Make your first call

To make a PayPal REST request, follow the steps described in the following sections:

Note: You can run the examples listed here directly as-is. However, when creating your own application, be sure to update the OAuth keys in your code with those assigned to your own PayPal app.

Create a PayPal app

Navigate to the My REST apps page, and log in if necessary. Click Create App to begin the application-creation process.

When you create a new app, PayPal generates a set of Sandbox OAuth keys for the application (the keys consist of a client_id and secret). See Manage your applications for details on creating and managing your PayPal applications.

Tip: See how the OAuth keys work by running the example in the next step—the example uses a set of dummy keys so you can easily make your first call by pasting the example as-is into a terminal window.

Get an access token

Make a /token call using your application's OAuth keys for the basic authentication values (the keys are the values of your client_id and secret). In the request body, set grant_type to client_credentials. When you run the command, PayPal generates and returns a new access token.


  • If you're using cURL, supply the OAuth values like this: -u {Client-Id}:{Secret}.
  • If you're using the Postman tool, enter the client_id and secret values on the Basic Auth tab using the client_id as the username and the secret as the password. Additionally, on the x-www-form-unlencoded tab, specify a grant_type of client_credentials.

Example access token request

curl -v \
-H "Accept: application/json" \
-H "Accept-Language: en_US" \
-u "EOJ2S-Z6OoN_le_KS1d75wsZ6y0SFdVsY9183IvxFyZp:EClusMEUk8e9ihI7ZdVLF5cZ6y0SFdVsY9183IvxFyZp" \
-d "grant_type=client_credentials"

Tip: If you're using Windows, we recommend you make cURL calls using a Bash shell. If you're not using cURL calls, set the content-type to application/x-www-form-urlencoded for this request.

Sample response:


Note: The access token is valid for the number of seconds specified in the expires_in response value. You must have a valid access token to make API requests—request a new token when the current one expires.

Make an API call

With a valid access token in hand, you're ready to make a request to a REST interface. Below is call to create a PayPal account payment. The simple request uses only the required input fields.

The access token is an OAuth bearer token, and is included in the header of your requests with the following syntax: Authorization: Bearer <Access-Token>. For details on authentication, see How PayPal uses OAuth.

Important: You must supply a valid access token to complete this request (generate a valid token using the example call above).

Example PayPal payment request

curl -v \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer <Access-Token>' \
-d '{

If the call is successful, PayPal returns a confirmation of the transaction with the state set to created. You can also confirm the creation of the PayPal transaction on your test dashboard.

Be aware that you must complete two additional steps to finalize and capture the PayPal payment. Accept a PayPal payment contains all the details needed to complete the PayPal payment flow. You can also learn how to make payments using our interactive tool.

Learn more

scroll to top