0

I have added PayPal Express Checkout & PayPal Recurring Payments in my website with PayPal API.

I have added PayPal API details in web.config file as below

<appSettings>
<add key="APIUsername" value="username_api1.sitename.com"/>
<add key="APIPassword" value="1234567890"/>
<add key="APISignature" value="AYNTWwVp7kXPvCitJdl4O9aXZuCpAekoTM41ULLqI6Pt0lCy0tNDh8--"/>
<add key="Host" value="www.sandbox.paypal.com"/>
<add key="CurrencyCode" value="USD"/>

C# Code

Namespaces Used -

using com.paypal.sdk.services;
using com.paypal.sdk.profiles;
using com.paypal.sdk.util;

I am using Name Value Pair Approach

C# Code

NVPCallerServices caller = new NVPCallerServices();
IAPIProfile profile = ProfileFactory.createSignatureAPIProfile();
profile.APIUsername = System.Configuration.ConfigurationManager.AppSettings["APIUsername"];
profile.APIPassword = System.Configuration.ConfigurationManager.AppSettings["APIPassword"];
profile.APISignature = System.Configuration.ConfigurationManager.AppSettings["APISignature"];
caller.APIProfile = profile;

As you can see I need Username, Password & Signature for accepting payments.

I need to know if It is possible to accept payments without knowing API Password field.

I am testing it, but it will be useful to know if anyone already knew this questions answer.

Remember I just want to accept payment.

Thanks.

Nikhil Chavan
  • 1,685
  • 2
  • 20
  • 34

2 Answers2

1

Any classic API calls you make are going to require a valid username, password, and signature (or certificate).

Drew Angell
  • 25,968
  • 5
  • 32
  • 51
0

You can't really decouple the password from the username and signature -- they're a set, and you generally have to provide all three whenever you make an API call.

However, you can do a limited amount by passing the Subject field instead of the API username, password, and signature. In this case, the subject would be the email address of your PayPal account. However, without the API username/password/signature, you're going to be limited to running just a few API calls -- SetExpressCheckout, GetExpressCheckoutDetails, DoExpressCheckoutPayment, and GetTransactionDetails. You're also going to be limited to running Sale transactions -- you can't run Authorizations, and you can't create recurring payments.

Matt Cole
  • 2,552
  • 1
  • 13
  • 21
  • Thanks for your answer, I just need to confirm that, I am using recurring payments API calls, so I think, I should use all fields. – Nikhil Chavan Aug 30 '13 at 06:56
  • This information is incorrect. You can do any API call you want with the use of SUBJECT, but the PayPal account user has to have granted API permissions for your application to make calls on their behalf. You still include the API username, password, and signature, though, and using SUBJECT isn't something you would do with your own account. Again, that would only be used if you're making calls behalf of a 3rd party. – Drew Angell Sep 02 '13 at 09:31
  • The user granting permissions can do so through their PayPal account profile, or you can setup the Permissions API to build that flow directly into your application. Again, though, you're still going to be using un/pw/sig. SUBJECT alone without the rest will result in a security header error. – Drew Angell Sep 02 '13 at 09:33
  • Andrew -- no, it's correct. This feature is called "Accelerated Boarding", and it allows merchants to start accepting Express Checkout transactions before setting up their PayPal account and/or before setting up permissions to the API caller. By default, you can call the Express Checkout APIs (SetExpressCheckout, GetExpressCheckoutDetails, DoExpressCheckoutPayment, GetTransactionDetails) without getting permissions to the subject's account first. – Matt Cole Sep 03 '13 at 03:35