2013
Table Of Contents
- SOAP API Developer Reference
- Contents
- PayPal SOAP API Basics
- PayPal WSDL/XSD Schema Definitions
- PayPal SOAP API Definitions
- Security
- SOAP RequesterCredentials: Username, Password, Signature, and Subject
- SOAP Service Endpoints
- SOAP Request Envelope
- Request Structure
- SOAP Message Style: doc-literal
- Response Structure
- Error Responses
- CorrelationID for Reporting Problems to PayPal
- UTF-8 Character Encoding
- Date/Time Formats
- Core Currency Amount Data Type
- AddressVerify API Operation
- Authorization and Capture API Operation Reference
- DoDirectPayment API Operation
- DoNonReferencedCredit API Operation
- ExpressCheckout API Operations
- GetBalance API Operation
- GetPalDetails API Operation
- GetTransactionDetails API Operation
- ManagePendingTransactionStatu s API Operation
- MassPay API Operation
- Recurring Payments and Reference Transactions API Operations
- CreateRecurringPaymentsProfile API Operation
- GetRecurringPaymentsProfileDetails API Operation
- ManageRecurringPaymentsProfileStatus API Operation
- BillOutstandingAmount API Operation
- UpdateRecurringPaymentsProfile API Operation
- SetCustomerBillingAgreement API Operation
- CreateBillingAgreement API Operation
- GetBillingAgreementCustomerDetails API Operation
- BAUpdate API Operation
- DoReferenceTransaction API Operation
- RefundTransaction API Operation
- TransactionSearch API Operation
- API Error Codes
- General API Errors
- Validation Errors
- DirectPayment API Errors
- SetExpressCheckout API Errors
- GetExpressCheckoutDetails API Errors
- DoExpressCheckoutPayment API Errors
- Authorization and Capture API Errors
- GetTransactionDetails API Errors
- TransactionSearch API Errors
- RefundTransaction API Errors
- MassPay API Errors
- Recurring Payments Errors
- SetCustomerBillingAgreement Errors
- GetBillingAgreementCustomerDetails Errors
- CreateBillingAgreement Errors
- UpdateBillingAgreement Errors
- DoReferenceTransaction Errors
- AddressVerify API Errors
- ManagePendingTransactionStatus API Errors
- Countries and Regions Supported by PayPal
- State and Province Codes
- Currency Codes
- AVS and CVV2 Response Codes
- About Previous Versions of the API
- What’s New in Version 95.0
- What’s New in Version 93.0
- What’s New in Version 92.0
- What’s New in Version 91.0
- What’s New in Version 89.0
- What’s New in Version 88.0
- What’s New in Version 85.0
- What’s New in Version 84.0
- What’s New in Version 82.0
- What’s New in Version 80.0
- What’s New in Version 74.0
- What’s New in Version 72.0
- What’s New in Version 69
- What’s New in Version 66
- Revision History
- Index
SOAP API Developer Reference February 01, 2013 17
PayPal SOAP API Basics
Security
1
Security
The PayPal SOAP API service is protected to ensure that only authorized PayPal members use
it. There are four levels of security:
1. A required API username (Username field) and API password (Password field).
2. A third required authentication mechanism, which is either one of the following:
– Client-side request signing using a PayPal-issued API Certificate
– Request authentication using an API Signature included in the request (Signature
field)
3. An optional third-party authorization to make the API call on some other account’s behalf
(the optional Subject field).
4. Secure Sockets Layer (SSL) data transport.
A failure of authenticated security at any one of these levels denies access to the PayPal SOAP
API service.
SOAP RequesterCredentials: Username, Password, Signature,
and Subject
For the security of your business, PayPal must verify that merchants or third-party developers
are permitted to initiate a transaction before they make one. PayPal authenticates each request.
If the request cannot be authenticated, a SOAP security fault is returned.
In the SOAP request header, your SOAP client must set the Username, Password elements
to pass an API username/password combination. In addition, you can set the Signature or
Subject elements to specify your API signature string and an optional third-party account
email address for authentication.
The following example shows part of the RequesterCredentials elements. These
elements are required for all SOAP requests.
<SOAP-ENV:Header>
<RequesterCredentials xmlns=”urn:ebay:api:PayPalAPI”
xsi:type=”ebl:CustomSecurityHeaderType”>
<Credentials xmlns=”urn:ebay:apis:eBLBaseComponents”
xsi:type=”ebl:UserIdPasswordType”>
<Username>api_username</Username>
<Password>api_password</Password>
<Signature>api_signature</Signature>
<Subject>authorizing_account_emailaddress</Subject>
</Credentials>
</RequesterCredentials>
</SOAP-ENV:Header>