I am trying to create Paypal subscription through its Rest API using live client and secret.
The API returns success message. The GET subscription API returns the active subscription created, however I don't see any active subscription in my Paypal dashbaord.
Paypal support says the subscription ID does not exist.
Has anyone encountered such issue with Paypal API?
I have attached API JSON response and snapshot herewith.
{
"plans": [
{
"id": "P-4UJ45561KJ704964LMJ2QDZQ",
"product_id": "PROD-4EX86934CR7151923",
"name": "Certified business economist IHK | VO 2022",
"status": "ACTIVE",
"description": "The business economist IHK is divided into the following five subjects with the new examination regulations 2022",
"usage_type": "LICENSED",
"create_time": "2022-05-06T11:09:26Z",
"links": [
{
"href": "https://api.paypal.com/v1/billing/plans/P-4UJ45561KJ704964LMJ2QDZQ",
"rel": "self",
"method": "GET",
"encType": "application/json"
}
]
}
],
"total_items": 1,
"total_pages": 1,
"links": [
{
"href": "https://api.paypal.com/v1/billing/plans?product_id=PROD-4EX86934CR7151923&page_size=2&page=1",
"rel": "self",
"method": "GET",
"encType": "application/json"
}
]
}
First of all, everything in your question shows creating a plan. A plan is not a subscription, it is the cycle details to be able to create a subscription.
Secondly, creating a subscription still will not do anything unless a payer signs in to approve it. For a payer to approve a subscription, use a PayPal button. This is detailed in the Subscriptions Integration Guide.
Note that the createSubscription function can create a subscription for approval itself, by passing it an object with a plan_id (and optionally a plan object to override some part of that plan_id). This is the most simple method.
Alternatively, the subscription can be created via API, at a route on your server which that function will fetch when the button is clicked. Something like:
<script src="https://www.paypal.com/sdk/js?client-id=YOUR_CLIENT_ID_GOES_HERE&vault=true&intent=subscription"></script>
<div id="paypal-button-container"></div>
<script>
paypal.Buttons({
style: {
label:'subscribe' //Optional text in button
},
createSubscription: function(data, actions) {
return fetch('/path/on/your/server/paypal/subscription/create/', {
method: 'post'
}).then(function(res) {
return res.json();
}).then(function(serverData) {
console.log(serverData);
return serverData.id;
});
},
onApprove: function(data, actions) {
/* Optional: At this point, notify your server of the activated subscription...
fetch('/path/on/your/server/paypal/subscription/activated/' + data.subscriptionID , {
method: 'post'
}).then(function(res) {
return res.json();
}).then(function(serverData) {
//
});
*/
//You could additionally subscribe to a webhook for the BILLING.SUBSCRIPTION.ACTIVATED event (just in case), as well as other future subscription events
//Ref: https://developer.paypal.com/api-basics/notifications/webhooks/event-names/#subscriptions
// Show a message to the buyer, or redirect to a success page
alert('You successfully subscribed! ' + data.subscriptionID);
}
}).render('#paypal-button-container');
</script>
It's not easy to use the official LinkedIn API and I cannot find a valid documentation.
Following the official documentation I created a new application in order to obtain the Client ID and Client Secret
When I now make a POST call through Postman to https://www.linkedin.com/oauth/v2/accessToken this is what I obtain:
{
"error": "invalid_grant_type",
"error_description": "The passed in grant_type is invalid"
}
Where am I wrong?
EDIT AFTER HELP FROM #Amit Singh
Thanks to #AmitSingh I was able to create 2 different applications, the test with the Client Credentials flow gave me as a result an error retrieving the token:
{
"error": "access_denied",
"error_description": "This application is not allowed to create application tokens"
}
When I try to use the LinkedIn 3-legged workflow I receive Unauthorized
EDIT 3: GETTING THERE THROUGH POSTMAN
I now see that I can ask Postman to do the job, however when I press on Get New Access Token it opens an error page. I believe the error might be in these 4 elements:
Token name: maybe I have to give a special token name?
