The PayPal REST APIs use webhooks for event notification.
Webhooks are HTTP callbacks that receive notification messages for events. To create a webhook at PayPal, users configure a webhook listener and subscribe it to events. A webhook listener is a server that listens at a specific URL for incoming HTTP
POST notification messages that are triggered when events occur. PayPal signs each notification message that it delivers to your webhook listener.
After you configure a listener, you can use a sample payload to simulate a webhook event. When you simulate an event, the simulator validates that your listener can successfully receive event data without any connectivity issues and generates mock event data to show you how webhook events look. You cannot verify these mock events.
After you validate your listener, you can subscribe your listener to events. When you subscribe your listener to events, you define:
|A list of events||An event can be a payment authorization, a payment state change, and so on. To determine to which events to subscribe, review the supported webhook event names.|
|Your webhook listener URL||A webhook listener is a server that you configure at a specific web URL to listen for incoming HTTP
Finally, verify the notifications that your listener receives when events occur.
Webhooks are asynchronous, their order is not guaranteed, and idempotency might lead to a duplicate notification of the same event type.
Important: If your webhook endpoint is unavailable or takes too long to respond, PayPal resends the notification message 25 times over the course of three days until a successful response is given.
To configure your webhook listener to receive notification messages for payment state changes and other events:
|1.||Optional||To make calls on behalf of a third party, you must be a partner in the PayPal Partner Program.|
|2.||Required||Get an access token.|
|3.||Required||Create sandbox accounts.|
|4.||Required||Configure a webhook listener.|
|5.||Optional||Simulate mock webhook events to validate your listener configuration.|
|6.||Required||Subscribe to events.|
|7.||Required||Verify event notifications.|
Create a PayPal app. In response, PayPal generates a set of OAuth credentials.
To generate mock transactions to test your app, complete these steps twice. First, create a business account to represent the merchant in a transaction. Then, create a personal account to represent the customer in a transaction.
From the Developer Portal, click Log into Dashboard and enter your PayPal business account email and password.
Note: If you do not have a business account, click Sign Up.
Under Sandbox, click Accounts. Then, click Create Account.
In the dialog box, enter these required fields:
Field Value Account Type Business (Merchant Account) or Personal (Buyer Account). Email Address A fake or valid email address. If you use a valid address, you receive email notifications when you run test transactions. Password A simple, easy-to-remember password, such as
PayPal Balance A high amount. For example,
You can also enter optional fields.
Click Create Account.
For more information, see Create a sandbox account.
A webhook listener is a server that listens at a specific URL for incoming HTTP
POST notification messages that are triggered when events occur.
After you configure a listener, note the URL for the listener.
Use this URL to:
- Simulate mock webhook events to validate your listener configuration.
- Subscribe your webhook listener to events.
Next, simulate mock webhook events to validate your listener configuration.
After you configure a listener, you can use a sample payload to simulate a webhook event. When you simulate an event, the simulator:
Validates that your listener can successfully receive event data without any connectivity issues.
Generates mock event data to show you how webhook events look.
Note: The simulator generates mock events for demonstration purposes. You can view these events to see how events look. However, because these are mock events:
- You cannot verify the simulator-generated events.
- You cannot resend an event notification for a simulator-generated event.
- You cannot show webhook details for a simulator-generated event.
After the simulator queues one or more mock events, your webhook listener URL can listen for HTTP
POST notification messages. Each test event appears in your logs in the order that your listener receives them. The simulator sends mock static event data and event headers, which contain the PayPal-generated asymmetric signature and information that you can use to validate the signature.
To simulate a webhook event, use either:
Next, subscribe your listener to events.
Go to My Apps & Credentials. Click Log In.
If you already have an app, proceed to the next step.
Otherwise, click Create App to create an app. Note your client ID and secret. You need these values later.
In the WEBHOOKS section, click Add Webhook.
Add the URL for your listener, which is the endpoint URL that listens for incoming HTTP
POSTnotification messages that are triggered when events occur.
From the event types list, select the events to which to subscribe your app. You can select either all events or one or more individual events.
Click Save. The dashboard shows your webhook listener URL, the ID for the webhook, and the events to which you subscribed your app.
You can use this webhook ID to complete these Webhooks API operations:
Verify event notifications
You can verify webhook event notifications that your listener receives when events occur.
Note: You cannot verify the mock simulator-generated events.
When you verify events, you can list webhook events by app. You can filter this list by date range, resource, and event type. You can also show status and details for an event and resend an event notification.
To verify webhook event notifications, use one of these methods:
The PayPal REST SDKs. PayPal recommends that you use the REST SDKs to programmatically verify webhooks.
The Webhooks API
To use the PayPal REST SDKs to verify event notifications
These PayPal REST SDKs provide reference implementations that enable you to verify event notifications:
The REST SDK Quickstart shows you how to use the SDKs to create payment notification webhooks.
To use the dashboard to verify event notifications
Click Log In.
From the drop-down list, select the app for which to view webhook events.
Optionally, you can filter the list of webhook events by:
Date range. The range must be in the last 30 days.
A resource. Specify the ID for a sale, authorization, or other resource.
An event. From the drop-down list, select either all events or one or more individual events.
The dashboard shows events for the app, date range, resource, and event or events.
You can complete these actions on the Webhooks Events page:
View the status for events. Received events show a green check mark and pending events show a yellow exclamation point.
Resend a notification. Click Resend next to any webhook event in the list.
Navigate the results pages. Click the arrows adjacent to the page number at the bottom of the page.
View event details. Click an event. Details include event ID, resource type, and summary.