Using Angeleyes excellent Permissions tutorial and code, I have managed a small developer site, that can get Access Token and Token Secret. From there Im clueless, Paypals' Github claims a CreateInvoice sample, which doesnt exsist, and much searching i have learned(?).
You need to include your app credentials, your API username and API password, and in an added "SUBJECT" line the ... payer_ID merchant/payer email...
(conflicting info exsists here) to run another API you have permission to execute.
None of this is very clear for me. All tutorials end with the access code and Token secret.
I am attempting to add a buy now button that sources the MERCHANT from DB (multi merchant) but am getting nowhere overcoming this conceptual gap.
How do i mesh Permissions API with ExpressCheckout API? (step by step if possible)
Edit:
Search continues also, how does one recover from the permissions granting api methord the merchant email for subject?!
PayPal updated their description DURING the grant permissions screen, to mention Pal Id access..
Now going to open a new question, to find out how to use a saved Permissions Token and Secret in php to USE the access token and token secret to get pal ID.
hope this helps someone else :)
Related
The documentation on TwitterOAuthAPI.com leaves quite a bit to be desired, to say the least. However, the software does appear to work with an elevated Twitter API Developer account, when used with the API Key and Secret, along with the Access Token and Secret (passed into the TwitterOAuth constructor).
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token, $access_token_secret);
However, with an Essentials account, there's only access to OAuth 2, which Twitter seems to provide a Client ID and Client secret for. If I try to use the Access Token and Access Secret with an Essential account (not elevated or academic), it returns a status saying that an elevated account or academic account is required to use the v1 API).
The developer of TwitterOAuthAPI only currently has an honorable mention of v2 Twitter API and a small code segment, that seems to suggest all we have to do is
$connection->setApiVersion('2');
But this does not work. $connection->get no longer retrieves data, $connection->post no longer posts status updates - just a blank page from what I can tell (no errors or anything, just blank).
So I'm very confused as to how the Client ID and secret are used with this system as I assume, an alternative to the Access Token and Access Token Secret (?).
If anyone knows how to use TwitterOAuthAPI for PHP with the v2 of Twitter API and a non-elevated/academic account, I'd appreciate any insight.
Thanks for your time,
~G
I'm fairly new to the PayPal API and am a bit confused about using API signatures to attach to the REST API. I'm creating shopping cart software, and I'd like to allow merchants using the software to attach the system to their PayPal account using their API using PayPal username, password, and signature. They'd enter this information into the account settings when setting up their cart.
On the merchant's side, it seems like this is easily possible, and says to do this to grant API access specifically to shopping carts:
htttps://paypal.com/us/cgi-bin/webscr?cmd=_profile-api-access (once logged in as a merchant).
I personally am using PHP to call CURL, though that probably is not important. What I don't understand is that in the REST API documentation, including the "make your first call" doc, it notes I should send my "clientid" and "secret," but not the merchant's "username","password," and "signature".
https://developer.paypal.com/docs/integration/direct/make-your-first-call/
Now, when I originally logged in as a developer, I was able to obtain my "clientid" and "secret," but that was for my application. I've successfully made test calls with them, using PayPal's test pages. But these of course seem to be for me, not for a particular client.
Now the "Classic API" documentation does have information on connecting to the SandBox using the merchant's info.
https://developer.paypal.com/docs/classic/permissions-service/ht_permissions-invoice/
So I think I'm just mentally missing something, or misunderstanding something fundamental. Assuming I have both my developer credentials, and the API credentials of a merchant, what are the general steps in making a payment to the merchant (not me). What's the logical step I'm missing?
Thanks much to anyone who can help.
Unless corrected by Paypal folk, this seems to be the flow (just went through it):
Ask the merchant to add you as a User, I suppose with API access privileges (only)
They will set your user id and pwd, which they should then provide to you.
You'll then login with that User Id (not an email address) into Paypal (at this point, you're a "user" of that merchant/account) with whatever privileges your merchant provided you.
create the App in the developer site for your merchant - you'll notice that when you get there, it's the Merchant's name displayed (it's not "your" developer account)
At this point you should be set (sandbox and live REST credentials of the merchant from the app you created). One thing I noticed (good) is that it somewhat already helps you see what "live privileges" the account has..so it helps guide you as to what to integrate (scope) and/or advise your merchant to do - e.g. may or may not be eligible for direct credit card payments (only Paypal account payments).
Hth..
#EdSF and anyone else looking into this, I just received a response from PayPal merchant help. Turns out you were spot on Ed. They don't have this ready for REST. Seems pretty odd given that they're 1.) pushing REST on their developer site but 2.) showing that the signature set is how to connect to a shopping cart on their merchant side.
So answer is to use the old API for now, or have them go through the extra hoops of the steps you/they mention, instead of following the directions on the PayPayl site :-P Oh well. Their response in full below.
Hi ...
I am writing this email regarding your questions on PayPal Permission Service. Unfortunately the Permission Service is not available in REST API; however I will file feature request to our development team for their further consideration.
