So I have a platform where my customers who are e-commerce companies can log in and connect to their PayPal account. Once they have connected and authorised I can pull their payout data and transactions and apply some business logic to it.
What I struggle to figure out is how to trigger the OAuth flow that takes the user to the PayPal authorization page and then redirects the user back to my page. From the docs it seems like you should provide client_id
and client_secret
, but this won't trigger an OAuth flow, it just returns a token, have I misunderstood something? should the user not go through an OAuth flow?
How will my users get their client_id
and client_secret
? Will THEY have to create an app in the PayPal developer portal to get the client_id
and client_secret
? This seems very unintuitive.
Furthermore there is an expiration time on the token returned, but no refresh_token that I can use. Is the idea that I should save a customers client_id
and client_secret
So to summarize my questions:
- To gain access to the Paypal REST APIs and make requests on the behalf of other merchants, should the merchant go through an OAuth flow?
- Does the merchant have to create an app to obtain their
client_id
andclient_secret
? - How to I refresh the token if there is not fresh token? Do I store the merchants
client_id
andclient_secret
?
The post here says that the OAuth flow has been solved but I seem to understand how it has.