API CREDENTIALS ACCESS

person1ncharged
Contributor
Contributor
Posted on
‎Jun-21-2021 12:18 AM

Hi,

 

We'd like to partner with an On Line Travel Agency. They are asking for API username, password and signature for their system to get a signal from paypal that the payment  (on our behalf) is successful. Is it safe to give these information? Wouldn't they get any access on our account? Would there be any other way for them to get us connected without giving such info? I hope you guys could enlighten me. Thank you so much.

Login to Me Too
Login to Reply or Kudo
1 REPLY 1

MTS-Aaron
PayPal Employee
PayPal Employee
‎Jul-02-2021 10:31 AM

Hi @person1ncharged 

 

I would be hesitant as you are to give a business that might not have a verified reputation my API credentials. You are right, they could essentially do any API operations on your account that they want if they have those credentials. There are other products that the merchant could use such as the PayPal Commerce Platform that would simply have you "onboard" through PayPal to the merchant, then they could do a limited number of API operations, but this requires the merchant you're working with to build this out. Worst case, you could give the API credentials and closely monitor their actions, "removing and replacing" the credentials if you see they're taking actions you do not approve of.

 

I hope that helps!

-Aaron

Login to Me Too
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.