Accept credit card payments

Note: Direct credit card payment and related features are restricted in some countries.

PayPal makes it simple to charge credit cards. Just pass the credit card, shipping, and payment information to PayPal. The following sample shows a direct credit card payment call with only the required fields.

Important: Include an access token in the Authorization header. For more information about credentials and authorization, see make your first call.

curl -v https://api.sandbox.paypal.com/v1/payments/payment \
  -H "Content-Type:application/json" \
  -H "Authorization: Bearer Access-Token" \
  -d '{
  "intent": "sale",
  "payer":
  {
    "payment_method": "credit_card",
    "funding_instruments": [
    {
      "credit_card":
      {
        "number": "4012888888881881",
        "type": "mastercard",
        "expire_month": 12,
        "expire_year": 2018,
        "cvv2": 111,
        "first_name": "Betsy",
        "last_name": "Buyer"
      }
    }]
  },
  "transactions": [
  {
    "amount":
    {
      "total": "7.47",
      "currency": "USD"
    },
    "description": "This is the payment transaction description."
  }]
}'

Note: For sandbox calls, you can use the credit card numbers provided in your sandbox test accounts.

A successful call returns a payment object with details about the completed call:

{
  "id": "PAY-3AF33469GE649135YKEYTIEQ",
  "create_time": "2013-03-01T23:04:50Z",
  "update_time": "2013-03-01T23:04:55Z",
  "state": "approved",
  "intent": "sale",
  "payer":
  {
    "payment_method": "credit_card",
    "funding_instruments": [
    {
      "credit_card":
      {
        "type": "mastercard",
        "number": "xxxxxxxxxxxx5559",
        "expire_month": "12",
        "expire_year": "2018",
        "first_name": "Betsy",
        "last_name": "Buyer"
      }
    }]
  },
  "transactions": [
  {
    "amount":
    {
      "total": "7.47",
      "currency": "USD",
      "details":
      {
        "subtotal": "7.47"
      }
    },
    "description": "This is the payment transaction description.",
    "related_resources": [
    {
      "sale":
      {
        "id": "5YY3007569986962J",
        "create_time": "2013-03-01T23:04:50Z",
        "update_time": "2013-03-01T23:04:55Z",
        "state": "completed",
        "amount":
        {
          "total": "7.47",
          "currency": "USD"
        },
        "parent_payment": "PAY-3AF33469GE649135YKEYTIEQ",
        "links": [
        {
          "href": "https://api.sandbox.paypal.com/v1/payments/sale/5YY3007569986962J",
          "rel": "self",
          "method": "GET"
        },
        {
          "href": "https://api.sandbox.paypal.com/v1/payments/sale/5YY3007569986962J/refund",
          "rel": "refund",
          "method": "POST"
        },
        {
          "href": "https://api.sandbox.paypal.com/v1/payments/payment/PAY-3AF33469GE649135YKEYTIEQ",
          "rel": "parent_payment",
          "method": "GET"
        }]
      }
    }]
  }],
  "links": [
  {
    "href": "https://api.sandbox.paypal.com/v1/payments/payment/PAY-3AF33469GE649135YKEYTIEQ",
    "rel": "self",
    "method": "GET"
  }]
}

In addition to payment details, the response includes these fields:

  • id. The PayPal-generated ID for the payment.
  • state. The state of the payment. The value is:
    • created. The payment was successfully created.
    • approved. The buyer approved the payment.
    • failed. The payment request failed.
  • create_time. The date and time when the payment was created.

Read more about the payment call in the API reference.

PCI compliance

All merchants who accept, store, transmit or process any card holder data, regardless of size or number of transactions, must comply with the Payment Card Industry Data Security Standards (PCI DSS).

PCI compliance handled by PayPal

With PayPal's JavaScript buttons or the PayPal iOS SDK, PayPal handles the payment card information on your behalf and so greatly eases the burden of PCI compliance.

PCI compliance handled by you

If you use the PayPal REST APIs for accepting credit card payments, you handle card data directly and will need to ensure you are PCI compliant.

Note: If you do not want to store credit card information on your servers, you can store credit card details with PayPal by using the vault service. See store credit card data.

What's next