Make your first call

To make REST API calls, create a PayPal REST app and get an access token:

1. Create a PayPal app.
When you create an app, PayPal generates a set of OAuth credentials.
OAuth is secure way to access APIs.
2. Get an access token.
Pass the OAuth credentials in a get access token call.
In response, the PayPal authorization server issues an access token.
3. Make REST API calls.
Use the access token for authentication when you make REST API calls.

Create a PayPal app

On the My Apps & Credentials page, click Log into Dashboard.

In the REST API apps section, click Create App.

PayPal generates a set of OAuth client_id and secret credentials for your app for both the sandbox and live environments.

Get an access token

The get access token endpoint is /v1/oauth2/token.

To get an access token, you pass your OAuth credentials in a get access token call. To make this call, you can use either cURL on the command line or the Postman app.

In response, the PayPal authorization server issues an access token.

Re-use the access token until it expires. See our rate limiting guidelines. When it expires, you can get a new token.

cURL example

  1. Download cURL for your environment.

  2. From the command line, run this command:

    curl -v \
       -H "Accept: application/json" \
       -H "Accept-Language: en_US" \
       -u "client_id:secret" \
       -d "grant_type=client_credentials"


    /v1/oauth2/token The get access token endpoint.
    client_id Your client ID.
    secret Your secret.
    grant_type The grant type. Set to client_credentials.
  3. View the sample response.


  • If you use Windows, use a Bash shell to make cURL calls.
  • If you use a command-line tool other than cURL, set content-type to application/x-www-form-urlencoded.

Postman example

  1. Download Postman for your environment, and open Postman.

  2. On the Authorization tab, select or enter this information:

    Method POST

    Username Your client ID.
    Password Your secret.
  3. On the Body tab, select or enter this information:

    Content type x-www-form-urlencoded
    key grant_type
    value client_credentials
  4. Click Send.

  5. View the sample response.

Sample response

  "scope": "* openid*",
  "nonce": "2017-06-08T18:30:28ZCl54Q_OlDqP6-4D03sDT8wRiHjKrYlb5EH7Di0gRrds",
  "Access-Token": "Access-Token",
  "token_type": "Bearer",
  "app_id": "APP-80W284485P519543T",
  "expires_in": 32398


Access-Token Your access token.
expires_in The number of seconds after which the token expires. Request another token when the current one expires.

Make REST API calls

With a valid access token, you can make REST API calls.

This sample call creates a PayPal account payment and uses only the required input parameters. The access token in the call is an OAuth bearer token.

Note: Payments API calls are always made by an actor, such as email, on behalf of a subject, or the payer. The actor specifies a bearer token in the Authorization: Bearer request header. A bearer token is an access token that is issued to the actor by an authorization server with the approval of the resource owner, or payer. In this case, the actor uses the bearer token to make a payments request on behalf of the subject.

curl -v \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer Access-Token" \
  -d '{
  "intent": "sale",
  "redirect_urls": {
    "return_url": "",
    "cancel_url": ""
  "payer": {
    "payment_method": "paypal"
  "transactions": [{
    "amount": {
      "total": "7.47",
      "currency": "USD"

A successful call returns a JSON response body with payment details. The state is created. You can use the Sandbox API Call History to confirm the creation of PayPal transactions.

To finalize and capture the PayPal payment, you must complete additional steps.

Additional information