cancel
Showing results for 
Search instead for 
Did you mean: 

2FA for PayPal Payout API

SOLVED
Highlighted
Contributor

2FA for PayPal Payout API

Is it possible to do any kind of two-factor authentication with the PayPal Payouts API? I'm using C# and I'm trying to figure a way to have all Payouts approved via a text message link or e-mail link, is that possible? For example, what if someone somehow got in the web.config file and stole our Client ID / Secret, they could potentially take all of our money and send it to their PayPal account, what would we do then? 

 

If we had a way to approve every Payout that when out though, then we would for sure know that we have sent the Payout and not some malicious person.

1 ACCEPTED SOLUTION

Accepted Solutions
Moderator

Re: 2FA for PayPal Payout API

Security is important to PayPal, which is why PayPal has an internal security system that will block payments from time to time due to many different risk factors. Due to security purposes we are unable to disclose the risk factors. As a result from time to time there will be blocked payments, including Payout's payments. This is also a protection that is added to help prevent outside users from siphoning off all of your PayPal funds.

 

Since you are sending the API calls from your server, there is no reason that you cannot build in your own 2FA authentication in your own server. Also storing your credentials in a secure database that is not accessible to outside parties would be another good option to ensure your credentials are secure.

 

Here are some basic Security Guidelines

 

Since your concern is with an outside party gaining access to your Client ID and Client Secret, the best course of action is to ensure that you are storing your credentials in a secure server. You can setup your server to have a two factor authentication, this would need to be performed on your server end.

 

We also recommend utilizing an SSL certificate to encrypt sensitive customer data passed from your server to PayPal's secure servers.

 

Thank you,

Jennifer

 

1 REPLY
Moderator

Re: 2FA for PayPal Payout API

Security is important to PayPal, which is why PayPal has an internal security system that will block payments from time to time due to many different risk factors. Due to security purposes we are unable to disclose the risk factors. As a result from time to time there will be blocked payments, including Payout's payments. This is also a protection that is added to help prevent outside users from siphoning off all of your PayPal funds.

 

Since you are sending the API calls from your server, there is no reason that you cannot build in your own 2FA authentication in your own server. Also storing your credentials in a secure database that is not accessible to outside parties would be another good option to ensure your credentials are secure.

 

Here are some basic Security Guidelines

 

Since your concern is with an outside party gaining access to your Client ID and Client Secret, the best course of action is to ensure that you are storing your credentials in a secure server. You can setup your server to have a two factor authentication, this would need to be performed on your server end.

 

We also recommend utilizing an SSL certificate to encrypt sensitive customer data passed from your server to PayPal's secure servers.

 

Thank you,

Jennifer