Search code examples
paypalpaypal-sandbox

Constructing a Paypal OAuth

I am trying to get an access token for Paypal's RESTful web services but unfortunately not making any headway. This is my first time dealing with REST, so please be patient with me :)

Here is what I have:

  1. Client_id and secret as provided by Paypal for a sandbox account through the paypal developer website.
  2. The ENDpoint: https://api.sandbox.paypal.com/v1/oauth2/token

The documentation that i am referring to is : https://developer.paypal.com/webapps/developer/docs/integration/direct/make-your-first-call/

Now the juicy part of making that API call. I am developing in PHP so I am using CURL to make the calls. something like this;

const CLIENT_ID = ****..*** ;
const SECRET = ***..***;

$base64EncodedClientID = base64_encode(self::CLIENT_ID . ":" . self::SECRET);
$headers = array("Authorization" => "Basic " . $base64EncodedClientId, "Accept" =>"*/*", "Content-type" => "multipart/form-data");
$params = array("grant_type"=>"client_credentials");
$url = "https://api.sandbox.paypal.com/v1/oauth2/token";

 $ch = curl_init();
 curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($ch,CURLOPT_URL, $url);
 curl_setopt($ch,CURLOPT_POST, true);
 curl_setopt($ch,CURLOPT_HEADER, $headers);
 curl_setopt($ch,CURLOPT_POSTFIELDS,$params);
 $response = curl_exec($ch);

Pretty vanilla right? Except that I do not get the JSON response that I expect from Paypal but false. This implies that my CURL request was not prepared well, perhaps I am setting the header incorrectly or the params are incorrect. Regardless, the URL is definitely accessible since I was able to access it through command line with the same credentials and got the desired JSON response.

The one glaring problem I have with the above code is that I am providing the client_id and secret as a header option. basic sense tells me that they need to be part of the POST field data However, if you look at line 89 of this Github code https://github.com/paypal/rest-api-sdk-php/blob/master/lib/PayPal/Auth/OAuthTokenCredential.php (Paypals' official PHP REST SDK), it clearly states that the credentials are being set in the header field.

Where am I messing up ?

Solution

  • With curl you don't need to manually generate the base64 encoded value for the Authorization header just use the CURLOPT_USERPWD option and pass the clientID and secret as the user:pwd.

    curl_setopt($curl, CURLOPT_USERPWD, $clientId . ":" . $clientSecret);

    here is a sample - look for the get_access_token() method: https://github.com/paypal/rest-api-curlsamples/blob/master/execute_all_calls.php