Auth URL: I set https://www.getpostman.com/oauth2/callback as explained here but maybe I have to set something else?
Access Token URL: I left it blank, maybe I have to put something here?
State: I set a random string like Hello123Boy but maybe I have to put something else. Maybe is too long. Maybe is too short. Maybe it has to contain symbols, etc... ?
...Also, in the guide you linked it says that the applicatoin needs to have:
r_liteprofile
rw_company_admin
w_member_social
mine has nothing:
Being recently created is still under review. It says it can take up to 90 days. Is that true?
4th EDIT: I WANT TO BELIEVE!
Here we are, at least now I'm getting the error: Bummer, something went wrong. The redirect_uri does not match the registered value. This is amazing: finally an error that says where the problem is!
On the app the, on the Products tab, I choose Sign In with LinkedIn. As
Authorized redirect URLs for your app I set https://www.getpostman.com/oauth2/callback
In Postman I setup Auth URL and Access Token URL as you said:
LinkedIn Credential workflows
LinkedIn offers 2 different credential workflows.
LinkedIn 3-legged workflow - When you want to use an API that will access LinkedIn member's data. Authorization Code grant type needed.
LinkedIn Client Credentials flow - When you want to use an API that will access non-member resources. Client credentials grant needed.
What are grant types?
"Grant type" refers to how you have acquired an access token in an OAuth workflow.
Several grant types are supported. Some of them are:
Client Credentials - Used when you want to access your own resources and not any other users
Authorization Code - Used when an app wants to access a client's data
Refresh token - Exchange an expired access token for a valid access token, used to avoid repeated user involvement
Password - Used when there is high trust between the app and the user e.g. LinkedIn mobile app, you provide your username and password
Client Credentials flow
What you need to know
Grant type used here is Client credentials - client_credentials.
Remember to set your Content-Type to application/x-www-form-urlencoded for all POST requests in OAuth.
Steps
Create an App and get your Client ID and Client Secret. Steps are shown in the respective docs linked above. Let's say they have values - <client_id> and <client_secret>.
Send a POST required to https://www.linkedin.com/oauth/v2/accessToken with following information.
Parameters
grant_type : client_credentials
client_id : <client_id>
client_secret : <client_secret>
NOTE : client_credentials is the literal text to be entered for grant_type.
Response will return a JSON Object containing your access token and its expiry duration in seconds.
Response
{
"access_token" : <access_token>,
"expires_in" : "1800"
}
Use the <access_token> obtained in Step 2 make API requests.
Example
Request URL: https://www.linkedin.com/v2/jobs
Request type: GET
Parameters
Authorization: Bearer <access_token>
LinkedIn 3-legged workflow
What you need to know
Grant type will be Authorization code - code, since you want to access a user's data.
Your Content-Type should be application/x-www-form-urlencoded for all POST requests in OAuth.
Redirect URLs are URLs where you OAuth server will redirect the user after successful authorization.
These are verified against your provided redirect URLs to ensure that it's not fraudulent.
These should be absolute URLs.
URL arguments are ignored and cannot include a #.
Steps
Create app and provide the Redirect URLs, if not already provided. Check docs for information regarding how to do this.
Get your Client ID and Client Secret. Let's say the values are <client_id> and <client_secret>.
Generate a random, hard to guess string. Let's say it's <random-string>.
Choose one of the redirect URLs provided in Step 1, where you want user to be redirected after authorization. Let's say it is <redirect_uri>.
Let's suppose you want to:
r_emailaddress - Get his email address
w_member_social - Post, comment and like posts on behalf of the user.
These are referred as "permission scopes", as in what permissions is the user authenticating you for. When sending these scopes in your request, they should be URL-encoded and space-delimited. In this particular instance, our scope will be scope: r_emailaddress%20w_member_social. We have URL-encoded the scopes mentioned above.
Adding more information regarding scopes from the Microsoft docs:
The scopes available to your app depend on which Products or Partner Programs your app has access to. Your app's Auth tab will show current scopes available. You can apply for new Products under the Products tab. If approved, your app will have access to new scopes.
