Paypal Classic API: Test accounts - paypal

I need to simulate a buyer transaction in my paypal sandbox environment. Essentially, a buyer is a user that decides to subscribe to my service, which is done using the Paypal NVP API method: DoDirectPayment.
Reading the documentation, I gather that a buyer in this case will essentially be a Personal account, and basically to make any kind of api call, I require API credentials. However, the PAYPAL Developer website does not show any kind of API credentials for this personal account :
I do have a business account, and that does state the corresponding API credentials. The link I am referring to is :
https://www.x.com/developers/paypal/documentation-tools/ug_sandbox#credentials
where it states that the API credentials are specified for all accounts.
The only rationale I have behind this are :
a) personal accounts do not get API credentials,
b) I need to simulate a DoDirectPayment API with my business account API credentials, but documentation states that to simulate a buyer transaction I must use a personal account.
c) I need to set API credentials manually somehow.
Any leads?

You would use your API credentials from your business account in the API call. As for the buyer, you would not be paying with a PayPal account if you are using the DoDirectPayment API. You would be using a credit card. You should be able to use any of the card numbers below to test with. I juse use a Mod 10 check to generate the card numbers. You can just use any valid future date for the exp date, and use 123 for the card security code.
Visa
4539261585419872
4532063588063153
4024007125711126
4916126222581496
4916335290325039
4929693226575720
4916573003035640
4485204470227566
4024007102338976
4024007148183980

Related

Can we integrate PayPal payment API using email instead credentials?

We have ecommerce website for multiple stores so seller can connect PayPal by themselves but sometimes they don't know how to get credentials/key, so is there any way to use PayPal email instead API key?
I am using API credentials, but I want to use PayPal email to make it simple.
To set up a simple PayPal checkout for intent:capture payments, you can set a payee object when creating the order. See pay another account for examples.
Other operations will require either the seller's Client ID and Secret, or permissions for a third-party integration.

PayPal API payments wthout sign in, and obtaining an access token

Is it possible to add or link PayPal to an account (get from paypal user access token or something like this ) to allow payments without authorization ( without log in and confirmation like with card if we have card number and cvc ) ?
And second question, I am using paypal sandbox and I cannot refresh the token when trying to execute the query
I get this answer
{
"error": "invalid_refresh_token",
"error_description": "No consent were granted"
}
Its possible they disabled this options on sandbox ?
Regards
Credit card company rules do not permit a cvc to be stored under any circumstances, so you would never "have" this information. It can only be transmitted when a card is first processed and then must be immediately discarded. As for storing card numbers themselves, there are many rules about that (PCI SAQ-D is a place to start, if you need to research it)
To your PayPal question, to be able to bill a PayPal account without the payer signing in (though they will always have to sign in for initial agreement/set up), the receiving PayPal account must have a feature called "reference transactions". The account owner can contact PayPal's general business support (not technical support) to explain the business need and inquire about being approved for enabling this feature. Once enabled, PayPal can guide you on which API to implement -- be it the older billing agreements API or a newer v2 or v3 vault one.
Refresh tokens are used by a Log in with PayPal integration to obtain a new access token when the old one (originally obtained from an authorization_code) is expired. If you are not integrating Log in with PayPal, refresh tokens are not applicable to what you are actually trying to do, and so the request in your screenshot won't be useful to you.
Refresh tokens are not used to obtain a regular REST API access token for authentication, which uses grant_type=client_credentials . If that's what you're actually trying to do, the documentation is here. The public PayPal Postman API collection sample takes care of this step for you, in the collection-level pre-execution script.

How do I obtain permission to process on behalf of a PayPal merchant using the PayPal REST API?

I would like my website to be able to process PayPal payments on behalf of merchants. The merchants will have their own PayPal accounts and will need to give me permission to do so.
Permissions API Deprecated
PayPal have a "Permissions API" which allows a third-party such as a hosted shopping cart to process on behalf of PayPal merchants. See: https://developer.paypal.com/docs/archive/permissions-service/integration-guide/PermissionsUsing/
The above page says:
Adaptive Accounts and Adaptive Payments are no longer available for
new integrations. PayPal provides documentation for these APIs to
support existing integrations.
PayPal REST API
Are these things possible using the PayPal REST API:
perform a handoff from my site to PayPal, have the merchant grant my site permissions to act on their behalf,
process payments on behalf of the merchant using the credentials obtained from the first step
Every merchant can obtain ClientID/Secret credentials from the Live tab of a REST API App via https://www.paypal.com/signin?intent=developer&returnUri=https%3A%2F%2Fdeveloper.paypal.com%2Fdeveloper%2Fapplications , and enter them into their config interface on your platform.
It's is possible to use the PayPal "Marketplaces and Platforms" API to achieve this:
https://developer.paypal.com/docs/platforms/seller-onboarding/

Do I need 3rd party's Paypal API credentials to let them sell on my site using Payments Pro?

