I'm trying to run a void action on an transaction with the intent of authorize for a third party merchant
import paypal from "@paypal/checkout-server-sdk";
...
const req = new paypal.payments.AuthorizationsVoidRequest(id);
const voidRequest = await client.execute(req);
const refundId = voidRequest.headers['paypal-debug-id'];
but i'm getting an error Authorization failed due to insufficient permissions. You do not have permission to access or perform operations on this resource.
according to this link I need to get extra permission from the merchant
Note:For three party transactions in which a partner is managing the API calls on behalf of a merchant, the partner must identify the merchant using either a PayPal-Auth-Assertion header or an access token with target_subject.
how do I get those permissios from the merchant? do I need to add a connect with paypal button for my merchants? is there even such a thing?
or I just need to add PayPal-Auth-Assertion (not sure how to do that as well, how do i get the merchant access_token/client_id ?
...
req.headers['PayPal-Auth-Assertion'] = generateAuthAssertionHeader("[email protected]");
...
const generateAuthAssertionHeader = async email => {
const auth_1 = Buffer.from('{"alg":"none"}').toString('base64');
const auth_2 = Buffer.from(`{"email":"${email}","iss":"${PAYPAL_CLIENT_ID}"}`).toString('base64'); //my PAYPAL_CLIENT_ID or my merchant? how can I get the merchant PAYPAYL_CLIENT_ID
const auth_assertion_header = `${auth_1}.${auth_2}.`;
return auth_assertion_header;
};
Your link links to https://developer.paypal.com/api/rest/requests/#paypal-auth-assertion which explains the header. Consent can be gotten with Connect/Log in with PayPal, if your application is approved for that scope by PayPal
Otherwise, ask the merchant for their own REST APP client id and secret when they are onboarded to your system, and use those credentials to void as a first party.