Send a POST request to https://www.linkedin.com/oauth/v2/authorization with following information.
Parameters
response_type : code
client_id : <client_id>
redirect_uri : <redirect_uri>
state : <random_string>
scope : r_emailaddress%20w_member_social
After the request, the user will be presented with LinkedIn's Auth screen and asked to approve the request.
After user approves the request and the <redirect_uri> has been verified, user will be redirected to provided <redirect_uri> along with the access code <access_code> and a value in state argument. Let's say in the state argument is <state_value>.
Verify that the <state_value> is equal to the <random_string> before working with the <access_code> to get access token, for security purposes. Also, use the <access_code> within 30 minutes of being issued, for security reasons.
Next, send a POST request to https://www.linkedin.com/oauth/v2/accessToken with following information to get the access token.
Parameters
grant_type : authorization_code
client_id : <client_id>
client_secret : <client_secret>
redirect_uri : <redirect_uri>
code : <access_code>
NOTE : authorization_code is the literal text to be passed in grant_type.
You should get a similar response as in the Client Credentials workflow containing your access token and expiry duration.
Response
{
"access_token" : <access_token>,
"expires_in" : "1800"
}
Use the <access_token> obtained in Step 9 make API requests.
Example
Request URL: `https://www.linkedin.com/v2/me`
Request type: GET
Parameters:
Authorization: Bearer <access_token>
How to do this in Postman?
Create a new Collection.
Right click, select edit collection and move to authorization tab.
In "Type", select "OAuth2.0", click on "Get New Access Token".
You will see a screen where all the familiar terms mentioned above are there. Fill those, check the "Authorize via Browser" checkbox for authorization.
Now you have the access token and can proceed to make your API calls.
Postman has been designed to make such operations easier, but you have to know how to do it. For more details, you can read their official docs.
Thanks to #timur and #AmitSingh I finally arrived to authenticate to LinkedIn API.
A brief step by step solution in pictures:
Authorized redirect URLs for your app = https://oauth.pstmn.io/v1/callback
OAuth 2.0 scopes = must have r_emailaddress and r_liteprofile
In the Products Tab set Sign In with LinkedIn
Now open Postman > Collections > New Collection > Authorization and set the parameters as in picture:
TYPE = OAUTH 2.0
Token Name = put whatever you want
Callback URL = https://oauth.pstmn.io/v1/callback (should be greyed out once you tick Authorize using browser)
Tick Authorize using browser
Auth URL = https://www.linkedin.com/oauth/v2/authorization
Access Token URL = https://www.linkedin.com/oauth/v2/accessToken
Client ID = The Client ID you find on your LinkedIn App
Client Secret = The Client Secret you find on your LinkedIn App
Scope = r_liteprofile r_emailaddress
State = put whatever you like
Now click on Get New Access Token, a page will open on your browser and you will be able to login using your LinkedIn account. Once done you are authenticated.
Now use the code provided by #timur and on Postman go to Import > Upload File and import that .JSON file. You will now have the 4 queries and you can drag and drop them in your collection.
Assuming you've created your app, added correct redirect URL and enabled "Sign In with LinkedIn" product for your app, the issue you are having is probably that the first call returns a login page where your users are supposed to authenticate.
submit the request to https://www.linkedin.com/oauth/v2/authorization (you seem to have done that)
parse response of step 1 and extract all form values, add username and password to simulate user login
make POST request and use values from previous step as x-www-form-urlencoded data
manually follow the redirect header from step 3
make note of second redirect header but do not follow it - instead extract the code
POST code from previous step to https://www.linkedin.com/oauth/v2/accessToken and get access_token in response
From here, I was able to successfully transition to the auth code by following the steps.
