Integrate Connect with PayPal

Connect with PayPal (formerly Log in with PayPal) is a commerce identity solution that enables your customers to sign in to your web site quickly and securely by using their PayPal login credentials. Connect with PayPal is available free of charge.

Connect with PayPal provides an enhanced merchant experience for your customers through:

  • Simplicity. Only one user identity to remember to log in.
  • Convenience. Fewer address and bank account forms to fill out.
  • Peace of mind. As always, PayPal secures customer financial information.

Important: Seamless Checkout is no longer supported as of 2018.

Customer, merchant, and developer benefits

  • Open, standards-based solutions

    Connect with PayPal is based on OpenID Connect, which uses the open standard OpenID 2.0 and OAuth 2.0 protocols (OpenID Connect builds OAuth 2.0 capabilities into the protocol itself). This security enables you to trust that your users are securely logged-in. On your side, your system must manage the logged-in and log-out sessions. In addition, it must properly manage any of the user information provided through PayPal (specific user attributes can be shared by PayPal only after the user has provided consent to share those specific attributes with the merchant).

  • Streamlined sign up and sign in

    Customers use their PayPal credentials to securely sign up and sign in to your site. This reduces cart abandonment, and can increase conversion rates and sales. Also, customers do not need to create a user account to shop and pay on your site.

  • Access to more customers

    Better leverage PayPal's 100 million active members.

  • Automatic updates to customers' account data

Changes to user account data are dynamically updated.

Contents

Configuration

To integrate Connect with PayPal, complete these one-time configuration steps.

Create your PayPal application

Follow the steps to create your PayPal application and enable Connect with PayPal for your application.

After you successfully create your PayPal application, store your client_id and client_secret credentials and pass them to the PayPal endpoints in an authentication header in each request.

Embed the Connect with PayPal button

Connect with PayPal button

The Connect with PayPal button integration consists of these components:

  • The Connect with PayPal button image that is displayed on the merchant's website.
  • The authorization endpoint and the parameters passed to it. After customers click the button, they are forwarded to this endpoint.

Use one of these methods to embed the Connect with PayPal button in the merchant's website:

Method Description
Build custom Connect with PayPal button The simplest method is to enter information into the dynamic Connect with PayPal button JavaScript builder form, which generates JavaScript code to embed in the merchant's website.
You can localize and customer the Connect with PayPal button. Additionally, the authorization endpoint and its parameters are dynamically generated from the information entered in the button builder form.
Manually embed the Connect with PayPal button To understand the inner workings of the button integration, you can choose to manually embed the standard Login with PayPal button and construct the authorization endpoint and its parameters.

Integration steps

The Connect with PayPal integration consists of three phases that take place each time a customer logs in with PayPal from the merchant's website:

  1. The customer clicks Connect with PayPal, which forwards the customer to the authorization endpoint.

    If the customer successfully logs in to PayPal and consents to sharing basic information with the merchant, PayPal passes an authorization code to the merchant. The authorization code is integrated into the Connect with PayPal button, which calls the authorization endpoint. For integration information, see embed the Connect with PayPal button.

  2. The merchant passes the authorization code received in the previous step to the tokenservice endpoint and receives an access token and refresh token.

    The merchant provides these parameters in the authorization request:

    • Authorization request header. The Base64-encoded client ID and secret credentials separated by a colon (:).
    • grant_type. The type of credentials that you provide to obtain a refresh token. Set to authorization_code.
    • code. The PayPal-generated authorization code.

    This example call generates an initial access token:

    curl -X POST https://api.sandbox.paypal.com/v1/oauth2/token \
      -H 'Authorization: Basic QWRhYlZDRkdYQkhrQUw4b3ZfcGlQcWo2Z01hZjRldzZDQVRKYUxTYzRQT25qTFh5WlB3NHhzZzQ3RnNLZDhZMi00dGthTWVFZFdHMl9ETUs6RU96SjQ2MFlGV0xTVTlQckk2XzhLTFB6UnF4a0dfWElCX09ZbjFwZ1lHSVBTTU1GVVJfan RDcHlaX2tVSkNUVi15ZTAzdS1ac3k0RjNlY1U=' \
      -d 'grant_type=authorization_code&code={authorization_code}'
    

    The refresh token POST request returns this JSON object:

    {
      "token_type": "Bearer",
      "expires_in": "28800",
      "refresh_token": Refresh-Token-Value,
      "access_token": Access-Token-Value
    }
    

    The access token expires after a short period of the time, so the merchant also receives a refresh token to periodically refresh the access token.

    The response fields are:

    Field Type Description
    "token_type": "Bearer" String The token type, which is Bearer.
    "expires_in": "28800" String The number of seconds until the access token expires. Default is 28800.
    "refresh_token": Refresh-Token-Value String The refresh token.
    "access_token": Access-Token-Value String The access token.
  3. The merchant obtains the user profile information that the customer has consented to share with the merchant by passing the access token received from the previous step to the userinfo endpoint. For integration details, see get user information.

Additional information

Feedback