Integrate Connect with PayPal

Connect with PayPal (formerly Log in with PayPal) is a commerce identity solution that enables your customers to sign in to your web site quickly and securely by using their PayPal login credentials. Connect with PayPal is available free of charge.

To integrate Connect with PayPal, complete these one-time configuration steps:

  1. Set up your development environment.
  2. Embed the Connect with PayPal button.

Then, complete the integration steps.

Set up your development environment

Before you can integrate Connect with PayPal, you must set up your development environment. After you get a token that lets you access protected REST API resources, you create sandbox accounts to test your web and mobile apps.

When you create an app, enable Connect with PayPal in the App feature options section.

For details, see Get Started.

Then, return to this page to integrate Connect with PayPal.

Embed the Connect with PayPal button

Connect with PayPal button

The Connect with PayPal button integration consists of these components:

  • The Connect with PayPal button image that appears on the merchant's website.
  • The authorization endpoint and the parameters passed to it. After a customer clicks the button, they are forwarded to this endpoint.

Use one of these methods to embed the Connect with PayPal button in the merchant's website:

Method Description
Build custom Connect with PayPal button The simplest method. Type information into the dynamic Connect with PayPal button JavaScript builder form, which generates JavaScript code to embed in the merchant's website.
You can localize and customize the Connect with PayPal button. Additionally, the authorization endpoint and its parameters are dynamically generated from the information that you type in the button builder form.
Manually embed the Connect with PayPal button To understand the inner workings of the button integration, you can manually embed the standard Login with PayPal button and construct the authorization endpoint and its parameters.

Integration steps

The Connect with PayPal integration consists of three phases that take place each time a customer logs in with PayPal from the merchant's website:

  1. The customer clicks Connect with PayPal, which forwards the customer to the authorization endpoint.

    If the customer successfully logs in to PayPal and consents to sharing basic information with the merchant, PayPal passes an authorization code to the merchant. The authorization code is integrated into the Connect with PayPal button, which calls the authorization endpoint. For integration information, see embed the Connect with PayPal button.

  2. The merchant passes the authorization code received in the previous step to the tokenservice endpoint and receives an access token and refresh token.

    The merchant provides these parameters in the authorization request:

    • Authorization request header. The Base64-encoded client ID and secret credentials separated by a colon (:).
    • grant_type. The type of credentials that you provide to obtain a refresh token. Set to authorization_code.
    • code. The PayPal-generated authorization code.

    This example call generates an initial access token:

    curl -X POST https://api.sandbox.paypal.com/v1/oauth2/token \
      -H 'Authorization: Basic QWRhYlZDRkdYQkhrQUw4b3ZfcGlQcWo2Z01hZjRldzZDQVRKYUxTYzRQT25qTFh5WlB3NHhzZzQ3RnNLZDhZMi00dGthTWVFZFdHMl9ETUs6RU96SjQ2MFlGV0xTVTlQckk2XzhLTFB6UnF4a0dfWElCX09ZbjFwZ1lHSVBTTU1GVVJfan RDcHlaX2tVSkNUVi15ZTAzdS1ac3k0RjNlY1U=' \
      -d 'grant_type=authorization_code&code={authorization_code}'
    

    The refresh token POST request returns this JSON object:

    {
      "token_type": "Bearer",
      "expires_in": "28800",
      "refresh_token": " Refresh-Token",
      "access_token": " Access-Token"
    }
    

    The access token expires after a short period of the time, so the merchant also receives a refresh token to periodically refresh the access token.

    The response fields are:

    Field Type Description
    "token_type": "Bearer" String The token type, which is Bearer.
    "expires_in": "28800" String The number of seconds until the access token expires. Default is 28800.
    "refresh_token": " Refresh-Token" String The refresh token.
    "access_token": " Access-Token" String The access token.
  3. The merchant obtains the user profile information that the customer has consented to share with the merchant by passing the access token received from the previous step to the userinfo endpoint. For integration details, see get user information.

Additional information

Feedback