User Tools

Site Tools


Creating and Managing Classic API Credentials

When calling PayPal Classic APIs, you must authenticate each request using a set of API credentials. PayPal associates a set of API credentials with a specific PayPal account, and you can generate credentials for any PayPal Business or Premier account.

This guide describes how to create the credentials you need to make calls to the live PayPal environment. For generating and using credentials for testing in the Sandbox, see Testing Classic API Calls.


Credential types

The Classic APIs support two different types of credentials:

  • Signature API credentials
  • Certificate API credentials

Each credential set contains three credential values:

Credential Set Credential Names

Signature Set

API Username

API Password


Certificate Set

API Username

API Password


While you can use either set to authenticate requests to the Classic API platform, for security reasons, PayPal recommends you use Certificate credentials. For more on Certificate credentials, see Managing Certificate Credentials.

Note: You authenticate calls to the Adaptive APIs (Adaptive Accounts, Adaptive Payments, the Invoicing service, and the Permissions service) using these same credentials. However, all Adaptive platform APIs require that you also supply an appID in addition to your Signature or Certificate credential values.

Creating Classic API credentials

Create your live Classic API credentials from the site as follows:

1. Log in to

You must have a PayPal Business account to make calls to the live PayPal servers. Log in to your Business account on the following page:

Click the profile (person) icon in the top right and select Profile and Settings from the drop-down menu. Then navigate to My Selling Tools > API Access and click Update.

Note If you do not see the profile (person) icon in the top right, navigate to the API Access page by clicking My Account > Profile > My Selling Tools > API Access.

3. Generate the Certificate set

1.Click Request API Credentials on the API Access page:

Note: If you’ve already generated a set of API credentials, you’ll have to delete your existing set before you can generate a new set of credentials.

2.Select Request API signature and click Agree and Submit to generate a set of Signature credentials.

Here’s an example showing a set of Signature credentials (for Certificate credentials, see the section below):

Managing certificate credentials

Certificate credentials are much like the Signature credentials described above, however there are differences in the way that you generate and use the credentials.

Note: If your API Certificate is expiring, skip ahead to Renewing an API Certificate.

You create an API Certificate much like create Signature credentials. The steps below describe the differences:

1.On the Request API Credentials page, select the Request API Certificate radio button, then click the Agree and Submit button (see Step 3 above for more details).

The Download or Remove API Certificate page displays.

2.Click Download Certificate.
The certificate is downloaded to a file named cert_key_perm.txt. Be sure to save the file to a secure location.

PayPal formats the API Certificate file in PEM format. The file contains both your public certificate and the associated private key. Although the PEM certificate is not human readable, the file is not encrypted.

Renewing an API certificate

An API Certificate is valid for 10 years after its creation date, after which it expires. To prevent an interruption in API services, you must renew your certificate before it expires.

The certificate renewal process generates a new certificate that you can install to replace any expiring certificate.

1.Log in to your PayPal account, and navigate to the Manage API Certificate page.
To do so, select My Account > Profile > My Selling Tools, click the Update (API Access) link, then click View API Certificate.

2.On the Manage API Certificate page, check the status of your API Certificate, whether it is Active or About to expire.

3.If the status of your certificate is About to expire, click the Renew certificate button.

An additional certificate is generated and given an Active status. Both the new and old certificates appear in the Manage API Certificate page.

4.On the certificate marked as Active, click Download certificate and follow the steps in Managing Certificate Credentials for details on downloading and using the updated certificate.

After you’ve imported the new API Certificate, test your integration to ensure it works with the new certificate. Distribute your new API Certificate to all affected partners. Once the old certificate expires, remove it by clicking the Remove certificate button associated with the certificate.

Encrypting your certificate

The PayPal SDKs for Java, .NET, and Classic ASP require the additional step of encrypting the certificate into PKCS12 format before you can use it with the SDKs. (Note that the PayPal SDK for PHP does not require SSL encryption.)

