On this page
No Headings
Last updated: June 7, 2026
The PayPal Checkout integration supports a 2-step authorize and capture payment model.
Authorize a buyer's funds before you capture them, then settle the purchase later. An authorization places a hold on the funds and is valid for 29 days. For example, use authorize and capture to complete a task before finalizing the payment, such as verifying that you have the item in stock.
PayPal uses the following REST API credentials, which you can get from the developer dashboard:
This feature modifies an existing PayPal Checkout integration and uses the following:
PayPal Checkout
You can use Postman to explore and test PayPal APIs. Learn more in our Postman guide.
The default approval intent of the JavaScript SDK is to both authorize the transaction and capture payment immediately. To split authorize and capture into separate actions, add &intent=authorize to the JavaScript SDK script tag, as shown in the following example:
<script
src="https://www.paypal.com/sdk/js?client-id=CLIENT_ID&intent=authorize">
</script>The onApprove function in the default integration captures the payment immediately. Replace the existing onApprove function with the following code. This code authorizes the payment but doesn't capture it.
onApprove: function(data) {
// Authorize the transaction
return fetch('/my-server/authorize-paypal-order', {
method: 'post',
body: JSON.stringify({
orderID: data.orderID
})
})
.then(response => response.json())
.then((authorizePayload) => {
// Get the authorization id from your payload
const authorizationID = authorizePayload.authorizationID;
// Optional message given to purchaser
alert(`
You have authorized this transaction.
Order ID: ${data.orderID}
Authorization ID: ${authorizationID}
`);
// Later you can use your server to validate and capture the transaction
});
})
}A successful authorization results in:
Pending transaction in your business account.You can use your server-side code to capture the order ID and authorization ID passed in the fetch method in the onApprove function.
Each server implementation is different. Make sure you have logic in your server-side code to receive the order ID and authorization ID that you pass from the client-side JavaScript fetch function.
Copy the following code and modify it to save the details to your server-side database:
API endpoint used: Show order details
curl -v -X GET https://api-m.sandbox.paypal.com/v2/checkout/orders/48S239579N169645 \\
-H "Content-Type: application/json" \\
-H "Authorization: Bearer ACCESS-TOKEN" \\Modify the code
After you copy the code in the sample request, modify the following:
Access-Token - Your access token.48S239579N169645.A successful request results in the following:
200 OK.After you capture the order details, you can complete any business tasks, such as verifying you have the item in stock, before you capture the payment.
{
"id": "48S239579N1696452",
"intent": "AUTHORIZE",
"purchase_units": [{
"reference_id": "default",
"amount": {
"currency_code": "USD",
"value": "30.00"
},
"payee": {
"email_address": "payee@example.com",
"merchant_id": "JK9AB28SRU4XL"
},
"shipping": {
"name": {
"full_name": "Firstname Lastname"
},
"address": {
"address_line_1": "123 Main St.",
"admin_area_2": "Anytown",
"admin_area_1": "CA",
"postal_code": "12345",
"country_code": "US"
}
},
"payments": {
"authorizations": [{
"status": "CREATED",
"id": "66P728836U784324A",
"amount": {
"currency_code": "USD",
"value": "30.00"
},
"seller_protection": {
"status": "ELIGIBLE",
"dispute_categories": ["ITEM_NOT_RECEIVED", "UNAUTHORIZED_TRANSACTION"]
},
"expiration_time": "2020-01-01T15:57:51Z",
"links": [{
"href": "https://api-m.sandbox.paypal.com/v2/payments/authorizations/66P728836U784324A",
"rel": "self",
"method": "GET"
}, {
"href": "https://api-m.sandbox.paypal.com/v2/payments/authorizations/66P728836U784324A/capture",
"rel": "capture",
"method": "POST"
}, {
"href": "https://api-m.sandbox.paypal.com/v2/payments/authorizations/66P728836U784324A/void",
"rel": "void",
"method": "POST"
}, {
"href": "https://api-m.sandbox.paypal.com/v2/payments/authorizations/66P728836U784324A/reauthorize",
"rel": "reauthorize",
"method": "POST"
}, {
"href": "https://api-m.sandbox.paypal.com/v2/checkout/orders/48S239579N1696452",
"rel": "up",
"method": "GET"
}],
"create_time": "2020-02-03T15:57:51Z",
"update_time": "2020-02-03T15:57:51Z"
}]
}
}],
"payer": {
"name": {
"given_name": "Firstname",
"surname": "Lastname"
},
"email_address": "payer@example.com",
"payer_id": "8Y7QBG68GYPHQ",
"address": {
"country_code": "US"
}
},
"create_time": "2020-02-03T15:57:17Z",
"update_time": "2020-02-03T15:57:51Z",
"links": [{
"href": "https://api-m.sandbox.paypal.com/v2/checkout/orders/48S239579N1696452",
"rel": "self",
"method": "GET"
}],
"status": "COMPLETED"
}If you haven't captured the payment within 3 days of authorization, you can reauthorize the payment to make sure the money is still available.
