Accept credit card payments

Direct credit card payment and related features are restricted in some countries.

PayPal makes it simple to charge credit cards. Just pass the credit card, shipping, and payment information to PayPal. Here’s a simple direct credit card payment call with only the required fields.

Try It!: Create a credit card payment now using our interactive tool.

Important: Be sure to include an access token in the Authorization header. For more information on credentials and authorization, learn how to make your first call.

curl -v https://api.sandbox.paypal.com/v1/payments/payment \
-H "Content-Type:application/json" \
-H "Authorization: Bearer {accessToken}" \
-d '{
  "intent": "sale",
  "payer": {
    "payment_method": "credit_card",
    "funding_instruments": [
      {
        "credit_card": {
          "number": "5500005555555559",
          "type": "mastercard",
          "expire_month": 12,
          "expire_year": 2018,
          "cvv2": 111,
          "first_name": "Betsy",
          "last_name": "Buyer"
        }
      }
    ]
  },
  "transactions": [
    {
      "amount": {
        "total": "7.47",
        "currency": "USD"
      },
      "description": "This is the payment transaction description."
    }
  ]
}'

Note For Sandbox calls, you can use any fictitious credit card number that complies with “mod 10”, including credit cards provided in your Sandbox test accounts.

You get back a payment object with details about the completed call. Note the extra fields added in the response like id, state and create_time.

{
  "id": "PAY-3AF33469GE649135YKEYTIEQ",
  "create_time": "2013-03-01T23:04:50Z",
  "update_time": "2013-03-01T23:04:55Z",
  "state": "approved",
  "intent": "sale",
  "payer": {
    "payment_method": "credit_card",
    "funding_instruments": [
      {
        "credit_card": {
          "type": "mastercard",
          "number": "xxxxxxxxxxxx5559",
          "expire_month": "12",
          "expire_year": "2018",
          "first_name": "Betsy",
          "last_name": "Buyer"
        }
      }
    ]
  },
  "transactions": [
    {
      "amount": {
        "total": "7.47",
        "currency": "USD",
        "details": {
          "subtotal": "7.47"
        }
      },
      "description": "This is the payment transaction description.",
      "related_resources": [
        {
          "sale": {
            "id": "5YY3007569986962J",
            "create_time": "2013-03-01T23:04:50Z",
            "update_time": "2013-03-01T23:04:55Z",
            "state": "completed",
            "amount": {
              "total": "7.47",
              "currency": "USD"
            },
            "parent_payment": "PAY-3AF33469GE649135YKEYTIEQ",
            "links": [
              {
                "href": "https://api.sandbox.paypal.com/v1/payments/sale/5YY3007569986962J",
                "rel": "self",
                "method": "GET"
              },
              {
                "href": "https://api.sandbox.paypal.com/v1/payments/sale/5YY3007569986962J/refund",
                "rel": "refund",
                "method": "POST"
              },
              {
                "href": "https://api.sandbox.paypal.com/v1/payments/payment/PAY-3AF33469GE649135YKEYTIEQ",
                "rel": "parent_payment",
                "method": "GET"
              }
            ]
          }
        }
      ]
    }
  ],
  "links": [
    {
      "href": "https://api.sandbox.paypal.com/v1/payments/payment/PAY-3AF33469GE649135YKEYTIEQ",
      "rel": "self",
      "method": "GET"
    }
  ]
}

Read more about the payment call in the API reference.

PCI compliance

All merchants who accept, store, transmit or process any cardholder data, regardless of size or number of transactions, must comply with the Payment Card Industry Data Security Standards (PCI DSS).

PCI compliance handled by PayPal

With PayPal’s JavaScript buttons or the PayPal iOS SDK, PayPal handles the payment card information on your behalf and so greatly eases the burden of PCI compliance.

PCI compliance handled by you

If you use the PayPal REST APIs for accepting credit card payments, you handle card data directly and will need to ensure you are PCI compliant.

Note: Don’t want to store credit cards on your servers? You can store credit card details with PayPal using the vault call. Learn more about how to store a credit card.

What’s next: