I'm trying to integrate paypal checkout in my website which has a deprecated paypal integration. I'm using server side SDK and I can create and capture a payment with no problems. To do so I'm using clientId and secret generated in paypal Dashboard.
However, in the official documentation it talks about an Access-Token to call APIs but I'm using clientId/secret to do so and until now I haven't had any problems, so what is it for or when is it used?
I also noticed that whenever I made a create order, one of the returned links has "token=XXXXXXX".
Please help.
The client ID and Secret are used to obtain an access token. They are not used for anything else.
An access token is then used for all other REST API calls.
If you are using a server-side SDK, handling of the access token is abstracted by it. You do not need to do anything.