Constructing a Paypal OAuth

Question

I am trying to get an access token for Paypal's RESTful web services but unfortunately not making any headway. This is my first time dealing with REST, so please be patient with me :)

Here is what I have:

1. Client_id and secret as provided by Paypal for a sandbox account through the paypal developer website.
2. The ENDpoint: https://api.sandbox.paypal.com/v1/oauth2/token

The documentation that i am referring to is : https://developer.paypal.com/webapps/developer/docs/integration/direct/make-your-first-call/

Now the juicy part of making that API call. I am developing in PHP so I am using CURL to make the calls. something like this;

const CLIENT_ID = ****..*** ;
const SECRET = ***..***;

$base64EncodedClientID = base64_encode(self::CLIENT_ID . ":" . self::SECRET);
$headers = array("Authorization" => "Basic " . $base64EncodedClientId, "Accept" =>"*/*", "Content-type" => "multipart/form-data");
$params = array("grant_type"=>"client_credentials");
$url = "https://api.sandbox.paypal.com/v1/oauth2/token";

 $ch = curl_init();
 curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($ch,CURLOPT_URL, $url);
 curl_setopt($ch,CURLOPT_POST, true);
 curl_setopt($ch,CURLOPT_HEADER, $headers);
 curl_setopt($ch,CURLOPT_POSTFIELDS,$params);
 $response = curl_exec($ch);    

Pretty vanilla right? Except that I do not get the JSON response that I expect from Paypal but false. This implies that my CURL request was not prepared well, perhaps I am setting the header incorrectly or the params are incorrect. Regardless, the URL is definitely accessible since I was able to access it through command line with the same credentials and got the desired JSON response.

The one glaring problem I have with the above code is that I am providing the client_id and secret as a header option. basic sense tells me that they need to be part of the POST field data However, if you look at line 89 of this Github code https://github.com/paypal/rest-api-sdk-php/blob/master/lib/PayPal/Auth/OAuthTokenCredential.php (Paypals' official PHP REST SDK), it clearly states that the credentials are being set in the header field.

Where am I messing up ?

Answer 1

Had the exact same problem you ran into. The issue is that PayPal accepts the content-type application/x-www-form-urlencoded. Your code is attempting to send multipart/form-data. CURL by default sends application/x-www-form-urlencoded, but you are passing your data as an array. Instead, you should be passing the data like a url encoded string since this is what application/x-www-form-urlencoded data looks like:

$params = "grant_type=client_credentials";

Your headers have the same problem. Pass it as an array of strings instead of a dictionary. For instance:

$headers = ["Authorization Basic " . $base64EncodedClientId];

Also, you don't need those other two headers you passed in. The 'Accept' header does nothing since you are accepting everything, and the Content-type is wrong for one, and two is defaulted to 'application/x-www-form-urlencoded' by CURL so unless you need to override that, there is no need.

Answer 2

With curl you don't need to manually generate the base64 encoded value for the Authorization header just use the CURLOPT_USERPWD option and pass the clientID and secret as the user:pwd.

curl_setopt($curl, CURLOPT_USERPWD, $clientId . ":" . $clientSecret);

here is a sample - look for the get_access_token() method: https://github.com/paypal/rest-api-curlsamples/blob/master/execute_all_calls.php