PayPal Community

Iong · ‎Sep-02-2020

Hi Fellow Members, Did not get any response on my question and I am not able to contact Paypal personnel. Hope someone can help.... I am using a third party web developer and i intend to integrate Paypal as payment method. The web developer has asked for the following:- My paypal email address Web API API password API signature Is it normal that these information is required in order to integrate paypal to website? Will there be any risk involved? Thank you in advance for your response

MTS_Stefan · ‎Sep-08-2020

Hello Long & Jana,

The API Credentials, that your developer is asking you for, are essentially the login credentials so that any API call made with them, is known to be yours.
By default:

No one should have either of them except yourself, because those are login credentials like your email address and password.

If your developer is in house and part of your company, then maybe, but external developers, that be unwise.

That being said, in order to make API calls, the integration, aka your shop, has to send them to us.

To maintain security over those credentials, the following is usually being done:

# Scenario A - 3rd Party API Caller

If your developer/partner/provider is doing API calls for you, some shopping carts do that, then you can grand them access to certain functions of your account (create transactions, execute transactions, lookup transactions, refunds, reports, withdraw money etc.). You select what they have access to and its best to give them what is needed but not more.

The documentation on how that is done, can be found here https://developer.paypal.com/docs/admin/third-party/

# Scenario B - Developer is creating the shop and handing it over to you later

Let them prepare everything against the sandbox, so the live credentials are not needed and they can use their own sandbox accounts.

During the handoff, have them show you where to enter the credentials in the backend, do that then.

I hope this helps,

Stefan

View solution in original post

janaeholder · ‎Sep-02-2020

Hi @Iong!

I am also looking to integrate PayPal for my tattoo ink eCommerce website but this looks hectic to me. Can you tell me what plugins etc is your developer using? #TIA

MTS_Stefan · ‎Sep-08-2020

Hello Long & Jana,

The API Credentials, that your developer is asking you for, are essentially the login credentials so that any API call made with them, is known to be yours.
By default:

No one should have either of them except yourself, because those are login credentials like your email address and password.

If your developer is in house and part of your company, then maybe, but external developers, that be unwise.

That being said, in order to make API calls, the integration, aka your shop, has to send them to us.

To maintain security over those credentials, the following is usually being done:

# Scenario A - 3rd Party API Caller

If your developer/partner/provider is doing API calls for you, some shopping carts do that, then you can grand them access to certain functions of your account (create transactions, execute transactions, lookup transactions, refunds, reports, withdraw money etc.). You select what they have access to and its best to give them what is needed but not more.

The documentation on how that is done, can be found here https://developer.paypal.com/docs/admin/third-party/

# Scenario B - Developer is creating the shop and handing it over to you later

Let them prepare everything against the sandbox, so the live credentials are not needed and they can use their own sandbox accounts.

During the handoff, have them show you where to enter the credentials in the backend, do that then.

I hope this helps,

Stefan

Iong · ‎Sep-08-2020

Thank you Stefan for your advice. If I am to create a developer account and pass them the login credential, will that be ok?

Appreciate your kind advice, Iong

MTS_Stefan · ‎Sep-09-2020

Hi long,

If with Dev account you mean a sandbox account, that be fine.
If you are referring to an account you can log into developer.paypal.com then this is not helping you however as in the end, they will need to gain access to your own credentials via option A or B.

Regards,
Stefan

janaeholder · ‎Nov-04-2020

Thank you Stefan for the guide..!

alexakiwn · ‎Jan-13-2021

I want to sell different products (mouse, keyboard) on my website. Can I integrate the personal PayPal with my website? My website is on Wordpress. So please guide me I'm a beginner and don't know about these things.

alizaki · ‎Jan-30-2022

Merchants and developers can use Website Payments Pro to accept credit cards, debit cards, and PayPal payments directly on their website. Website Payments Pro also includes PayPal's Express Checkout and Virtual Terminal.

Important:

PayPal isn't accepting new users for this feature, and we require existing users to upgrade to our Advanced Debit and Credit solution that supports EMV 3DS (3DS 2.0) for PSD2. Our Advanced Debit and Credit solution enables highly customizable custom-card fields and reduced PCI Compliance requirements. For more information, see Set up advanced credit and debit card payments.

Overview

To accept payments on your website with Website Payments Pro, you can integrate with the Direct Payment and Express Checkout API solutions.

Direct Payment enables you to accept both debit and credit cards directly from your site.
Express Checkout enables you to accept payments from PayPal accounts in addition to debit and credit cards.

These payments are immediate, authorized for payment later, recurring, or reference transactions.

Website Payments Pro also includes standalone applications for accepting payments, such as Virtual Terminal and Fraud Management Filters, for automatic review and management of risk.

The following diagram shows the relationship between Direct Payment and Express Checkout to a buyer.

From your shopping cart, a buyer can either:
- Click Checkout with PayPal on your Shopping Cart page to check out with Express Checkout.
- Use Direct Payment to pay directly by credit or debit card.
If a buyer uses Express Checkout to pay, PayPal provides a checkout experience that streamlines checkout. Even if buyers do not pay using Express Checkout, they can still pay by credit or debit card using Direct Payment. In this case, buyers might need to enter payment, billing, and shipping information. In both cases, buyers can stay on your website or are sent to the page of your choice.
You must implement both an Express Checkout flow and a Direct Payment flow to use Web-site Payments Pro. You implement the Express Checkout flow by calling PayPal's Express Checkout API operations, which guides a buyer through the checkout process. You implement the Direct Payment flow using your own code, for which PayPal provides an API operation to process the credit or debit card payment.

PayPal Community

Paypal integration to website

Overview

Haven't Found your Answer?