You can issue multiple reauthorizations within the 29-day authorization period after the honor period expires. A reauthorization generates a new authorization ID and restarts the 3-day honor period. Use the new authorization ID on subsequent captures.
If you reauthorize on the 27th day of the authorization period, you get only 2 days of the honor period.
To reauthorize a payment, copy the following code and modify it.
API endpoint used: Reauthorize authorized payment
curl -v -X POST https://api-m.sandbox.paypal.com/v2/payments/authorizations/66P728836U784324A/reauthorize \\
-H "Content-Type: application/json" \\
-H "Authorization: Bearer ACCESS-TOKEN" \\
-H "PayPal-Request-Id: PAYPAL-REQUEST-ID" \\Modify the code
After you copy the code in the sample request, modify the following:
Access-Token - Your access token.66P728836U784324A.PAYPAL-REQUEST-ID - Replace the sample ID with a unique alphanumeric ID that you generate. The PayPal request ID helps prevent duplicate authorizations if the API call is interrupted. For more information, see API idempotency.A successful request results in the following:
201 Created.{
"id": "8AA831015G517922L",
"status": "CREATED",
"links": [{
"rel": "self",
"method": "GET",
"href": "https://api-m.paypal.com/v2/payments/authorizations/8AA831015G517922L"
}, {
"rel": "capture",
"method": "POST",
"href": "https://api-m.paypal.com/v2/payments/authorizations/8AA831015G517922L/capture"
}, {
"rel": "void",
"method": "POST",
"href": "https://api-m.paypal.com/v2/payments/authorizations/8AA831015G517922L/void"
}, {
"rel": "reauthorize",
"method": "POST",
"href": "https://api-m.paypal.com/v2/payments/authorizations/8AA831015G517922L/reauthorize"
}]
}To capture the payment, copy the following code and modify it.
API endpoint used: Capture authorized payment
curl -v -X POST https://api-m.sandbox.paypal.com/v2/payments/authorizations/66P728836U784324A/capture \\
-H "Content-Type: application/json" \\
-H "Authorization: Bearer ACCESS-TOKEN" \\
-H "PayPal-Request-Id: PAYPAL-REQUEST-ID" \\Modify the code
After you copy the code in the sample request, modify the following:
ACCESS-TOKEN - Your access token.66P728836U784324A.PAYPAL-REQUEST-ID - Replace the sample ID with a unique alphanumeric ID you generate. The PayPal request ID helps prevent duplicate authorizations if the API call is interrupted. For more information, see API idempotency.A successful request results in the following:
201 Created.Pending to Completed.{
"id": "5KA38057EC136584R",
"status": "COMPLETED",
"links": [{
"href": "https://api-m.sandbox.paypal.com/v2/payments/captures/5KA38057EC136584R",
"rel": "self",
"method": "GET"
}, {
"href": "https://api-m.sandbox.paypal.com/v2/payments/captures/5KA38057EC136584R/refund",
"rel": "refund",
"method": "POST"
}, {
"href": "https://api-m.sandbox.paypal.com/v2/payments/authorizations/66P728836U784324A",
"rel": "up",
"method": "GET"
}]
}Test in the sandbox environment before going live.
Move from PayPal's production environment to go live.
Authenticate cardholders through card issuers.
Authorization and capture timing for 2-step payments.
Learn more about the Payments API.
Cancel an authorized payment using the Payments API.
Refund a captured payment using the Payments API.