2FA for PayPal Payout API

YushaPreston
Contributor
Contributor

Is it possible to do any kind of two-factor authentication with the PayPal Payouts API? I'm using C# and I'm trying to figure a way to have all Payouts approved via a text message link or e-mail link, is that possible? For example, what if someone somehow got in the web.config file and stole our Client ID / Secret, they could potentially take all of our money and send it to their PayPal account, what would we do then? 

 

If we had a way to approve every Payout that when out though, then we would for sure know that we have sent the Payout and not some malicious person.

Login to Me Too
1 ACCEPTED SOLUTION

Accepted Solutions
Solved

MTS_Jennifer
Moderator
Moderator

Security is important to PayPal, which is why PayPal has an internal security system that will block payments from time to time due to many different risk factors. Due to security purposes we are unable to disclose the risk factors. As a result from time to time there will be blocked payments, including Payout's payments. This is also a protection that is added to help prevent outside users from siphoning off all of your PayPal funds.

 

Since you are sending the API calls from your server, there is no reason that you cannot build in your own 2FA authentication in your own server. Also storing your credentials in a secure database that is not accessible to outside parties would be another good option to ensure your credentials are secure.

 

Here are some basic Security Guidelines

 

Since your concern is with an outside party gaining access to your Client ID and Client Secret, the best course of action is to ensure that you are storing your credentials in a secure server. You can setup your server to have a two factor authentication, this would need to be performed on your server end.

 

We also recommend utilizing an SSL certificate to encrypt sensitive customer data passed from your server to PayPal's secure servers.

 

Thank you,

Jennifer

 

View solution in original post

Login to Me Too
1 REPLY 1
Solved

MTS_Jennifer
Moderator
Moderator

Security is important to PayPal, which is why PayPal has an internal security system that will block payments from time to time due to many different risk factors. Due to security purposes we are unable to disclose the risk factors. As a result from time to time there will be blocked payments, including Payout's payments. This is also a protection that is added to help prevent outside users from siphoning off all of your PayPal funds.

 

Since you are sending the API calls from your server, there is no reason that you cannot build in your own 2FA authentication in your own server. Also storing your credentials in a secure database that is not accessible to outside parties would be another good option to ensure your credentials are secure.

 

Here are some basic Security Guidelines

 

Since your concern is with an outside party gaining access to your Client ID and Client Secret, the best course of action is to ensure that you are storing your credentials in a secure server. You can setup your server to have a two factor authentication, this would need to be performed on your server end.

 

We also recommend utilizing an SSL certificate to encrypt sensitive customer data passed from your server to PayPal's secure servers.

 

Thank you,

Jennifer

 

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.