cancel
Showing results for 
Search instead for 
Did you mean: 

REST API - WEBHOOK SECURITY RISK

Highlighted
Member

REST API - WEBHOOK SECURITY RISK

The title is misleading because it seems like the PayPal support team never replies to anyone because I've seen a few of these posts on the forums so far with no responses.

 

The sandbox REST API systems seem to not work at all.

 

Here's my sandbox webhook configuration. We'll get back to this in a little:

chrome_2018-11-21_14-48-21.png

 

 

 

Here's my `Webhooks simulator` configuration. Notice how the URL's in the image above and below are exactly the same (minus the blurred part, of course, but I assure you, those are the same as well). In the image below, I've also gone ahead and sent an event test to my sandbox API. The event id is highlighted.

chrome_2018-11-21_14-50-39.png

 

 

 

Here is an image of the incoming POST from the sandbox test API. Notice how the two id's match each other exactly. So, I KNOW my API is set up to receive webhooks from PayPal.

totermw_2018-11-21_14-52-29.png

 

Why then,  do I not get ANY sandbox API calls when I cancel a payment, start a dispute, cancel a subscription etc. on the sandbox website? I've tried this countless times, and I'm not getting IPN notifications either (I figured that was the problem). The URLs are exactly the same, and nothing has changed on my API.