CODEWITHSUNDEEP
phprestapipaypal
Jordan Reddick
Jordan Reddick

Reputation: 456

Paypal Payments REST API - REQUIRED_SCOPE_MISSING

Fails when Execute() an Authorized Payment after user approval.

scopes : "openid profile email address phone https://uri.paypal.com/services/expresscheckout"

consent_uri : "https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize?client_id=my_client_id&response_type=code&scope=openid%20profile%20email%20address%20phone%20https://uri.paypal.com/services/expresscheckout&redirect_uri=https://www.my_site.com/src/paypal.php"

[http_code] => 403
[url] => https://api.sandbox.paypal.com/v1/payments/payment/PAY-55313193UK1537019LCXIDBA/execute
[header] => Array
    (
        [0] => Content-Type:application/json
        [1] => Authorization:Bearer user_access_token_from_identity_api
        [2] => PayPal-Partner-Attribution-Id:pp_attr_id
    )

[post_data] => {"payer_id":"3BTU9WTCHAU2Q"}
[response] => {"name":"REQUIRED_SCOPE_MISSING","message":"Access token is missing required scope.","information_link":"https://developer.paypal.com/webapps/developer/docs/api/#REQUIRED_SCOPE_MISSING","debug_id":"e40c3f6b601a"}

)

I am only using one sandbox client_id and I have the Accept Payments and Use Seamless Checkout permissions enabled.

https://developer.paypal.com/docs/integration/direct/identity/seamless-checkout/

Any insight is greatly appreciated.

Upvotes: 13

Views: 1141

Answers (2)

Jordan Reddick
Jordan Reddick

Reputation: 456

TLDR; I was allowing user login separate from checkout and was signing the checkout requests using that Identity API token. In reality, the Identity token is only useful to log a user into my website, at which point a new Bearer token for the Restful API's should be requested and used.

Answer: From pp-randy on Github:

The access_token you need for your rest payments should be using this API call.

The only token I see from you is from the Identify endpoint /v1/identity/openidconnect/tokenservice which is not correct for the REST Payments.

Randy was right - I was signing the API requests using the token returned when I logged in the user with the Identity API.

In reality, the user's access token that is returned by the Identity API has only one purpose, to sign the request to "/v1/identity/openidconnect/userinfo/" which gets the unique_id used for login.

I was signing requests to the Payments API with that same token returned by the Identity API when I should have been using the token provided from this endpoint:

"/v1/identity/openidconnect/tokenservice"

Paypal Reponse Times: My ticket on Github Paypal SDK was answered in 4 - 5 days My ticket in the Merchant Services Queue was answered in about 4 days

Entire troubleshooting can be found here: https://github.com/paypal/PayPal-PHP-SDK/issues/785#issuecomment-282749095

Randy from the Paypal SDK went above and beyond to answer my question, even though I do not use the SDK. Thank you Randy!

Upvotes: 0

barat
barat

Reputation: 1058

Do you have "Subcription" mark checked in Your app config under the "APP CAPABILITIES" -->> "Advanced options" on developer.paypal.com ?

Upvotes: 2

Related Questions