User's Guide
Table Of Contents
- PayPal Permissions Service
- Contents
- What’s New?
- Preface
- About the PayPal Permissions Service
- Using the Permissions Service
- RequestPermissions API Operation
- GetAccessToken API Operation
- GetPermissions API Operation
- CancelPermissions API Operation
- GetBasicPersonalData API Operation
- GetAdvancedPersonalData API Operation
- Permission Commands
- Past Releases
- Permissions Service Revision History
- Index
Using the Permissions Service
Generating Signatures for the Authentication Header
2
20 May 2012 PayPal Permissions Service
curl -s --insecure
-H "X-PAYPAL-SECURITY-USERID: api_username"
-H "X-PAYPAL-SECURITY-PASSWORD: api_password"
-H "X-PAYPAL-SECURITY-SIGNATURE: api_signature"
-H "X-PAYPAL-REQUEST-DATA-FORMAT: NV"
-H "X-PAYPAL-RESPONSE-DATA-FORMAT: NV"
-H "X-PAYPAL-APPLICATION-ID: app_id"
https://svcs.sandbox.paypal.com/Permissions/GetAccessToken -d
"requestEnvelope.errorLanguage=en_US
&token=token
&verifier=code"
PayPal responds with the scope, which is a list of the permissions granted by the account
holder, and an access token and associated secret.
After Completing This Task:
You use the access token and associated secret to create an authentication header, X-PAYPAL-
AUTHORIZATION. When you call PayPal API operations, the authentication header specifies
whether you have permission to make the call on behalf of the account holder.
Generating Signatures for the Authentication Header
After you have an access token and associated secret, you can create an authentication header,
X-PAYPAL-AUTHORIZATION, and use it in calls to PayPal APIs. You use either the API
signature or certificate from the account holder’s profile when you create the header.
The X-PAYPAL-AUTHORIZATION header contains
A timestamp
The access token from the GetAccessToken response
A signature generated from the following information:
– Your API username
– Your API password
– The access token from the GetAccessToken response
– The token secret from the GetAccessToken response
– The endpoint for the PayPal API operation’s request, such as
https://api.paypal.com/nvp
– The HTTPS delivery method, such as POST
– Request parameters associated with the request
NOTE: You can use a certificate instead of the API username and API signature.
PayPal provides SDKs that you can use to generate authentication header signatures for Java,
PHP, and .NET. When you use the SDK, you will get two values, such as the following: