All docs This doc
Skip to end of metadata
Go to start of metadata


Overview

The following operations allow you to work with Identities to grant access tokens and to retrieve a user's profile.. Click an operation name to see details on how to use it.

For a sample proxy service the illustrates how to work with identities, see Sample configuration.

OperationDescription

grantTokenFromAuthorization

Grants a new access token using the previously obtained authorization code

grantTokenFromRefreshToken

Grants a new access token using a refresh token

getUserInformation

Retrieves a user's profile attributes

Operation details

This section provides details on each of the operations.

Granting a token from the authorization code 

 Use this operation to grant a new access token using the previously obtained authorization code.

grantTokenFromAuthorization
<paypal.grantTokenFromAuthorization>
	<clientId>{$ctx:clientId}</clientId>
    <clientSecret>{$ctx:clientSecret}</clientSecret>
    <grantType>{$ctx:grantType}</grantType>
    <code>{$ctx:code}</code>
    <redirectUri>{$ctx:redirectUri}</redirectUri>
</paypal.grantTokenFromAuthorization>

Properties

  • clientId: Optional - Unique client identifier obtained through the application registration process.
  • clientSecret: Optional - Unique client secret key obtained through the application registration process.
  • grantType: Required - Token grant type. This value must be set tot authorization_code.
  • code: Optional - Authorization code previously received from the authorization server.
  • redirectUri: Optional - Redirection endpoint.
Sample request

Following is a sample REST request that can be handled by the grantTokenFromAuthorization operation.

Sample request for grantTokenFromAuthorization
{
"apiUrl":"https://api.sandbox.paypal.com",
"clientId":"AazsdhAqKoo7e-CaKAnCfXACwJcCPW-J5VraF2USZXPSjtuKGczJI8qIKu88",
"clientSecret":"EKCVQRCq5aj6SwNGX6UYv30Z7PTQNf8CmBmtWzPaPrQYC9-Us8nY1xF7pfdz",
"grantType":"authorization_code",
"code":"123",
"redirectUri":"www.google.com"
}

Related PayPal documentation

https://developer.paypal.com/webapps/developer/docs/api/#grant-token-from-authorization-code

Granting a token from a refresh token 

Use this operation to grant a new access token using a refresh token.

grantTokenFromRefreshToken
<paypal.grantTokenFromRefreshToken>
	<clientId>{$ctx:clientId}</clientId>
    <clientSecret>{$ctx:clientSecret}</clientSecret>
    <grantType>{$ctx:grantType}</grantType>
    <refreshToken>{$ctx:refreshToken}</refreshToken>
    <scope>{$ctx:scope}</scope>
</paypal.grantTokenFromRefreshToken>

Properties

  • clientId: Required - Unique client identifier obtained through the application registration process.
  • clientSecret: Required - Unique client secret key obtained through the application registration process.
  • grantType: Required - Token grant type. This value must be set to refresh_token.
  • refreshToken: Required - Refresh token previously received along with the access token that is to be refreshed.
  • scope: Optional - Resource URL endpoints that the client wants the token to be scoped for. The value of the scope parameter is expressed as a list of space-delimited, case-sensitive strings. These scope values must be a subset of the scopes originally granted by the resource owner. The following table provides a list of possible values. Note that when specifying the scope, you must always specify openid in addition to the other scope values.

 

User attributeMy apps form categoryScope value
NoneBasic Authenticationopenid
Full namePersonal Informationprofile
Date of birthPersonal Informationprofile
Age rangePersonal Information https://uri.paypal.com/services/paypalattributes
Email addressAddress Informationemail
Street addressAddress Informationaddress
CityAddress Informationaddress
StateAddress Informationaddress
CountryAddress Informationaddress
Zip codeAddress Informationaddress
PhoneAddress Informationphone
Account status (verified)Account Information https://uri.paypal.com/services/paypalattributes
Acount typeAccount Information https://uri.paypal.com/services/paypalattributes
Account creation dateAccount Information https://uri.paypal.com/services/paypalattributes
Time zoneAccount Informationprofile
LocaleAccount Informationprofile
LanguageAccount Informationprofile
Use Seamless CheckoutAdditional PayPal permissions https://uri.paypal.com/services/expresscheckout
Gender profile
Sample request 

Following is a sample REST request that can be handled by the grantTokenFromRefreshToken operation.

Sample request for grantTokenFromRefreshToken
{
"apiUrl":"https://api.sandbox.paypal.com",
"clientId":"AazsdhAqKoo7e-CaKAnCfXACwJcCPW-J5VraF2USZXPSjtuKGczJI8qIKu88",
"clientSecret":"EKCVQRCq5aj6SwNGX6UYv30Z7PTQNf8CmBmtWzPaPrQYC9-Us8nY1xF7pfdz",
"grantType":"refresh_token",
"refreshToken":"wqdI69Yfsu3ShU2IShvd2d",
"scope":"profile email address"
}

Related PayPal documentation

https://developer.paypal.com/webapps/developer/docs/api/#grant-token-from-refresh-token

Getting user information 

Use this operation to retrieve user profile attributes.

getUserInformation
<paypal.getUserInformation>
	<schema>{$ctx:schema}</schema>
</paypal.getUserInformation>

Properties

  • schema: The schema that is used to return as per open ID connect protocol. Currently, the only supported value is openid.
Sample request

Following is a sample REST request that can be handled by the getUserInformation operation.

Sample request for getUserInformation
{
  "apiUrl":"https://api.sandbox.paypal.com",
  "accessToken":"V4saEx7w-XMcoECtx7GmlISJxVLXKRdDTYd7adW864M",
  "schema":"openid"
}

Related PayPal documentation

https://developer.paypal.com/webapps/developer/docs/api/#get-user-information

Sample configuration

Following is a sample proxy service that illustrates how to connect to PayPal with the init operation and use the grantTokenFromAuthorization operation. The sample request for this proxy can be found in grantTokenFromAuthorization sample request. You can use this sample as a template for using other operations in this category.

As a best practice, create a separate sequence for handling the response payload for errors. In the following sample, this sequence is "faultHandlerSeq".

Sample Proxy
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="PayPal_grantTokenFromAuthorization"
       transports="https,http"
       statistics="disable"
       trace="disable"
       startOnLoad="true">
   <target>
      <inSequence onError="faultHandlerSeq">
         <property name="apiUrl" expression="json-eval($.apiUrl)"/>
         <property name="clientId" expression="json-eval($.clientId)"/>
         <property name="clientSecret" expression="json-eval($.clientSecret)"/>
         <property name="grantType" expression="json-eval($.grantType)"/>
         <property name="code" expression="json-eval($.code)"/>
         <property name="redirectUri" expression="json-eval($.redirectUri)"/>
         <paypal.init>
            <apiUrl>{$ctx:apiUrl}</apiUrl>
         </paypal.init>
         <paypal.grantTokenFromAuthorization>
            <clientId>{$ctx:clientId}</clientId>
            <clientSecret>{$ctx:clientSecret}</clientSecret>
            <grantType>{$ctx:grantType}</grantType>
            <code>{$ctx:code}</code>
            <redirectUri>{$ctx:redirectUri}</redirectUri>
         </paypal.grantTokenFromAuthorization>
         <filter source="$axis2:HTTP_SC" regex="^[^2][\d][\d]">
            <then>
               <property name="ERROR_CODE" expression="$axis2:HTTP_SC"/>
               <switch source="$axis2:HTTP_SC">
                  <case regex="401">
                     <property name="ERROR_MESSAGE" value="Unauthorized"/>
                  </case>
                  <case regex="404">
                     <property name="ERROR_MESSAGE" value="Not Found"/>
                  </case>
                  <case regex="400">
                     <property name="ERROR_MESSAGE" value="Bad Request"/>
                     <property name="error_description" expression="json-eval($.error_description)"/>
                  </case>
               </switch>
               <sequence key="faultHandlerSeq"/>
            </then>
         </filter>
         <respond/>
      </inSequence>
      <outSequence>
         <send/>
      </outSequence>
   </target>
   <description/>
</proxy>
                                
  • No labels