Integrate Log In with PayPal

Log In with PayPal (formerly PayPal Access) is a commerce identity solution that enables your customers to sign in to your web site quickly and securely by using their PayPal login credentials. Log In with PayPal is available free of charge.

Log In with PayPal provides an enhanced merchant experience for your customers through:

  • Simplicity. Only one user identity to remember to log in.
  • Convenience. Fewer address and bank account forms to fill out.
  • Peace of mind. As always, PayPal secures customer financial information.

Important: Seamless Checkout is no longer supported for existing and new integrations in 2018.

You can view a demo on the PayPal Demo.

Customer, merchant, and developer benefits

  • Open, standards-based solutions

    Log In with PayPal is based on OpenID Connect, which uses the open standard OpenID 2.0 and OAuth 2.0 protocols (OpenID Connect builds OAuth 2.0 capabilities into the protocol itself). This security enables you to trust that your users are securely logged-in. On your side, your system must manage the logged-in and log-out sessions. In addition, it must properly manage any of the user information provided through PayPal (specific user attributes can be shared by PayPal only after the user has provided consent to share those specific attributes with the merchant).

  • Streamlined sign up and sign in

    Customers use their PayPal credentials to securely sign up and sign in to your site. This reduces cart abandonment, and can increase conversion rates and sales. Also, customers do not need to create a user account to shop and pay on your site.

  • Access to more customers

    Better leverage PayPal's 100 million active members.

  • Automatic updates to customers' account data

Changes to user account data are dynamically updated.



To integrate Log In with PayPal, complete these one-time configuration steps.

Create your PayPal application

Follow the steps to create your PayPal application and enable Log In with PayPal for your application.

After you successfully create your PayPal application, store your client_id and client_secret credentials and pass them to the PayPal endpoints in an authentication header in each request.

Embed the Log In with PayPal button

The Log In with PayPal button integration consists of these components:

  • The Log In with PayPal button image that is displayed on the merchant's website.
  • The authorization endpoint and the parameters passed to it. After customers click the button, they are forwarded to this endpoint.

Embed the Log In with PayPal button in the merchant's website in one of these ways:

  1. The simplest method is to enter information into the dynamic Log In with PayPal button JavaScript builder form, which generates JavaScript code to embed in the merchant's website. Through the dynamic Log In with PayPal button JavaScript builder, the Log In with PayPal button can be localized and customized; additionally, the authorization endpoint and its parameters are dynamically generated from the information entered in the button builder form.
  2. If you prefer to understand the inner workings of the button integration, you can choose to manually embed the standard Login with PayPal button and construct the authorization endpoint and its parameters.

Integration steps

The Log In with PayPal integration consists of three phases that take place each time a customer logs in with PayPal from the merchant's website:

  1. The customer clicks Log In with PayPal, which forwards the customer to the authorization endpoint.

    If the customer successfully logs in to PayPal and consents to sharing basic information with the merchant, PayPal passes an authorization code to the merchant. The authorization code is integrated into the Login with PayPal button, which calls the authorization endpoint. For integration information, see embed the Log In with PayPal button.

  2. The merchant passes the authorization code received in the previous step to the tokenservice endpoint and receives an access token.

    The merchant provides these parameters in the authorization request:

    • Authorization request header. The Base64-encoded client ID and secret credentials separated by a colon (:).
    • grant_type. The type of credentials that you provide to obtain a refresh token. Set to authorization_code.
    • code. The PayPal-generated authorization code.

    This example call generates an initial access token:

    curl -X POST \
      -H 'Authorization: Basic QWRhYlZDRkdYQkhrQUw4b3ZfcGlQcWo2Z01hZjRldzZDQVRKYUxTYzRQT25qTFh5WlB3NHhzZzQ3RnNLZDhZMi00dGthTWVFZFdHMl9ETUs6RU96SjQ2MFlGV0xTVTlQckk2XzhLTFB6UnF4a0dfWElCX09ZbjFwZ1lHSVBTTU1GVVJfan RDcHlaX2tVSkNUVi15ZTAzdS1ac3k0RjNlY1U=' \
      -d 'grant_type=authorization_code&code={authorization_code}'

    The refresh token POST request returns this JSON object:

      "token_type": "Bearer",
      "expires_in": "28800",
      "refresh_token": "Refresh-Token-Value",
      "access_token": "Access-Token-Value"

    The access token expires after a short period of the time, so the merchant also receives a refresh token to periodically refresh the access token.

    The response fields are:

    Field Type Description
    "token_type": "Bearer" String The token type, which is Bearer.
    "expires_in": "28800" Integer The number of seconds until the access token expires. Default is 28800.
    "refresh_token": "Refresh-Token-Value" String The refresh token.
    "access_token": "Access-Token-Value" String The access token.
  3. The merchant obtains the user profile information that the customer has consented to share with the merchant by passing the access token received from the previous step to the userinfo endpoint. For integration details, see get user information.