On this page
No Headings
Last updated: June 16, 2026
Follow these steps to add the Log in with PayPal button to your website or app.
Log into the Developer Dashboard.
From Apps & Credentials, select your app.
Under Other features, select the Log in with PayPal checkbox and then select Advanced Settings.
Enter a Return URL. Your website or app redirects your users to this URL after they complete the Log in with PayPal flow.
Select the user information you want shared with your website or app:
Note: You'll have access to the values of the attributes that you select. However, this doesn't authorize you to email users. You must provide your users with a separate option to opt-in or opt-out of communications not related to purchases (such as marketing emails, newsletters, and offers).
Enter your Privacy policy URL and User agreement URL.
https://example.com.You have two options for adding the Log in with PayPal button to your website or app:
| Option | Use case |
|---|---|
| Generate button | If you want the simplest integration, use the PayPal button generator to dynamically generate the necessary JavaScript. |
| Build button | If you want greater control and customization options, manually build the button and construct your own authorization endpoint and parameters. |
Exchange the authorization code for an access token so you can call PayPal's user profile service.
https://api-m.sandbox.paypal.com/v1/oauth2/token.| Parameter | Specify in | Description |
|---|---|---|
Authorization | header | Separate your Base64-encoded client ID and secret credentials by a colon (:). |
grant_type | form body | The type of credentials that you provide to obtain a refresh token. Set to authorization_code. |
code | form body | Enter the PayPal-generated authorization code. |
curl -X POST https://api-m.sandbox.paypal.com/v1/oauth2/token \
-H 'Authorization: Basic {Your Base64-encoded ClientID:Secret}' \
-d 'grant_type=authorization_code&code={authorization_code}'Note: The access token expires after a short period of time, so you also receive a refresh token that you use to periodically refresh the access token. When you need to make a call to the user info service, use the refresh token first to get a new access token that you can then use to call the user info service.
| Field | Type | Description |
|---|---|---|
scope: {scope} | String | A list of space-separated permissions associated with the access token. |
access_token: {access token} | String | Identifies the actual token used to call the user info endpoint. |
token_type: {type} | String | Defines the type of token. In this case, the token type is Bearer. |
expires_in: 28800 | String | Identifies the number of seconds until the access token expires. The default is 28800 seconds or 8 hours. |
refresh_token: {refresh token} | String | Identifies the actual token used to refresh the access token. |
nonce: {nonce} | String | A one-time use random string generated from server-specific data is used to prevent replay attacks. |
Make a call to PayPal's tokenservice endpoint:
https://api-m.sandbox.paypal.com/v1/oauth2/token
Pass the refresh token to the tokenservice endpoint with the following parameters:
| Parameter | Specify in | Description |
|---|---|---|
Authorization | header | Separate your Base64-encoded client ID and secret credentials by a colon (:). |
grant_type | form body | Set to refresh_token. |
curl -X POST https://api-m.sandbox.paypal.com/v1/oauth2/token \
-H 'Authorization: Basic {Your Base64-encoded ClientID:Secret}=' \
-d 'grant_type=refresh_token&refresh_token={refresh token}'| Field | Type | Description |
|---|---|---|
scope: {scope} | String | A list of space-separated permissions associated with the access token. |
token_type: {type} | String | Defines the type of token. In this case, the token type is Bearer. |
expires_in: 28800 | String | Identifies the number of seconds until the access token expires. The default is 28800 seconds or 8 hours. |
access_token: {access token} | String | Identifies the actual token used to call the user info endpoint. |
nonce: {nonce} | String | A one-time use random string generated from server-specific data is used to prevent replay attacks. |
Call the Show user profile information method with the desired parameters to obtain the customer information.
Because Log in with PayPal involves sharing customer data, PayPal must review your app and approve it, before it can go live. All scopes require PayPal's approval.
Note: The app review process typically takes a few weeks. Plan for the app approval process before your planned go live date.
https://www.sandbox.paypal.com/connect? to https://www.paypal.com/connect?https://www.paypal.com/connect?flowEntry=static&client_id=CLIENT-ID&response_type=code&scope=openid%20profile%20email%20address&redirect_uri=https%3A%2F%2Fwww.google.com&state=123456https://api-m.sandbox.paypal.com/v1/oauth2/token to https://api-m.paypal.com/v1/oauth2/tokenhttps://api-m.sandbox.paypal.com/v1/identity/oauth2/userinfo to https://api-m.paypal.com/v1/identity/oauth2/userinfoFollow these best practices to get the most out of your integration