Client Auth Tokens/
Integrate

Client Auth Tokens API Integration Guide

DOCS

Last updated: Jan 21st, 9:00am

This guide shows you how to use the Client Auth Tokens API to generate a limited-scope token for a client SDK. Use this token to initialize a client SDK.

Overview

To get the limited-scope token, your back end calls generate token for client SDK. This call takes an optional customer ID as an input parameter.

A successful request returns a JSON response body that shows:

  • A Base64-encoded client token.
  • The expiration time, in seconds.
    1{
    2  "client_token": "eyJicmFpbnRyZWUiOnsiYXV0aG9yaXphdGlvbkZpbmdlcnByaW50IjoiNTU1MDkxNWE1Y2I4MzFkM2M2M2MzOTc0OWY5MjlkZjUwZTE0MGI1NjE4ZDVhZDRjYTRkNTgyMTcyMTJlNjYyZHxtZXJjaGFudF9pZD1yd3dua3FnMnhnNTZobTJuJnB1YmxpY19rZXk9czlic3BuaGtxMmYzaDk0NCZjcmVhdGVkX2F0PTIwMTgtMDEtMDJUMTk6NDM6MzEuMDI5WiZjdXN0b21lcl9pZD1idXllckBnbWFpbC5jb20iLCJ2ZXJzaW9uIjoiMy1wYXlwYWwifSwicGF5cGFsIjp7ImFjY2Vzc1Rva2VuIjoiQTIxQUFGV3o4bjhoU2pMRGpZVmE1LVlJM1hqa0FrTEtodmhURDNJaUlNMXl2ckVkajBxMkhyQTlIMHIyM0VIT3E2UHpwR29XT0dHWkVScFRPZmxWZjdkNVgzUy16a2lvQSw1NTUwOTE1YTVjYjgzMWQzYzYzYzM5NzQ5ZjkyOWRmNTBlMTQwYjU2MThkNWFkNGNhNGQ1ODIxNzIxMmU2NjJkfG1lcmNoYW50X2lkPXJ3d25rcWcyeGc1NmhtMm4mcHVibGljX2tleT1zOWJzcG5oa3EyZjNoOTQ0JmNyZWF0ZWRfYXQ9MjAxOC0wMS0wMlQxOTo0MzozMS4wMjlaJmN1c3RvbWVyX2lkPWJ1eWVyQGdtYWlsLmNvbSJ9fQ==",
    3  "expires_in": 3600
    4}

    Integration steps
    1. Required Set up your development environment.
    2. Required After you make your first call and get your client ID, submit it to the PayPal integration team for provisioning.
    3. Required Generate token for client SDK.

    Set up your development environment

    Before you can integrate Client Auth Tokens, you must set up your development environment. After you get a token that lets you access protected REST API resources, you create sandbox accounts to test your web and mobile apps. For details, see Get started.

    Then, return to this page to integrate Client Auth Tokens.

    Generate token for client SDK

    After you make your first call and get your client ID, use your access token in the Authorization header of the call to the /v1/identity/generate-token endpoint.

    The following request generates a limited-scope token:

      1curl -v -X POST https://api-m.sandbox.paypal.com/v1/identity/generate-token \
      2  -H "Content-Type: application/json" \
      3  -H "Authorization: Bearer <Access-Token>" \
      4  -d '{
      5  "customer_id": "customer_1234"
      6}'

      A successful request returns a JSON response body that shows:

      • A client token that you can use to initialize a client SDK.
      • The expiration time, in seconds.
        1{
        2  "client_token": "eyJicmFpbnRyZWUiOnsiYXV0aG9yaXphdGlvbkZpbmdlcnByaW50IjoiNTU1MDkxNWE1Y2I4MzFkM2M2M2MzOTc0OWY5MjlkZjUwZTE0MGI1NjE4ZDVhZDRjYTRkNTgyMTcyMTJlNjYyZHxtZXJjaGFudF9pZD1yd3dua3FnMnhnNTZobTJuJnB1YmxpY19rZXk9czlic3BuaGtxMmYzaDk0NCZjcmVhdGVkX2F0PTIwMTgtMDEtMDJUMTk6NDM6MzEuMDI5WiZjdXN0b21lcl9pZD1idXllckBnbWFpbC5jb20iLCJ2ZXJzaW9uIjoiMy1wYXlwYWwifSwicGF5cGFsIjp7ImFjY2Vzc1Rva2VuIjoiQTIxQUFGV3o4bjhoU2pMRGpZVmE1LVlJM1hqa0FrTEtodmhURDNJaUlNMXl2ckVkajBxMkhyQTlIMHIyM0VIT3E2UHpwR29XT0dHWkVScFRPZmxWZjdkNVgzUy16a2lvQSw1NTUwOTE1YTVjYjgzMWQzYzYzYzM5NzQ5ZjkyOWRmNTBlMTQwYjU2MThkNWFkNGNhNGQ1ODIxNzIxMmU2NjJkfG1lcmNoYW50X2lkPXJ3d25rcWcyeGc1NmhtMm4mcHVibGljX2tleT1zOWJzcG5oa3EyZjNoOTQ0JmNyZWF0ZWRfYXQ9MjAxOC0wMS0wMlQxOTo0MzozMS4wMjlaJmN1c3RvbWVyX2lkPWJ1eWVyQGdtYWlsLmNvbSJ9fQ==",
        3  "expires_in": 3600
        4}

        Your back end can pass this token to a client SDK to initialize it and start accepting payments. With this two-step process, you can start accepting PayPal, cards, and alternative payment methods.

        Additional information

        ReferencePayPal.comPrivacyCookiesSupportLegalContact

        We currently use cookies to improve and customize your experience on our site. If you accept, we’ll also use marketing cookies to show you personalized ads. Manage your cookies and learn more.