Hello there comunity!
I encountered this problem that got me confused. I am trying to implement payment processing for my customers, so I used permissions API to get myself permissions I needed. In process I also generate access token and its verification, for verification purposes (later I should generate X-PAYPAL-AUTHORIZATION header from token and its verification).
Now at the payment processing on someones behalf part: I specified "Subject" NVP in payment request and noticed that I was able to process payments for subject-specified-user without providing X-PAYPAL-AUTHORIZATION header. Note that this was an sandbox account that provided permission for process payments on this accounts behalf, I just didn't provide any kind of authorization header.
I also tried creating brand new sandbox account without any permissions and I was able to process payments on its behalf too.
So now I am confused, how is this possible? Documentation sais that I shoudn't be able to do that.
Do I need to ask for payment-processing-permission if I am able to process everyone's payments anyway?
Is this some kind of bug?
Maybe it's sandbox related problem?
(I tried asking tech support, but they didn't bother to reply. Paypal's support is a joke. Hopefully you guys will help me :o). )
Thanks, Tom
