API Security Questions

richfc
Contributor
Contributor
Posted on
‎May-19-2020 01:40 AM

Hi there,
I am using PayPal Express for WooCommerce which required API details, no problem there, it's all working etc etc.
However, I have had the following questions from a client and to be honest, I'm not sure how to answer this one. Can someone point me in the right direction on this please?

 

  • The API seems to allow someone to make payments both into (and more worryingly) out of our PayPal account!
  • Also, the API potentially allows transactions from our PayPal account to be listed.

Any advice would be appreciated on this.

Thanks

Login to Me Too
0 Kudos
Login to Reply or Kudo
3 REPLIES 3

MTS_Andre
Moderator
Moderator
‎May-19-2020 02:32 AM

Hi Richfc, ExpressCheckout NVP / REST requires a set of credentials to perform any API operations, those credentials are not public and must not be shared, so only the merchant on his/her website and using his/her credentials can handle payments.

If they want they can grant third party API permissions, it means they allow a third party to run some API operation on their behalf, but this is the merchant decision and only the same merchant can allow that.

To make payment you have the Payouts API but it follows the same rules than above and also to enable this API you need a specific permission from PayPal.

Login to Me Too
0 Kudos
Login to Reply or Kudo

richfc
Contributor
Contributor
‎May-19-2020 03:10 AM

Hi MTS_Andre, thanks for the info. Very useful.

Can you show me where we can set the API permissions?

Thanks

Login to Me Too
0 Kudos
Login to Reply or Kudo

MTS_Andre
Moderator
Moderator
‎May-19-2020 03:31 AM

You are very welcome Richfc, here is how you can grant third party API permissions on your account, that would be valid for NVP ExpressCheckout.

Login to Me Too
0 Kudos
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.