I am not sure if you use the online Postman, but here's my complete collection export file for reference:
{
"info": {
"_postman_id": "397761c9-4287-43f2-860a-3c34cb710d50",
"name": "Linkedin oAuth",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "01 request Login form",
"event": [
{
"listen": "test",
"script": {
"exec": [
"const $ = cheerio.load(pm.response.text());\r",
"var inputs = $('form').serializeArray();\r",
"var payload = '';\r",
"inputs.forEach(i => {\r",
" payload += encodeURIComponent(i.name)+ '=' + encodeURIComponent(i.value) + '&';\r",
"})\r",
"payload += 'session_key='+ encodeURIComponent(pm.collectionVariables.get('username')) + '&'\r",
"payload += 'session_password='+ encodeURIComponent(pm.collectionVariables.get('password'))\r",
"\r",
"pm.collectionVariables.set(\"form_data\", payload);"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id={{client_id}}&redirect_uri={{redirect_uri}}&scope=r_liteprofile&state={{$guid}}",
"protocol": "https",
"host": [
"www",
"linkedin",
"com"
],
"path": [
"oauth",
"v2",
"authorization"
],
"query": [
{
"key": "response_type",
"value": "code"
},
{
"key": "client_id",
"value": "{{client_id}}"
},
{
"key": "redirect_uri",
"value": "{{redirect_uri}}"
},
{
"key": "scope",
"value": "r_liteprofile"
},
{
"key": "state",
"value": "{{$guid}}"
}
]
}
},
"response": []
},
{
"name": "02 Submit login form",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"var url = 'https://www.linkedin.com'+ pm.response.headers.get(\"Location\");\r",
"pm.collectionVariables.set('first_redirect', url);\r",
"//console.log(pm.collectionVariables.get('first_redirect'));"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"followRedirects": false
},
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/x-www-form-urlencoded",
"type": "text"
}
],
"body": {
"mode": "raw",
"raw": "{{form_data}}",
"options": {
"raw": {
"language": "text"
}
}
},
"url": {
"raw": "https://www.linkedin.com/checkpoint/lg/login-submit",
"protocol": "https",
"host": [
"www",
"linkedin",
"com"
],
"path": [
"checkpoint",
"lg",
"login-submit"
]
}
},
"response": []
},
{
"name": "03 handle login-success redirect",
"event": [
{
"listen": "test",
"script": {
"exec": [
"var sdk = require('postman-collection');\r",
"var redirect = new sdk.Url(pm.response.headers.get(\"Location\"));\r",
"pm.collectionVariables.set('code', redirect.query.filter(q => q.key === 'code').map(k => k.value)[0]);\r",
"//console.log(pm.collectionVariables.get('code'));"
],
"type": "text/javascript"
}
},
{
"listen": "prerequest",
"script": {
"exec": [
"console.log(pm.variables.get('first_redirect'));\r",
"pm.request.url.update(pm.variables.get('first_redirect'));"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"followRedirects": false
},
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "{{first_redirect}}",
"host": [
"{{first_redirect}}"
]
}
},
"response": []
},
{
"name": "04 Get Auth Code",
"request": {
"method": "POST",
"header": [],
"url": {
"raw": "https://www.linkedin.com/oauth/v2/accessToken?grant_type=authorization_code&code={{code}}&redirect_uri={{redirect_uri}}&client_id={{client_id}}&client_secret={{client_secret}}",
"protocol": "https",
"host": [
"www",
"linkedin",
"com"
],
"path": [
"oauth",
"v2",
"accessToken"
],
"query": [
{
"key": "grant_type",
"value": "authorization_code"
},
{
"key": "code",
"value": "{{code}}"
},
{
"key": "redirect_uri",
"value": "{{redirect_uri}}"
},
{
"key": "client_id",
"value": "{{client_id}}"
},
{
"key": "client_secret",
"value": "{{client_secret}}"
}
]
}
},
"response": []
}
],
"event": [
{
"listen": "prerequest",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
},
{
"listen": "test",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
}
],
"variable": [
{
"key": "client_id",
"value": "your app id"
},
{
"key": "client_secret",
"value": "your app secret"
},
{
"key": "redirect_uri",
"value": "your urlencoded redirect uri such as https%3A%2F%2Flocalhost%3A8080"
},
{
"key": "username",
"value": "user login"
},
{
"key": "password",
"value": "user password"
}
]
}
I am using my paypal sandbox, and I am trying to use v2/vault/payment-tokens API to tokenize a credit card
Url:https://api.sandbox.paypal.com/v2/vault/payment-tokens
Method: POST
RequestBody(fake credit card that sandbox generated):
{
"source": {
"card": {
"number": "40320382525xxxx",
"expiry": "2022-11"
}
}
}
I can make sure that my sandbox have full scopes, my access token is right.