It is not possible to use API username, password, and signature in REST API because they are actually not the correct credentials. REST API uses Client ID and Secret for integration. If you develop your application for other merchants, you can ask them to obtain Client ID and Secret by creating apps in PayPal Developer Portal (https://developer.paypal.com). Here's the steps:
1) Go to http://developer.paypal.com and log into the website with PayPal account's login
2) Click 'Dashboard'
3) In the My REST apps page, click "Create App"
4) Enter the App name, and click 'Create app'
5) You should be able to see 'Client ID' and 'Secret' for 'sandbox credentials'. If you want to integrate with your live account, click 'Show' at the Live Credentials section.
Hope the above information helps. Thanks.
Sincerely,
...
Merchant Technical Support
PayPal, an eBay Company
up the pay-pal advance in magento . I have fill all the credentials in magento admin . BUt when i go to frontend and click pay-pal button it gives
PayPal gateway has rejected request. Security header is not valid
(#10002: Security error
i have googled a lot and found some suggestions like
Remove API Username, API Password and API Signature from
Admin->configuration->Paypal->API/Integration Settings. clear cache
and test again
i have tried all these but it still gives the same error.
Please suggest me what can be the issue
The Security header is not valid error is only caused for two reasons:
Wrong credentials
Make sure that you've put your API Username, API Password and API Signature correctly. Sometimes it happens that during copy and paste there is accidently a space added, this would trigger this error.
Doublecheck this settings in the SDK or in the admin panel of your third party shopping cart.
Wrong Endpoint
This error would come up if you send the data to the wrong endpoint. Make sure that you sending the live credentials and data to our live endpoint. When you want to test your store make sure that you use our test endpoint and the credentials from your sandbox test account.
If you are using a third party shopping cart, make sure that your store is running in test or live mode, regarding which credentials you are using.
You can check for your credentials here too:
FOR LIVE
https://api-3t.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD
FOR SANDBOX
https://api-3t.sandbox.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD
Just Substitute the user, pwd and signature and enter in your browser.
You should get ACK = SUCCESS if you have input your credentials correctly.
You can also get your credentials here : https://www.paypal.com/cgi-bin/webscr?cmd=_get-api-signature&generic-flow=true
This error simply means your credentials are wrong.
Please check with the credentials. If you are using sandbox then you are supposed to provide facilitator related credentials.
Dont let the others fool you, they just type in stuff here they googled on the internet.
Look for the number you get here: https://developer.paypal.com/docs/classic/api/errors/
Because the information provided by these code is a delicate matter, they display this error message instead of you account is locked, account restricted, limit exceeded and so on.
Thats what they told me, at least.
We also get this code from time to time, after hundreds of paypal transactions, so wrong paypal credentials from the side of the shop owner is quite unlikely, isnt it? ;)
If you are using PayPal Payments Advanced with Magento, you should be using your PayPal Manager credentials, and not your API Credentials.
This could be the reason you are getting Security Banner Header not valid 10002.
Here is the integration steps from Magento:
PayPal Advanced Integration with Magento
You need to setup Layout C in PayPal Manager PayPal Manager Login.
Make certain that you include your error URL, cancel URL, and Return URL. Magento is very good about telling you what URL you should be using.
After you have setup Layout C in PayPal Manager you need to use your Manager Credentials in Magento.
Just in case you need it, here is the information on setting up your Hosted Checkout Pages in PayPal Manager:
PayPal Hosted Checkout Pages
Here is the information on where to find your PayPal Manager credentials:
Partner: Your PayPal Partner ID. Most direct Merchants have PayPal as the Partner
Vendor: Your PayPal user login name. Also known as Merchant Login
User: The ID of an additional user set up on your PayPal account. Same as Merchant login if you have not setup a separate user id in PayPal Manager.
Use your API Signature Credentials from your PayPal account for the Express Checkout setup.
In my case everything seemed fine at Magento level. I asked client questions about PayPal, at which point they tried to login to the paypal.com site and were unable to (authentication failed). Account had been locked. Client was able to resolve with PayPal tech support directly, no Magento issue after all.
I got the same problem and found the problem is
I type the API signature character by charter, the character "I" is similar to "l"
As there are multiple "I" in the signature, I have to tested one by one via the link mentioned by Vimalnath.
Then damn it, it works.
Therefore, copy is a better way while being careful about the spaces at the front or end.
I have managed to acquire oAuth tokens (request_token, request_token_secret) from this example but I cant seem to post to user account with them.
I would imagine that i would have to first read from the user and get their blog name but i cant find any documentaion about this.
Can anyone lend a hand on what to do with the tokens please, thank you.
Acquiring the tokens will give you authentication but not authorization, you still need to authorize your application against the target Tumblr account. Check the OAuth workflow here:
http://hueniverse.com/2007/10/beginners-guide-to-oauth-part-ii-protocol-workflow/
I have a task to make people follow some account on twitter as soon as they fill a form on our website.
Can I do this using the twitter php api? Or just a redirect or iframe would do the job?
Thanks!
Joe
just need to read the api a bit,
http://dev.twitter.com/doc/post/friendships/create
You can't have a Twitter user automatically follow another account until they give permission. You have to take them through OAuth authentication first, and then when they give you permission to modify their account you can add a follow. But automatically adding a follow without getting their explicit permission, meaning that you explain you are going to do this first, will get your account banned from Twitter. It is a serious violation of their terms of service.