Tip: If you do use encryption, be sure to encrypt both your Sandbox and your live API certificates.

The steps to encrypt your certificate require the OpenSSL encryption tool. While Unix users likely have this tool installed with their operating system, Windows users need to download OpenSSL. Accept the defaults to install OpenSSL.

1.Open a command prompt.

In Windows, select Start > Programs > Accessories > Command Prompt.

2.Ensure OpenSSL bin directory is in your system path. If it is not, add it to your path.

3.Change directories to the location of the certificate you want to encrypt (cert_key_pem.txt) and execute the following command:

 ''openssl pkcs12 -export -in cert_key_pem.txt -inkey cert_key_pem.txt -out paypal_cert.p12''

Note: When encrypting a certificate, you’re prompted for a password that you use to decrypt the file. Enter a password at the Enter Export Password prompt and be sure to store it in a secure location.

The above process creates a file named ‘paypal_cert.p12’, your encrypted API certificate.

Installing the certificate for .NET or Classic ASP

If you’re using either the PayPal SDK for .NET or the SDK for Classic ASP, you need to install the encrypted certificate.

If you’re developing with the PayPal SDK for .NET, Windows requires you to import the certificate into the Windows Certificate Store and grant access to your private key to the user executing your web application. Microsoft provides a utility that accomplishes these tasks in a single command. The utility, called the Windows HTTP Services Certificate Configuration Tool (or WinHttpCertCfg.exe) is freely available from Microsoft.

To use the utility, you need Administrator rights. Enter the following command at a command prompt, and make the appropriate replacements as described below:

 ''WinHttpCertCfg -i \<paypal_cert.p12> -p \<privateKeyPassword> -c LOCAL_MACHINE\my -a \<userName>''
  • Replace <paypal_cert.p12> with the name of PKCS12 Encrypted API Certificate you previously generated.
  • Replace <privateKeyPassword> with the password you used to encrypt the certificate.
  • Replace <userName> with the name of the user executing your application.
    • For an ASP.NET application, this value is ASPNET.
    • Under Windows IIS 5 (default configuration), this value is IWAM_, where is the appropriate computer name.
    • Under Windows IIS 6 (default configuration), this value is “NETWORK SERVICE” (make sure to include the quotation marks).

Adaptive Payments

The Adaptive Payments API allows merchants and developers to pay almost anyone and set up automated payments. They can create applications that manage payments, payment preapprovals, and refunds. They can also send money peer-to-peer, split payments in both parallel and chained models, accept guest payments, and schedule disbursements. The Adaptive Payments API works on multiple platforms including the web and mobile environments.

Applicable Use Cases

How it works

Merchants and developers can control their customers' entire transaction within a single interface. PayPal's Adaptive Payments API handles everything from micropayments for digital goods to a robust payroll system.

Why use Adaptive Payments API

Adaptive Payments API allows merchants to:

Build applications to handle payments

Send simple payments to a single recipient.

Make split payments to multiple recipients.

Send chained payments to multiple recipients, one after the other. Each recipient can take a cut of the payment.

Make parallel payments to multiple recipients at the same time.

Manage refunds

Issue full or partial refunds from your own account or on behalf of someone else.

Obtain currency foreign exchange rates

Convert a specific amount or a list of amounts another currency.

Pay almost anyone with an email address

Make payments to almost anyone with an email address or mobile phone number, with or without a PayPal account. Recipients who don't have a PayPal account can create one in minutes.

Get paid by anyone

Receive payments from anyone with an email address, even if they don't have a PayPal account.

Set up preapproved payment plans

Secure preapproval for future payments, including single-payments, multiple-payments, and subscriptions. The payments can be for a fixed or variable amount over the term of the agreement.

Make disbursements

Make payments from any of your available payment methods. You can make payroll payments, rebate payments, reward payments, and more. Schedule disbursements up to 90 days in advance.

Embed payments in applications

Allow customers to check out without leaving your app or website and accept micropayments for as little as 50 cents.

