Paypal REST API – How does Tokens work.

At the very first User Login:

 

  1. 1. Obtain an Authorization Code

{

“response_type”: “authorization_code”,

“response”: {

“code”: “EBYhRW3ncivudQn8UopLp4A28xIlqPDpAoqd7biDLpeGCPvORHjP1Fh4CbFPgKMGCHejdDwe9w1uDWnjPCp1lkaFBjVmjvjpFtnr6z1YeBbmfZYqa9faQT_71dmgZhMIFVkbi4yO7hk0LBHXt_wtdsw”,

},

“client”: {

“environment”: “live”,

“paypal_sdk_version”: “2.0.0”,

“platform”: “iOS”,

“product_name”: “PayPal iOS SDK”

}

}

 

  1. Get Refresh Token & a temporary Access Token:

–          Access tokens can be used for all our transactions but they last for very short time, just 9 seconds mostly.

–          Refresh tokens have a lifetime of 10 years.

–          So what we going to do is, we’ll store Refresh Token for each user in our database along with her/her all other details.

–          Once you get above Auth Code, call this:

curl 'https://api.paypal.com/v1/oauth2/token' 
    -H "Content-Type: application/x-www-form-urlencoded" 
    -H "Authorization: Basic QWZV...==" 
    -d 'grant_type=authorization_code&response_type=token&redirect_uri=urn:ietf:wg:oauth:2.0:oob&code= EBYhRW3ncivudQn8UopLp4A28xIlqPDpAoqd7biDLpeGCPvORHjP1Fh4CbFPgKMGCHejdDwe9w1uDWnjPCp1lkaFBjVmjvjpFtnr6z1YeBbmfZYqa9faQT_71dmgZhMIFVkbi4yO7hk0LBHXt_wtdsw'

 

–          You’ll get this response:

{
    "access_token": "6oyryV79E.KtpAvPudpI8VIko.ntdPikU9HCDfg0tO0",
    "expires_in": 900,
    "refresh_token": "MFYQJTPW3zlCAjznPs2D0VQlQXwiEfTesR-dRiU_qhbUngzxR3NmeBxqKELcmGtSI739R-awwvOyGVO1LJbowy7n8Ul3vsf5HQDTCzUlDylqBvW0",
    "scope": "https://api.paypal.com/v1/payments/.* https://uri.paypal.com/services/payments/futurepayments",
    "token_type": "Bearer"
}

 

–          Use above access token & call this to get customer details:

curl -v https://api.paypal.com/v1/identity/openidconnect/userinfo/?schema=openid 
    -H "Content-Type:application/json" 
    -H "Authorization: Bearer 6oyryV79E.KtpAvPudpI8VIko.ntdPikU9HCDfg0tO0"

 

–          You’ll get this response:

{
   "address":{
      "postal_code":"95131",
      "locality":"San Jose",
      "region":"CA",
      "country":"US",
      "street_address":"3 Main St"
   },
   "family_name":"Smith",
   "language":"en_US",
   "phone_number":"4082560980",
   "locale":"en_US",
   "name":"Roger Smith",
   "email":"rsmith@somewhere.com",
   "account_type":"PERSONAL",
   "birthday":"1982-08-02",
   "given_name":"Roger",
   "user_id":"https://www.paypal.com/webapps/auth/identity/user/jG8zVpn2toXCPmzNffW1WTRLA2KOhPXYybeTM9p3ct0"
}

 

–          Store everything above along with most important Refresh Token (MFYQJTPW3zlCAjznPs2D0VQlQXwiEfTesR-dRiU_qhbUngzxR3NmeBxqKELcmGtSI739R-awwvOyGVO1LJbowy7n8Ul3vsf5HQDTCzUlDylqBvW0) to your database.

 

 

 

At subsequent same User Logins:

–          Get Refresh Token for that User from our Amazon RDS.

–          Call this to get Access Token:

curl 'https://api.paypal.com/v1/oauth2/token' 
    -H "Content-Type: application/x-www-form-urlencoded" 
    -H "Authorization: Basic QWZVa...==" 
    -d 'grant_type=refresh_token&refresh_token= MFYQJTPW3zlCAjznPs2D0VQlQXwiEfTesR-dRiU_qhbUngzxR3NmeBxqKELcmGtSI739R-awwvOyGVO1LJbowy7n8Ul3vsf5HQDTCzUlDylqBvW0'

 

–          You’ll get this response:

{
    "access_token": "WfXdnxmyJtdF4q59ofxuQuAAk6eEV-Njm6puht3Nk3w",
    "app_id": "APP-3TS46380HB829954H",
    "expires_in": 900,
    "scope": "https://api.paypal.com/v1/payments/.* https://uri.paypal.com/services/payments/futurepayments",
    "token_type": "Bearer"
}

 

–          Use above access token for all further API calls.

–          Note: Above token expires in 9 seconds, for before every API call you’ll have call above to get new access token.

 


Need more help?

Hi there, was your problem or query resolved? If not & need more assistance, please do reach out to us at info@nanostuffs.com, we'll be more than delighted to help. Nanostuffs has 7+ years of extensive Salesforce & iOS/Android experience.
Holler Box