After back and forth with Paypal support, they have identified the problem. When your app negotiate with Paypal through /token api, the token response generated by Paypal shall contain all the valid scope as following: "scope":"https://uri.paypal.com/services/subscriptions' 'https://api.paypal.com/v1/payments/.*' 'https://api.paypal.com/v1/vault/credit-card' 'https://uri.paypal.com/services/applications/webhooks' 'openid' 'https://uri.paypal.com/payments/payouts' 'https://api.paypal.com/v1/vault/credit-card/.*"' ... but instead, it returns {"scope":"https://uri.paypal.com/services/subscriptions https://api.paypal.com/v1/vault/credit-card openid https://api.paypal.com/v1/vault/credit-card/.* ... Even I have enabled all features in Paypal, the token response is still missing the important scopes such as /payment/.* That is why we are getting permission denied error Paypal is actively working on the issue. to expedite the fix, maybe you should also file support ticket for the issue.
... View more