Study Guide
Table Of Contents
- PayPal Certified Developer Program Study Guide
- Contents
- List of Tables
- Online Payment Processing
- Internet Security and Fraud Prevention
- Why Every Business Should Be Concerned About Internet Fraud
- Liability for Internet Fraud
- Internet Fraud: What It Is and How It Happens
- Who Is at Risk for Online Fraud
- Reducing Exposure to Fraud
- What Banks and Card Associations Are Doing to Prevent Online Credit Card Fraud
- What PayPal Is Doing to Protect Your Business Against Fraud
- Disclosure and Compliance
- PayPal Fraud Protection Services
- Review Questions
- Getting Started With Account Setup
- API Credentials
- Name-Value Pair (NVP) API
- Express Checkout
- Direct Payment API
- Transactions
- Sandbox Testing
- Answers to Review Questions
- General Reference Information
- Glossary
- Index
PayPal Certified Developer Program Study Guide March 2008 47
4
API Credentials
In this chapter, you will learn:
z What API credentials are
z How to establish API credentials
z How to use API credentials
What API Credentials Are
Before using the PayPal API to communicate with the API server, a developer must establish a
set of API credentials, which is data that uniquely identifies a developer to the PayPal API
server. The credentials are included with each API call. Credentials are needed per merchant
account for processing.
API credentials comprise the following:
z API username — This is assigned by PayPal. Although the API username is based on the
email address used to set up the credentials, it is not the same as the email address used to
log in to the PayPal website.
z API password — This is automatically generated and assigned by PayPal. It is a randomly
generated string of 16 characters.
z API certificate or API signature — An API signature is an encrypted string value
included with each API call. An API certificate is a file (downloaded from PayPal) that
includes a key and certificate that identify a developer. An API certificate must be installed
on a web server; therefore, it is an option only if the developer has full control of the web
server.
Choosing an Authentication Method
Each authentication method (API signature and API certificate) has pros and cons. An API
signature is easier and quicker to implement. An API certificate offers greater security.
PayPal recommends the use of an API signature, because of its greater simplicity; however,
the PayPal API performs equally well with API signatures or API certificates.