Below is the response:
{
"name": "UNPROCESSABLE_ENTITY",
"message": "The requested action could not be performed, semantically incorrect, or failed business validation.",
"debug_id": "15c1b3e9d8161",
"details": [
{
"issue": "UNKNOWN_BUSINESS_ERROR",
"description": "There was an issue while processing your request."
}
],
"links": [
{
"href": "https://developer.paypal.com/docs/api/vault/v2/#error-UNKNOWN_BUSINESS_ERROR",
"rel": "information_link",
"method": "GET"
}
]
}
Does any one meet the same issue?
Will you have permissions to use /v2/vault/payment-tokens in live mode? This API shouldn't be integrated without guidance from PayPal
Try using a test credit card from https://developers.braintreepayments.com/guides/credit-cards/testing-go-live/node
I was trying to implement paypal api for one of my projects
I am using sandbox environment and server side sdk
In the request i have
{
"intent": "CAPTURE",
"application_context": {
"brand_name": "EXAMPLE INC",
"landing_page": "BILLING",
"shipping_preference": "SET_PROVIDED_ADDRESS",
"user_action": "PAY_NOW"
},
i.e
"intent": "CAPTURE"
"user_action": "PAY_NOW"
I created an order using the api OrdersCreateRequest(). In the response i get the
result.id = "IDVALUE"
result.status = "CREATED"
and also the links
"links": [
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/XXXXXXXX",
"method": "GET",
"rel": "self"
},
{
"href": "https://www.sandbox.paypal.com/checkoutnow?token=XXXXXXXXXX",
"method": "GET",
"rel": "approve"
},
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/XXXXXXXXXXXXXX",
"method": "PATCH",
"rel": "update"
},
{
"href": "https://api.sandbox.paypal.com/v2/checkout/orders/XXXXXXXXXXXXXX/capture",
"method": "POST",
"rel": "capture"
}
],
I have tried to open the url
{
"href": "https://www.sandbox.paypal.com/checkoutnow?token=XXXXXXXXXX",
"method": "GET",
"rel": "approve"
},
In the browser, it asks for PayPal login, what credentials we have to use as login and password. I have only client_id and client_secret
How to get an approved order id. What should I do now.
The next step is to redirect the payer to that approval_url or use the Order ID with Smart Payment Buttons, which is better than redirecting. Either way the payer will be signing in with their PayPal (sandbox) buyer account or entering their (sandbox) buyer information in a PayPal window or form.
The best approval flow to use is the one at https://developer.paypal.com/demo/checkout/#/pattern/server
Note that it pairs with two routes on your server, one that creates the order and one that captures the order after approval.
How to get the username and the password for the sandbox account.
Navigate to
And we see the email and password which can used to as paypal login credentials while approve the order
So now go to the approve url https://www.sandbox.paypal.com/checkoutnow?token=XXXXXXXXXX
and click on login (paypal account) and enter email and password
And after successful login pay here
So now the order gets approved.
I'm trying to use PayPal REST API instead of PayPal Classic API but it seems that the REST API is lacking two features that the Classic API has:
immediate payment: when the user goes to PayPal page show him a "Pay now" button instead of a "Continue" button and "You’re almost done. You will confirm your payment on ..." phrase.
no shipping address: avoid asking the user to confirm his shipping address while on PayPal page (in Classic API is done with NOSHIPPING=1 parameter, if I remember well)
So my question is: is it possibile do perform an immediate payment without asking for shipping address using REST API? Do I have to go back to Classic API?
I provide here a little more informations about how I'm using the PayPal REST API.
I'm using the PayPal REST Java SDK.
