PayPal application policies and guidelines

Use the following policies, guidelines, and best practices that you should follow when you create applications that make calls to PayPal API operations:

  • To make API calls to the PayPal production servers, you must be a registered PayPal Developer and have a PayPal Business Account in good standing.
  • The Merchant/Seller of Record must be the primary recipient for every PayPal transaction made between a payment Sender (Buyer) and the associated payment Recipient (Seller).
  • You must read and adhere to the guidelines listed in the PayPal Developer Agreement.
  • Follow the Branding Guidelines in Chapter 2 of the PayPal Interface Guide and use only authorized PayPal buttons on your payment page. Create PayPal buttons for your application through your PayPal account, or use the Button Manager API to create your own encrypted buttons.
  • Follow the Interface Design Principles in Chapter 3 of the PayPal Interface Guide.
  • Publicly post an Acceptable Use Policy (AUP) and legal agreement that aligns with PayPal's guidelines. (You may link to PayPal's policies if you do not want to create your own.)
  • Meet PayPal's Security guidelines if you're using the Pre-approval or Authentication APIs.
  • Provide your customers with information regarding your Customer Support Policy and include a Customer Support email address. In addition, we recommend you provide a Customer Support telephone number and an accompanying support website.
  • Publish a Refund Policy and a Privacy Policy.
  • If your application supports 501(c)3 non-profit organizations, each non-profit using your application must be prepared to provide proof of its non-profit status.
  • To understand how PayPal manages site traffic and when rate limiting may be used, see Rate limiting guidelines.

In addition to the above guidelines, be aware of the following restrictions:

  • Do not provide any escrow service or any other other type of holding service that violates PayPal's Acceptable Use Policy.
  • Do not use PayPal for Payment Aggregation—aggregating money from unverifiable funding sources, either going into or out of a PayPal account, is forbidden. All payments must flow directly from the Sender's PayPal account to the PayPal account of the entity who sold the associated good or service.
  • Do not transfer fees to a Sender (Buyer) and do not add surcharges to the transactions provided via PayPal services.
  • Do not store or collect PayPal user login credentials, passwords, PINs, or answers to security questions.
  • Do not use PayPal API operation calls to provide Personal Payments in India, Mexico, Malaysia, Singapore, and Taiwan.
  • Do not expand Personal payments or provide remittance services for any transactions provided via PayPal services.
  • Do not circumvent any PayPal policies or engage in any PayPal fee avoidance.

Lastly, before you can make calls to the live PayPal production servers, you must register your application with PayPal.

Note that if your application calls any advanced Adaptive API operations, PayPal will pass your application through a review phase. For complete details on moving your application into the PayPal production environment, see Going Live with Your Application.