Getting started

How Fastlane works

Fastlane is PayPal's quick guest checkout solution. It securely saves and retrieves payment and shipping information for Fastlane members. Fastlane members enter their email and receive prefilled checkout forms.

• Members can enter their email address and receive prefilled checkout forms.​
• Members can securely check out with their email address at any site that integrates Fastlane.​
• No password required. Members get a one-time confirmation code after entering their email address.

1. The guest enters the checkout page and PayPal sends an email form.
2. The guest enters their email and sends it to PayPal. PayPal determines if the email is registered for Fastlane.
3. If the email is registered, the guest receives a one-time password. After entering the password, the guest receives auto-filled checkout details.
4. If the email is not registered, the guest receives payment detail forms to fill out. After they fill out the forms, they can opt to save the information with their email address. The next time the guest enters their email, they receive auto-filled checkout details.

User flows

After a user signs up for Fastlane, they enter their email to get the member flow at any site with a Fastlane integration.

1. The guest bypasses signed-in checkout and PayPal checkout.
2. The guest is prompted to enter their email address.
3. The guest enters payment methods and shipping info to associate with the email.
4. The guest completes checkout and becomes a Fastlane member.

1. The member bypasses signed-in checkout and PayPal checkout.
2. The member enters their email and receives a one-time confirmation code.
3. The customer enters their email and sends it to PayPal. PayPal determines if the email is registered for Fastlane.
4. Fastlane returns prefilled payment and shipping info.
5. The member completes checkout.

Set up your REST app

This integration requires a sandbox business account. The sandbox account should automatically be set up for Fastlane, but to confirm:

• Log into the Developer Dashboard and select Apps & Credentials.
• In REST API apps, select or create an app. If you create an app, select Type > Partner.
• Go to Features > Accept Payments.
• Check if Fastlane and Vault are enabled. If not, select the Fastlane and Vault checkboxes and select Save Changes.

If you have an existing REST app and you don't see the option to enable Fastlane or Vault, contact your PayPal account representative.

Get API credentials

• From your developer dashboard, select Testing Tools > Sandbox Accounts.
• Under Account Name, find the business sandbox account you want to test with. Select the three dots (⋮) > View/Edit Account > API Credentials.
• Under REST API apps, select the name of the app you're using.
• The client ID and client secret is at the top. Save these credentials as you'll need them for the API requests and in the client-side integration script.

For more information on creating and managing sandbox accounts, see Sandbox accounts.

After you test your Fastlane integration in the sandbox, you can Go live.

Set up your development environment

Add PayPal to your Content Security Policy and initialize the SDK from your server.

Content Security Policy (CSP) is a web browser feature that helps prevent cross-site scripting and other attacks. CSP restricts the sources used to load resources on your page. This allows you to maintain better control over potentially malicious code.

Include the following directive in your policy:

1connect-src: https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.braintree-api.com
2font-src: https://*.paypalobjects.com
3frame-src: https://*.paypalobjects.com
4img-src: https://*.paypalobjects.com
5script-src: https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com
6style-src: unsafe-inline

To initialize the PayPal JS SDK and Fastlane components, generate a client token through a server-side call and then pass the token into the SDK.

1curl -s -X POST "https://api-m.sandbox.paypal.com/v1/oauth2/token" \
2 -u CLIENT_ID:CLIENT_SECRET \
3 -H "Content-Type: application/x-www-form-urlencoded" \
4 -H "PayPal-Auth-Assertion: AUTH-ASSERTION-CODE" \
5 -d "grant_type=client_credentials" \
6 -d "response_type=client_token" \
7 -d "intent=sdk_init" \
8 -d "domains[]=example.com,example2.com"

Copy the sample code and modify as follows:

• Get your client ID and secret from your Developer Dashboard.
• Replace CLIENT_ID with your client ID.
• Replace CLIENT_SECRET with your client secret.
• Replace example.com,example2.com with your own domains. Provide the root domain name only.
  • No subdomains such as sub.example.com.
  • No wildcard characters such as *.example.com.
  • No protocols such as http or https.
• Change AUTH-ASSERTION-CODE to your PayPal-Auth-Assertion token.

1{
2  "access_token" : "eyJraW...",
3  "app_id": "APP-80W2...",
4  "expires_in": 32400,
5  "nonce": "2024-01...",
6  "scope": "...",
7  "token_type": "Bearer"
8}