This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Working with Identities in PayPal
Overview
The following operations allow you to work with Identities to grant access tokens and to retrieve a user's profile.. Click an operation name to see details on how to use it.
For a sample proxy service the illustrates how to work with identities, see Sample configuration.
Operation | Description |
---|---|
Grants a new access token using the previously obtained authorization code | |
Grants a new access token using a refresh token | |
Retrieves a user's profile attributes |
Operation details
This section provides details on each of the operations.
Granting a token from the authorization codeÂ
 Use this operation to grant a new access token using the previously obtained authorization code.
<paypal.grantTokenFromAuthorization> <clientId>{$ctx:clientId}</clientId> <clientSecret>{$ctx:clientSecret}</clientSecret> <grantType>{$ctx:grantType}</grantType> <code>{$ctx:code}</code> <redirectUri>{$ctx:redirectUri}</redirectUri> </paypal.grantTokenFromAuthorization>
Properties
clientId:
 Optional - Unique client identifier obtained through the application registration process.clientSecret:
 Optional - Unique client secret key obtained through the application registration process.grantType:
 Required - Token grant type. This value must be set totÂauthorization_code
.code:
 Optional - Authorization code previously received from the authorization server.redirectUri:
 Optional - Redirection endpoint.
Sample request
Following is a sample REST request that can be handled by the grantTokenFromAuthorization operation.
{ "apiUrl":"https://api.sandbox.paypal.com", "clientId":"AazsdhAqKoo7e-CaKAnCfXACwJcCPW-J5VraF2USZXPSjtuKGczJI8qIKu88", "clientSecret":"EKCVQRCq5aj6SwNGX6UYv30Z7PTQNf8CmBmtWzPaPrQYC9-Us8nY1xF7pfdz", "grantType":"authorization_code", "code":"123", "redirectUri":"www.google.com" }
Related PayPal documentation
https://developer.paypal.com/webapps/developer/docs/api/#grant-token-from-authorization-code
Granting a token from a refresh tokenÂ
Use this operation to grant a new access token using a refresh token.
<paypal.grantTokenFromRefreshToken> <clientId>{$ctx:clientId}</clientId> <clientSecret>{$ctx:clientSecret}</clientSecret> <grantType>{$ctx:grantType}</grantType> <refreshToken>{$ctx:refreshToken}</refreshToken> <scope>{$ctx:scope}</scope> </paypal.grantTokenFromRefreshToken>
Properties
clientId
: Required - Unique client identifier obtained through the application registration process.clientSecret
:Â Required - Unique client secret key obtained through the application registration process.grantType
: Required - Token grant type. This value must be set toÂrefresh_token.
refreshToken
:Â Required - Refresh token previously received along with the access token that is to be refreshed.scope
: Optional - Resource URL endpoints that the client wants the token to be scoped for. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings. These scope values must be a subset of the scopes originally granted by the resource owner. The following table provides a list of possible values. Note that when specifying the scope, you must always specifyÂopenid
 in addition to the other scope values.
Â
User attribute | My apps form category | Scope value |
---|---|---|
None | Basic Authentication | openid |
Full name | Personal Information | profile |
Date of birth | Personal Information | profile |
Age range | Personal Information | https://uri.paypal.com/services/paypalattributes |
Email address | Address Information | email |
Street address | Address Information | address |
City | Address Information | address |
State | Address Information | address |
Country | Address Information | address |
Zip code | Address Information | address |
Phone | Address Information | phone |
Account status (verified) | Account Information | https://uri.paypal.com/services/paypalattributes |
Acount type | Account Information | https://uri.paypal.com/services/paypalattributes |
Account creation date | Account Information | https://uri.paypal.com/services/paypalattributes |
Time zone | Account Information | profile |
Locale | Account Information | profile |
Language | Account Information | profile |
Use Seamless Checkout | Additional PayPal permissions | https://uri.paypal.com/services/expresscheckout |
Gender | Â | profile |
Sample requestÂ
Following is a sample REST request that can be handled by the grantTokenFromRefreshToken
 operation.
{ "apiUrl":"https://api.sandbox.paypal.com", "clientId":"AazsdhAqKoo7e-CaKAnCfXACwJcCPW-J5VraF2USZXPSjtuKGczJI8qIKu88", "clientSecret":"EKCVQRCq5aj6SwNGX6UYv30Z7PTQNf8CmBmtWzPaPrQYC9-Us8nY1xF7pfdz", "grantType":"refresh_token", "refreshToken":"wqdI69Yfsu3ShU2IShvd2d", "scope":"profile email address" }
Related PayPal documentation
https://developer.paypal.com/webapps/developer/docs/api/#grant-token-from-refresh-token
Getting user informationÂ
Use this operation to retrieve user profile attributes.
<paypal.getUserInformation> <schema>{$ctx:schema}</schema> </paypal.getUserInformation>
Properties
schema:
 The schema that is used to return as per open ID connect protocol. Currently, the only supported value isÂopenid
.
Sample request
Following is a sample REST request that can be handled by the getUserInformation
 operation.
{ "apiUrl":"https://api.sandbox.paypal.com", "accessToken":"V4saEx7w-XMcoECtx7GmlISJxVLXKRdDTYd7adW864M", "schema":"openid" }
Related PayPal documentation
https://developer.paypal.com/webapps/developer/docs/api/#get-user-information
Sample configuration
Following is a sample proxy service that illustrates how to connect to PayPal with the init
operation and use the grantTokenFromAuthorization
 operation. The sample request for this proxy can be found in grantTokenFromAuthorization sample request. You can use this sample as a template for using other operations in this category.
As a best practice, create a separate sequence for handling the response payload for errors. In the following sample, this sequence is "faultHandlerSeq".
<?xml version="1.0" encoding="UTF-8"?> <proxy xmlns="http://ws.apache.org/ns/synapse" name="PayPal_grantTokenFromAuthorization" transports="https,http" statistics="disable" trace="disable" startOnLoad="true"> <target> <inSequence onError="faultHandlerSeq"> <property name="apiUrl" expression="json-eval($.apiUrl)"/> <property name="clientId" expression="json-eval($.clientId)"/> <property name="clientSecret" expression="json-eval($.clientSecret)"/> <property name="grantType" expression="json-eval($.grantType)"/> <property name="code" expression="json-eval($.code)"/> <property name="redirectUri" expression="json-eval($.redirectUri)"/> <paypal.init> <apiUrl>{$ctx:apiUrl}</apiUrl> </paypal.init> <paypal.grantTokenFromAuthorization> <clientId>{$ctx:clientId}</clientId> <clientSecret>{$ctx:clientSecret}</clientSecret> <grantType>{$ctx:grantType}</grantType> <code>{$ctx:code}</code> <redirectUri>{$ctx:redirectUri}</redirectUri> </paypal.grantTokenFromAuthorization> <filter source="$axis2:HTTP_SC" regex="^[^2][\d][\d]"> <then> <property name="ERROR_CODE" expression="$axis2:HTTP_SC"/> <switch source="$axis2:HTTP_SC"> <case regex="401"> <property name="ERROR_MESSAGE" value="Unauthorized"/> </case> <case regex="404"> <property name="ERROR_MESSAGE" value="Not Found"/> </case> <case regex="400"> <property name="ERROR_MESSAGE" value="Bad Request"/> <property name="error_description" expression="json-eval($.error_description)"/> </case> </switch> <sequence key="faultHandlerSeq"/> </then> </filter> <respond/> </inSequence> <outSequence> <send/> </outSequence> </target> <description/> </proxy>