Invalid scope error using PayPal Login

globcitizen
Contributor
Contributor
Posted on
‎Aug-17-2021 02:54 AM

Hi there, 

I'm building an app to add tracking numbers to PayPal using https://developer.paypal.com/docs/api/tracking/v1/

In order to call the specific endpoints, one particular scope is required: https://uri.paypal.com/services/shipping/trackers/readwrite

To get access to the scope, I use a PayPal login button redirecting to: https://www.sandbox.paypal.com/connect/?flowEntry=static&client_id={myClientId}&scope=openid profile...

 

When I click on the button to approve the app, I get "Sorry about that
Looks like this action is not supported. Please return and report this error so that we can support it in the future. (invalid scope)"

 

If I remove "https://uri.paypal.com/services/shipping/trackers/readwrite" in the scopes, it suddenly works, so that scope is the culprit.

 

I'm pretty sure my account need to be approved before requesting that scope (even though I'm on sandbox mode with a sandbox app and a sandbox test account).
The scope is correct as I saw it used by numerous other apps doing the same thing and it works perfectly for them.

 

Thanks.

Labels:
Login to Me Too
0 Kudos
Login to Reply or Kudo
4 REPLIES 4

MTS_Justin
Moderator
Moderator
‎Aug-17-2021 07:35 AM
Hello,

You would need to use a "platform" type REST application in order to be able to access and use the tracking API :

https://developer.paypal.com/docs/api/tracking/v1

Review the tracking API integration guide below and follow the link "get started", which outlines the process of creating a "platform" type REST application :

https://developer.paypal.com/docs/tracking/integrate

Thanks !

Was my post helpful? If so, please give me a kudos!
Login to Me Too
0 Kudos
Login to Reply or Kudo

globcitizen
Contributor
Contributor
‎Aug-17-2021 08:54 AM

Thanks @MTS_Justin, I truly appreciate your quick answer.

 

However, it applies only to mono-account integrations. 

What I'm building is a commerce app that will integrate with dozens/hundreds/thousands of PayPal accounts that I don't own. 

That's why the step with Login Button is required. We need the approval of the PayPal Merchants in order to call the API. 

 

So far, I'm not able to use the Login Button with a Platform app (invalid redirect_uri but it's impossible to define a redirect_uri while setting up a platform app, there is no option for it.)

 

For reference, here are multiple apps using Tracking API and requiring login through a login button:

 

https://www.paypal.com/connect/?client_id=AaTbx4MqC19BkYUgJr3A-gdjGAUTvdUzDcuC8Jprbl2H5rfYQWlO8zDndH...

 

https://www.paypal.com/connect/?flowEntry=static&client_id=ATvtZdNRr9_wlWIlF_QaULQ6GQVA7kD_46zzMICMJ...

 

If you click on of them, you will see that those apps require https%3A%2F%2Furi.paypal.com%2Fservices%2Fshipping%2Ftrackers%2Freadwrite scope and are perfectly functional. They aren't Platform apps as they provide a redirect_uri in the URL as you can see.

 

Thanks again.

 

 

 

Login to Me Too
0 Kudos
Login to Reply or Kudo

MTS_Justin
Moderator
Moderator
‎Aug-18-2021 01:47 AM
Hello,

"What I'm building is a commerce app that will integrate with dozens/hundreds/thousands of PayPal accounts that I don't own"

Then it sounds like you should be using commerce platform (https://developer.paypal.com/docs/platforms) with partner referrals (https://developer.paypal.com/docs/api/partner-referrals/v2) which would also give you access to the tracking API (https://developer.paypal.com/docs/api/tracking/v1)

We can try adding the scope you referenced to your existing sandbox REST application first to see if it will resolve the current error you're experiencing. Please share the merchant id for the sandbox business account you're using and I can take a look.

Thanks !

Was my post helpful? If so, please give me a kudos!
Login to Me Too
0 Kudos
Login to Reply or Kudo

globcitizen
Contributor
Contributor
‎Aug-18-2021 03:26 AM

It's definitely not a Platform app @MTS_Justin as you can see on the links I posted in the last reply. 

They use a Login Button with a redirect_uri back to their app and ask for Tracking API scope and it does work.

Platform apps, as far as I know, doesn't work with Login buttons, they only support Partner Referrals API as you suggested.

 

I know at least 6 apps and they all use the same method to get permissions for the tracking API (Login btn => Paypal login => screen to approve permissions => returned to app). 

 

Actually, I contacted the MTS team by email and I got this answer: 

"Thank you for the clarification.

In order to use this API service, you would need to get approvals from our Business Support. We, MTS don't have access to enable/activate anything for the merchants. Please reach out to our Business Support and explain the business case and they will help you enable the scope for your account.

http://www.paypal.com/cgi-bin/webscr?cmd=_contact-general
http://www.paypal.com/cgi-bin/webscr?cmd=_contact-phone

Ask for a Business Support Agent."

 

So as I suspected, it's a matter of the scope being accepted before it's possible to use it.

 

I did contact the Business Support as informed and the nice lady forwarded me to ....... https://developer.paypal.com/docs/tracking/integrate/

A snake biting its own tail.

 

I will try again, hopefully, I will be able to explain the business case better.

Login to Me Too
0 Kudos
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.