This is a sample request:
{
"intent": "sale",
"payer": {
"payment_method": "paypal"
},
"transactions": [
{
"amount": {
"currency": "USD",
"total": "5",
"details": {
"subtotal": "5"
}
},
"description": "This is the payment transaction description.",
"item_list": {
"items": [
{
"quantity": "1",
"name": "Item 1",
"price": "5",
"currency": "USD"
}
]
}
}
],
"redirect_urls": {
"return_url": "http://XXX/handlePayment.jsp?guid\u003dXXX",
"cancel_url": "http://XXX/cancelPayment.jsp?guid\u003dXXX"
}
}
And its response:
{
"id": "XXX",
"create_time": "2014-06-29T08:52:55Z",
"update_time": "2014-06-29T08:52:55Z",
"state": "created",
"intent": "sale",
"payer": {
"payment_method": "paypal",
"payer_info": {
"shipping_address": {}
}
},
"transactions": [
{
"amount": {
"total": "5.00",
"currency": "USD",
"details": {
"subtotal": "5.00"
}
},
"description": "This is the payment transaction description.",
"item_list": {
"items": [
{
"name": "Item 1",
"price": "5.00",
"currency": "USD",
"quantity": "1"
}
]
}
}
],
"links": [
{
"href": "https://api.sandbox.paypal.com/v1/payments/payment/XXX",
"rel": "self",
"method": "GET"
},
{
"href": "https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=XXX",
"rel": "approval_url",
"method": "REDIRECT"
},
{
"href": "https://api.sandbox.paypal.com/v1/payments/payment/XXX/execute",
"rel": "execute",
"method": "POST"
}
]
}
While delving through the REST API I came across this
I believe this means you don't have to go about creating any "Profiles" as such, and can just pass them along with the payment call...
Further explanation as requested :)
Below is an example of passing PayPal experience parameters along with a particular payment call using the Client-side JS method for Express checkout.
payment: function(data, actions) {
return actions.payment.create({
payment: {
transactions: [
{
amount: { total: '1.00', currency: 'USD' }
}
]
},
experience: {
input_fields: {
no_shipping: 1
}
}
});
},
Hope that makes enough sense to you guys! :)
Unfortunately, the REST API is still a long ways behind the Classic API with features it provides. These features you mentioned are things I've seen come up quite a bit, and to my knowledge they are not yet available with the REST services.
I personally have stuck with Classic as they provide everything and I really see no advantage to using REST myself. If you happen to be working with PHP (which I always do) you may be interested in my class library for PayPal. It makes all of the Classic API calls very quick and easy for you, and it's available on Packagist so you can use with Composer easily.
The REST API now supports no-shipping with the Payment Experience APIs.
You need to create a web experience profile and supply no_shipping as an input field. Then use the profile ID when creating the payment.
The profile ID doesn't need to be recreated every time.
appreciate that this post hasn't had any activity for a while but...
i hit on the exact same problem and used this post as a start point for my own question:
paypal api: take immediate payment without a shipping address
it's taken a bit of trial and error but i you can create a one off web profile with 'no_shipping' set to 1, store the id that it creates and then pass that in with future payments that don't require a shipping address.
still haven't figured out how to get rid of the 'You're almost done. You will confirm your payment on xxx.' but my payment process is a far better place than it was!
hope this helps someone out there as this no shipping issue is one that a lot of people appear to be hitting with the paypal api...
I tried using the experience section of the API and apart from still not being able to force a locale code have been able to disable shipping and go straight to billing:
payment: {
transactions: [{
invoice_number: document.getElementById("ReqTxt").value,
amount: {
total: document.getElementById("InvoiceAmt").innerText,
currency: document.getElementById("Currency").innerText
}
}]
},
experience: {
input_fields: {
no_shipping: 1
},
flow_config: {
landing_page_type:'billing'
}
}
you can also see this page. It is possible to set the user action in the flow_config section too
For 'Pay Now' instead of 'Continue' on Paypal I use a special param in approval url:
$approvalUrl = $payment->getApprovalLink().'&useraction=commit';
Result:
https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=TOKEN&useraction=commit