Skip to content
DOCS
User Guide API Guide

PayPal

PayPal is an online payment platform that allows individuals and businesses to send and receive payments securely. PayPal supports various payment methods, including credit cards, debit cards, and bank transfers.

Below you can find the Aembit configuration required to work with the PayPal service as a Server Workload using the PayPal REST API.

Prerequisites

Section titled “Prerequisites”

Before proceeding with the configuration, you will need to have a PayPal Developer tenant (or sign up for one).

Server Workload Configuration

Section titled “Server Workload Configuration”
  1. Create a new Server Workload.
  • Name - Choose a user-friendly name.
  1. Configure the service endpoint:
  • Host - api-m.sandbox.paypal.com (Sandbox) or api-m.paypal.com (Live)
  • Application Protocol - HTTP
  • Port - 443 with TLS
  • Forward to Port - 443 with TLS
  • Authentication method - HTTP Authentication
  • Authentication scheme - Bearer

Credential Provider Configuration

Section titled “Credential Provider Configuration”

  1. Log into the PayPal Developer Dashboard using your PayPal account credentials.

  2. Navigate to the Apps & Credentials page from the top menu.

  3. Ensure you are in the correct mode (Sandbox mode for test data or Live mode for production data).

  4. Locate the Default Application under the REST API apps list.

  5. Click the copy buttons next to the Client ID and Client Secret values to copy them. Store these details securely for later use in the tenant configuration.

Copy Client ID and Secret

  1. Create a new Credential Provider.
  • Name - Choose a user-friendly name.
  • Credential Type - OAuth 2.0 Client Credentials
  • Token endpoint - https://api-m.sandbox.paypal.com/v1/oauth2/token (Sandbox) or https://api-m.paypal.com/v1/oauth2/token (Live)
  • Client ID - Provide the client ID copied from PayPal.
  • Client Secret - Provide the client secret copied from PayPal.
  • Scopes - You can leave this field empty, as PayPal will default to the necessary scopes, or specify the required scopes based on your needs, such as https://uri.paypal.com/services/invoicing. For more detailed information, you can refer to the official PayPal Developer Documentation.

Client Workload Configuration

Section titled “Client Workload Configuration”

Aembit now handles the credentials required to access the Server Workload, eliminating the need for you to manage them directly. You can safely remove any previously used credentials from the Client Workload.

If you access the Server Workload through an SDK or library, it is possible that the SDK/library may still require credentials to be present for initialization purposes. In this scenario, you can provide placeholder credentials. Aembit will overwrite these placeholder credentials with the appropriate ones during the access process.

Access Policy

Section titled “Access Policy”
  • Create an access policy for a Client Workload to access the PayPal Server Workload and assign the newly created Credential Provider to it.

Required Features

Section titled “Required Features”
  • You will need to configure the TLS Decrypt feature to work with the PayPal Server Workload.