7

i have an e-commerce application and trying to reach out to the paypal rest api, "paypal for partners" service specifically, i did read the Paypal Documentation and its all good but the problem is that they mentioned the request example using curl like this :

curl -v https://api.sandbox.paypal.com/v1/oauth2/token \
   -H "Accept: application/json" \
   -H "Accept-Language: en_US" \
   -u "client_id:secret" \
   -d "grant_type=client_credentials"

Or

using postman with basic Auth:

  • Username: Your client ID.

  • Password: Your secret.

iam trying to implement the same thing but using node-fetch from node.js 

const fetch = require('node-fetch');

function authenticatePaypal() {
    fetch('https://api.sandbox.paypal.com/v1/oauth2/token', {
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
            'Accept': 'application/json',
            'Accept-Language': 'en_US',
            'client_id': 'secret'
        },
        body: {
            "grant_type": "client_credentials"
        }
    }).then(reply => {
        console.log('success');
        console.log(reply);
    }).catch(err => {
        console.log('error');
        console.log(err);
    });
}

module.exports = {
    authenticatePaypal: authenticatePaypal
};

and i get this response of 401 Unauthorized:

Response {
  size: 0,
  timeout: 0,
  [Symbol(Body internals)]:
   { body:
      PassThrough {
        _readableState: [ReadableState],
        readable: true,
        _events: [Object],
        _eventsCount: 2,
        _maxListeners: undefined,
        _writableState: [WritableState],
        writable: false,
        allowHalfOpen: true,
        _transformState: [Object] },
     disturbed: false,
     error: null },
  [Symbol(Response internals)]:
   { url: 'https://api.sandbox.paypal.com/v1/oauth2/token',
     status: 401,
     statusText: 'Unauthorized',
     headers: Headers { [Symbol(map)]: [Object] } } }

i tried post man and it worked in postman, i know that there is something wrong in my node-fetch implementation, this is my first time dealing with basic Auth in json format.

Mahmoud Fawzy
  • 1,635
  • 11
  • 22
  • i'm sure that the problem is in my headers object i don't know how to implement the basic Auth in json format – Mahmoud Fawzy Jan 29 '19 at 12:18
  • Try removing this header 'Content-Type': 'application/json, I am not really sure, but try and confirm if that maybe the cause – elraphty Jan 29 '19 at 12:21
  • nope still 401 Unauthorized, the problem is that i'm hard coded the client Id and secret key in the request, i'm pretty sure that its wrong that way but i don't know what is the right way to do it. – Mahmoud Fawzy Jan 29 '19 at 12:26
  • i mean when dealing with Bearer tokens i make it like "Authorization": "Bearer " but here i don't have a token i have username & password something like that its a basic Auth – Mahmoud Fawzy Jan 29 '19 at 12:29
  • Look at their docs and make sure you are sending the necessary headers – elraphty Jan 29 '19 at 12:31
  • 1
    @MahmoudFawzy client id seems like a basic authentication so it should be something like `Authorization: Basic ` – karoluS Jan 29 '19 at 12:41
  • 1
    @MahmoudFawzy it should be `Authorization: Basic ` – karoluS Jan 29 '19 at 12:49
  • @karoluS thanks to you i searched for how to convert id & secret to base64 and found some useful sites talking about it, i'm going to try that. – Mahmoud Fawzy Jan 29 '19 at 12:49
  • yea that was what i found doing `Authorization: Basic ` i think now i can send at least logical header making sense to me :) – Mahmoud Fawzy Jan 29 '19 at 12:52
  • @MahmoudFawzy you can use btoa('client_id:secret'); built in javascript function – karoluS Jan 29 '19 at 12:52
  • @karoluS i tried it but now iam getting 415 'Unsupported Media Type' `fetch('https://api.sandbox.paypal.com/v1/oauth2/token', { method: 'POST', headers: { 'Accept': 'application/json', 'Accept-Language': 'en_US', 'Authorization': 'Basic ' + base64.encode(username + ":" + password) }, body: { "grant_type": "client_credentials" } })` – Mahmoud Fawzy Jan 29 '19 at 12:58
  • @MahmoudFawzy its because body its wrong. Try maybe set `body: JSON.stringify({ "grant_type": "client_credentials" })` – karoluS Jan 29 '19 at 13:04
  • yes i forgot that the body is not in json string format thanks for that, but iam still getting the same 415 error – Mahmoud Fawzy Jan 29 '19 at 13:09
  • 1
    @MahmoudFawzy are you sure you are suppouse to send it as a JSON? I think it should be just a string `body: 'grant_type=client_credentials'` – karoluS Jan 29 '19 at 13:15
  • @karoluS iam not sure but paypal said that i should put it in post man body in `x-www-form-urlencoded` and said in Curl like `-d "grant_type=client_credentials"` – Mahmoud Fawzy Jan 29 '19 at 13:21

2 Answers2

3

Authorization header is wrong.

-u "client_id:secret"

says that curl is using a Basic Authentication.

You should add authorization header

Authorization: Basic <base64 encoded "client_id:secret">
karoluS
  • 2,980
  • 2
  • 23
  • 44
  • i got 415 `Unsupported Media Type` but i solved it buy changing the `'Content-Type': 'application/x-www-form-urlencoded'` and the body looks like that string `body: "grant_type=client_credentials"` thanks for the help – Mahmoud Fawzy Jan 29 '19 at 13:39
1

Solution using yours as base, since I struggled a few minutes to have it working.

// get the client_id and secret from https://developer.paypal.com/developer/applications/
const clientIdAndSecret = <client_id:secret>
const base64 = Buffer.from(clientIdAndSecret).toString('base64')

fetch('https://api.sandbox.paypal.com/v1/oauth2/token', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Accept-Language': 'en_US',
        'Accept': 'application/json',
        'Authorization': `Basic ${base64}`,
      },
      body: 'grant_type=client_credentials'
})
1911z
  • 1,073
  • 10
  • 15