Developers and merchants can combine:

  • Chained and preapproved payments.
  • Parallel and preapproved payments.

How to get started

  1. Check your account status. Login to PayPal. Go to your PayPal Profile and click My settings. Confirm that your Account type is either Premier or Business, or upgrade your account.
  2. Check your API settings. Click My selling tools. Expand Selling online if needed and check API access. Click Update and Add or edit API permission or View API signature.
  3. Test your integration using the PayPal Sandbox, as described in Testing Classic API Calls. All Adaptive API calls in the Sandbox must have the following standard value as the App ID:
  4. To go live with your application, follow the submission steps outlined in Going Live with Your Application. When you submit your application to PayPal for review, the application is quickly scanned for the requests to PayPal operations. If no “advanced” operations are found, PayPal issues an App ID for the production servers at the time you submit the application. If your application uses “advanced” PayPal operations, or if your application implements a complex business model, you can expect the review to take approximately 10 – 15 days.

Note You can choose to download the Adaptive Payments SDK. See Classic API SDKs for information about the SDKs.

U.S. fees

There are no set-up costs, monthly minimums, cancellation charges, or monthly fees. Transaction fees are calculated as follows.

Monthly sales

Your fee per transaction


$0 – $3,000

2.9% + $0.30

$3.20 fee on a $100 sale

$3,000+ – $10,000

2.5% + $0.30*

$2.80 fee on a $100 sale


2.2% + $0.30*

$2.50 fee on a $100 sale


For details, call 800-514-4920.

Merchant rate qualification required.

The prices apply to domestic payments in U.S. Dollars.

International availability and fees

You can use Adaptive Payments in any country where PayPal is accepted.

You can hold multiple currency balances in your PayPal account or convert a currency balance at competitive rates. There are fees for currency conversion and to receive payments from another country.

For details, see Transaction fees for cross-border payments.

Countries with Currency Restrictions

If you are a PayPal account holder in a country with currency restrictions, make sure that your Adaptive Payment code or Mass Pay file contains requests that meet your country's requirements. If any of the Mass Pay entries do not comply with the country's restrictions, those entries will fail with an error message.

The following table lists the countries with currency restrictions and describes the restrictions that apply to Adaptive Payments and Mass Payments.

Country Currency Code Restrictions
Argentina ARS

* Send payments in ARS only to other Argentine users

  • Send payments in other currencies to all users, including those in Argentina.

Argentine users cannot:

  • Send payments in ARS to users outside of Argentina
  • Send payments that result in currency conversion to or from ARS.

Note Non-Argentine users cannot hold currency balances in ARS.

Brazil BRL

* Send payments in BRL only to other Brazilian users.

  • Send payments in other currencies only to those outside Brazil.

Brazilian users cannot:

  • Send payments to other Brazilian users in a currency other than BRL.
  • Send payments that result in currency conversion to or from BRL.

Note Non-Brazilian users cannot hold currency balances in BRL.

Malaysia MYR

* Send payments in MYR only to other Malaysian users.

  • Send payments in other currencies to all users, including those in Malaysia.

Malaysian users cannot:

  • Send payments that result in currency conversion to or from MYR.
  • Send MYR balances to non-Malaysian users.

Note Non-Malaysian users cannot hold currency balances in MYR.

Developer and Merchant Support

Join the PayPal Partner Program

Join the North America Partner Program and enjoy many valuable benefits, including access to solutions integration information, marketing tools and a listing in our Partner Directory. It's free to join! For details, visit the Partner Program website.

Adaptive Payments Development Resources

You can choose to download the Adaptive Payments SDK. See Classic API SDKs for information about the SDKs.

The Adaptive Payments SDK is required to run the code samples.

Forums to Follow

admin_dashboard/system_admin/system_settings/create_sandboxpaypaladaptiveapi.txt · Last modified: 2015/08/24 01:12 (external edit)