Skip to main content
Current PayPal APIs use REST, authenticate with OAuth 2.0 access tokens, and return HTTP response codes and JSON responses. You can test US integrations with a PayPal Developer account. To try these REST APIs without a PayPal Developer account, you can use Postman. Learn more about this in our Postman guide. To explore PayPal’s REST API descriptions, generate code for your API clients, and import OpenAPI documents into compatible third-party tools, see the PayPal REST API specifications on GitHub.
Important: You need a PayPal Business account to:
  • Go live with integrations.
  • Test integrations outside of the US.

1. Get your client ID and client secret

PayPal integrations use a client ID and client secret to authenticate API calls:
  • A client ID identifies an app. You need a client ID to get a PayPal payment button and standard credit and debit card fields.
  • A client secret authenticates a client ID. To call PayPal APIs, you exchange your client ID and client secret for an access token. Keep your client secret safe.
Here’s how to get your client ID and client secret:
  1. Select Log in to Dashboard and log in to your account or sign up for a new account.
  2. Select Apps & Credentials.
  3. New accounts come with a default application in the REST API apps section. To create a new project, select Create App.
  4. Copy the client ID and client secret for your app.

2. Get an access token

You exchange your client ID and client secret for an access token, which you use for authentication when calling PayPal REST APIs. You can call the PayPal OAuth API in any language. The following examples show you how to get your access token using cURL or Postman.
  • cURL
  • Postman
curl -v -X POST "https://api-m.sandbox.paypal.com/v1/oauth2/token" \
-u "CLIENT_ID:CLIENT_SECRET" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials"

Sample response

PayPal returns an access token and the number of seconds for which the access token is valid, as shown in the following example. 
{
  "scope": "https://uri.paypal.com/services/invoicing https://uri.paypal.com/services/disputes/read-buyer https://uri.paypal.com/services/payments/realtimepayment https://uri.paypal.com/services/disputes/update-seller https://uri.paypal.com/services/payments/payment/authcapture openid https://uri.paypal.com/services/disputes/read-seller https://uri.paypal.com/services/payments/refund https://api-m.paypal.com/v1/vault/credit-card https://api-m.paypal.com/v1/payments/.* https://uri.paypal.com/payments/payouts https://api-m.paypal.com/v1/vault/credit-card/.* https://uri.paypal.com/services/subscriptions https://uri.paypal.com/services/applications/webhooks",
  "access_token": "A21AAFEpH4PsADK7qSS7pSRsgzfENtu-Q1ysgEDVDESseMHBYXVJYE8ovjj68elIDy8nF26AwPhfXTIeWAZHSLIsQkSYz9ifg",
  "token_type": "Bearer",
  "app_id": "APP-80W284485P519543T",
  "expires_in": 31668,
  "nonce": "2020-04-03T15:35:36ZaYZlGvEkV4yVSz8g6bAKFoGSEzuy3CQcz3ljhibkOHg"
}

Make API calls

When you make API calls, replace ACCESS-TOKEN with your access token in the authorization header: -H Authorization: Bearer ACCESS-TOKEN. When your access token expires, call /v1/oauth2/token again to request a new access token.

3. Get sandbox account credentials

The PayPal sandbox is a test environment that mirrors real-world transactions. By default, PayPal developer accounts have 2 sandbox accounts: a personal account for buying and a business account for selling. You’ll get the login information for both accounts. Watch sandbox money move between accounts to test API calls. Take the following steps to get sandbox login information for business and personal accounts:
  1. Log into the Developer Dashboard.
  2. Select Testing Tools > Sandbox Accounts. To create more sandbox accounts, you can select Create account.
  3. Locate the account for which you want to get credentials, and select .
  4. To see mock information, such as the account email address and a system-generated password, select View/Edit Account.
  5. Go to sandbox.paypal.com/signin/, and sign in with the personal sandbox credentials. In a separate browser, sign in with the business sandbox credentials.
  6. Make API calls with your app’s access token to see sandbox money move between the personal and business accounts.

See also

I