I am working on a website in which a facility pays us for membership. Their membership payment is the only money we receive. This payment is done via Paypal Website Payments Pro using the DoDirectPayment API.
These members then rent out their facility to customers by listing available blocks of time on our website. The customer would pay for this time block via credit card, also via DoDirectPayment, but this time the payment goes directly to the member's Paypal account.
I have found a lack of clear direction on what needs to be done to enable this. I know I could require all members to have a Paypal Payments Pro account ($30 per month) and store their API credentials (including passwords and signatures) in our system and those payments could be handled directly. But I am vaguely aware of the Third-Party app authorization option... I just can't find info on how it should be set up.
Is it possible to only store the member's Paypal email address and just ask them to authorize our app in their profile?
Also, I saw someone suggest the thrid-party payment recipient wouldn't even need a Pro account. If that is the case, what do I need to change about the API call (I'm using the NVP method) so that our Pro account is leveraged but payment is given to the member?
First, your members will need their own Pro account. The only way to try and get around that would be to have all of the funds come into your account and then disperse them accordingly. This is frowned upon by PayPal and will result in a suspended account.
You could indeed have users enter their API credentials into your application and store them with your customer's profile so that you can include them in API calls for that particular member. You'll want to make sure to encrypt these values if you end up doing that.
The proper way to handle it (since you're a hosted solution) would be using Permissions. You would use your own API credentials, but then pass an additional parameter to flag what account you're making that call on behalf of. This is where the Permissions come into play. Your members will need to Grant API Permission for your app to make the DoDirectPayment call on their behalf.
This can be done manually from within the PayPal account under API Access, or programatically via the Permissions API.
OK, I discovered the answer. I am sharing the detail here for others looking for this very elusive information:
My account (hosted solution) must be a Pro account.
Members who will be selling to customers on my site must also have Pro accounts. I tested the same code with a regular business account and the error said "This transaction cannot be processed due to an invalid merchant configuration."
Members do not have to give me all their API credentials.
The DoDirectPayment call is the same as if I were doing my own payment (almost). I use my own username, password, and signature. The way to send the money to another account is to include one more parameter called SUBJECT which should be the email address associated with the member's Paypal account (not their API username).
The member must grant my (third-party app) account permission. In my case I only needed the one Paypal labels "Process your customers credit or debit card payments." which should correspond to DIRECT_PAYMENT in API terminology.
Andrew's answer gave me some additional keywords to use in searches, and I appreciate the tip off to the Permission API. It did not directly answer the question, but that will be a nice feature to add to my app instead of making users go through their Paypal profile's to grant permission.

ipn using customer business pp account

my ipn works perfectly its setup under our business PayPal account. our asp.net website is being used by multiple customers with their own members, unique by their login. as of now the cart writes to our database with the orders and sets a status code that gets changed to 'completed' via the ipn call/authentication from PayPal using our PayPal email. now, a couple want to use their own PayPal accounts, non-for profits, so in order for this to work as previously described what changes in the post variables?
ex of what i need: a member of our customer logs in to our website, adds items to their cart and chooses PayPal payment option. it writes to our database as an 'in-process' order. it opens our customer PayPal account to complete the payments then once complete it calls our ipn setup under our PayPal account and redirects back to the custom page.
again, everything is already working great just want to call their own PayPal account instead of ours w/o needing to have them setup the ipn settings under their account, but use the ipn setup under our PayPal account. members see their own customer PayPal account billing theme and the money is in their account not ours. is this possible?
do we send the ipn location url and our customer PayPal account info in the post variables?
thanks for any help
As far as processing the payment on their PayPal account, you can go about this 2 different ways. You can either use their API credentials and pass those over in the API call and the payment will be processed on their account. Second option would be to have them grant 3rd party API permissions to your API to be able to process transactions on their account. Then you would just pass over your API credentials in your API call and also pass over their email address of their PayPal account in the variable "SUBJECT". This will then process the payment on their account.
As for still haveing the IPN POST sent to your script, you will just need to pass over the IPN URL in the API call. When pass it over in the API call, it will override whatever is set in the account. For example, if you are using NVP the variable would be "NOTIFYURL".