I'm fairly new to the PayPal API and am a bit confused about using API signatures to attach to the REST API. I'm creating shopping cart software, and I'd like to allow merchants using the software to attach the system to their PayPal account using their API using PayPal username, password, and signature. They'd enter this information into the account settings when setting up their cart.
On the merchant's side, it seems like this is easily possible, and says to do this to grant API access specifically to shopping carts: htttps://paypal.com/us/cgi-bin/webscr?cmd=_profile-api-access (once logged in as a merchant).
I personally am using PHP to call CURL, though that probably is not important. What I don't understand is that in the REST API documentation, including the "make your first call" doc, it notes I should send my "clientid" and "secret," but not the merchant's "username","password," and "signature".
https://developer.paypal.com/docs/integration/direct/make-your-first-call/
Now, when I originally logged in as a developer, I was able to obtain my "clientid" and "secret," but that was for my application. I've successfully made test calls with them, using PayPal's test pages. But these of course seem to be for me, not for a particular client.
Now the "Classic API" documentation does have information on connecting to the SandBox using the merchant's info.
https://developer.paypal.com/docs/classic/permissions-service/ht_permissions-invoice/
So I think I'm just mentally missing something, or misunderstanding something fundamental. Assuming I have both my developer credentials, and the API credentials of a merchant, what are the general steps in making a payment to the merchant (not me). What's the logical step I'm missing?
Thanks much to anyone who can help.
Unless corrected by Paypal folk, this seems to be the flow (just went through it):
Ask the merchant to add you as a User, I suppose with API access privileges (only)
They will set your user id and pwd, which they should then provide to you.
You'll then login with that
User Id
(not an email address) into Paypal (at this point, you're a "user" of that merchant/account) with whatever privileges your merchant provided you.create the App in the developer site for your merchant - you'll notice that when you get there, it's the Merchant's name displayed (it's not "your" developer account)
At this point you should be set (sandbox and live REST credentials of the merchant from the app you created). One thing I noticed (good) is that it somewhat already helps you see what "live privileges" the account has..so it helps guide you as to what to integrate (scope) and/or advise your merchant to do - e.g. may or may not be eligible for direct credit card payments (only Paypal account payments).
Hth..
@EdSF and anyone else looking into this, I just received a response from PayPal merchant help. Turns out you were spot on Ed. They don't have this ready for REST. Seems pretty odd given that they're 1.) pushing REST on their developer site but 2.) showing that the signature set is how to connect to a shopping cart on their merchant side.
So answer is to use the old API for now, or have them go through the extra hoops of the steps you/they mention, instead of following the directions on the PayPayl site :-P Oh well. Their response in full below.
Hi ...
I am writing this email regarding your questions on PayPal Permission Service. Unfortunately the Permission Service is not available in REST API; however I will file feature request to our development team for their further consideration.
It is not possible to use API username, password, and signature in REST API because they are actually not the correct credentials. REST API uses Client ID and Secret for integration. If you develop your application for other merchants, you can ask them to obtain Client ID and Secret by creating apps in PayPal Developer Portal (https://developer.paypal.com). Here's the steps: 1) Go to http://developer.paypal.com and log into the website with PayPal account's login 2) Click 'Dashboard' 3) In the My REST apps page, click "Create App" 4) Enter the App name, and click 'Create app' 5) You should be able to see 'Client ID' and 'Secret' for 'sandbox credentials'. If you want to integrate with your live account, click 'Show' at the Live Credentials section.
Hope the above information helps. Thanks.
Sincerely, ... Merchant Technical Support PayPal, an eBay Company