string OrderId = "<REPLACE-WITH-VALID-APPROVED-ORDER-ID>";
AuthorizeOrder(OrderId, true).Wait();
}
}
}
For the full list of parameters and example responses, see authorize payment for order in the Orders API reference.
Note: Remember to swap the credentials and API URL from sandbox to production when going live with your integration.
2. Modify client code
Change the onApprove function on your client. This function now calls your server with the order ID instead of actions.order.authorize().
onApprove: function(data) {
return fetch('/my-server/authorize-paypal-transaction', {
method: 'post',
headers: {
'content-type': 'application/json'
},
body: JSON.stringify({
orderID: data.orderID
})
}).then(function(res) {
return res.json();
}).then(function(details) {
alert('Authorization created for ' + details.payer_given_name);
});
}
Step result
Your client and server are set up to call the Orders API to authorize a future capture from a transaction.
