API CREDENTIALS ACCESS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We'd like to partner with an On Line Travel Agency. They are asking for API username, password and signature for their system to get a signal from paypal that the payment (on our behalf) is successful. Is it safe to give these information? Wouldn't they get any access on our account? Would there be any other way for them to get us connected without giving such info? I hope you guys could enlighten me. Thank you so much.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would be hesitant as you are to give a business that might not have a verified reputation my API credentials. You are right, they could essentially do any API operations on your account that they want if they have those credentials. There are other products that the merchant could use such as the PayPal Commerce Platform that would simply have you "onboard" through PayPal to the merchant, then they could do a limited number of API operations, but this requires the merchant you're working with to build this out. Worst case, you could give the API credentials and closely monitor their actions, "removing and replacing" the credentials if you see they're taking actions you do not approve of.
I hope that helps!
-Aaron

Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- NOT ENABLED TO VAULT PAYMENT SOURCE in Sandbox Environment
- Cannot create developer account from invitation link in Braintree Client-side Integration (JS, iOS, Android SDKs)
- iDEAL payments being refunded back to customers in PayPal Payments Standard
- How can I revoke SamCart's access my recurring payments? in NVP/SOAP APIs
- How to integrate PayPal during user signup to avoid re-entering credentials for future payments? in REST APIs