User Tools
admin_dashboard:system_admin:system_settings:create_sandboxpaypaladaptiveapi
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
admin_dashboard:system_admin:system_settings:create_sandboxpaypaladaptiveapi [2015/07/29 09:49] mooeditor |
admin_dashboard:system_admin:system_settings:create_sandboxpaypaladaptiveapi [2015/07/29 10:03] mooeditor [Renewing an API certificate] |
||
|---|---|---|---|
| Line 27: | Line 27: | ||
| ^Credential Set ^Credential Names | | ^Credential Set ^Credential Names | | ||
| - | |//Signature// set | | + | | \\ \\ \\ Signature Set \\ | \\ API Username \\ \\ API Password \\ \\ Signature \\ | |
| - | * API Username | + | | \\ \\ \\ Certificate Set \\ | \\ API Username \\ \\ API Password \\ \\ Certificate \\ | |
| - | * API Password | + | |
| - | * Signature | + | |
| - | |//Certificate// set | | + | |
| - | * API Username | + | |
| - | * API Password | + | |
| - | * Certificate | + | |
| While you can use either set to authenticate requests to the Classic API platform, for security reasons, PayPal recommends you use Certificate credentials. For more on Certificate credentials, see [[https://developer.paypal.com/docs/classic/api/apiCredentials/#certs|Managing Certificate Credentials]]. | While you can use either set to authenticate requests to the Classic API platform, for security reasons, PayPal recommends you use Certificate credentials. For more on Certificate credentials, see [[https://developer.paypal.com/docs/classic/api/apiCredentials/#certs|Managing Certificate Credentials]]. | ||
| **Note:** You authenticate calls to the //Adaptive// APIs (Adaptive Accounts, Adaptive Payments, the Invoicing service, and the Permissions service) using these same credentials. However, all Adaptive platform APIs require that you also supply an ''appID'' in addition to your Signature or Certificate credential values. | **Note:** You authenticate calls to the //Adaptive// APIs (Adaptive Accounts, Adaptive Payments, the Invoicing service, and the Permissions service) using these same credentials. However, all Adaptive platform APIs require that you also supply an ''appID'' in addition to your Signature or Certificate credential values. | ||
| + | |||
| + | \\ | ||
| ===== Creating Classic API credentials ===== | ===== Creating Classic API credentials ===== | ||
| Line 46: | Line 42: | ||
| ==== 1. Log in to PayPal.com ==== | ==== 1. Log in to PayPal.com ==== | ||
| - | You must have a PayPal Business account to make calls to the live PayPal servers. Log in to your Business account on the following page:[[https://www.paypal.com/|https://www.paypal.com]]. | + | You must have a PayPal Business account to make calls to the live PayPal servers. Log in to your Business account on the following page: [[https://www.paypal.com|https://www.paypal.com]]. |
| ==== 2. Navigate to the API Access page ==== | ==== 2. Navigate to the API Access page ==== | ||
| Line 52: | Line 48: | ||
| Click the profile (person) icon in the top right and select **Profile and Settings** from the drop-down menu. Then navigate to **My Selling Tools** > **API Access** and click **Update**. | Click the profile (person) icon in the top right and select **Profile and Settings** from the drop-down menu. Then navigate to **My Selling Tools** > **API Access** and click **Update**. | ||
| - | <font 11.844px font-weight: bold; line-height: 14px; color: rgb(255, 255, 255); text-shadow: rgba(0, 0, 0, 0.247059) 0px -1px 0px; white-space: nowrap; vertical-align: baseline; border-radius: 3px; background-color: rgb(153, 153, 153);/arial;;#000000;;rgb(255, 255, 255) text-shadow: rgba(0, 0, 0, 0.247059) 0px -1px 0px; white-space: nowrap; vertical-align: baseline; border-radius: 3px; background-color: rgb(153, 153, 153);>Note</font> If you do not see the profile (person) icon in the top right, navigate to the API Access page by clicking **My Account** > **Profile** > **My Selling Tools** > **API Access**. | + | Note |
| + | If you do not see the profile (person) icon in the top right, navigate to the API Access page by clicking **My Account** > **Profile** > **My Selling Tools** > **API Access**. | ||
| ==== 3. Generate the Certificate set ==== | ==== 3. Generate the Certificate set ==== | ||
| - | - | + | 1.Click **Request API Credentials** on the **API Access** page: |
| - | Click **Request API Credentials** on the **API Access** page: | + | {{https://www.paypalobjects.com/webstatic/en_US/developer/docs/api/classicApiCerts/requestApiCreds.png?nolink&}} |
| - | {{https://www.paypalobjects.com/webstatic/en_US/developer/docs/api/classicApiCerts/requestApiCreds.png?nolink&100}} | + | **Note:** If you’ve already generated a set of API credentials, you’ll have to delete your existing set before you can generate a new set of credentials. |
| - | **Note:** If you’ve already generated a set of API credentials, you’ll have to delete your existing set before you can generate a new set of credentials. | + | 2.Select **Request API signature** and click **Agree and Submit** to generate a set of Signature credentials. |
| - | + | ||
| - | - | + | |
| - | + | ||
| - | Select **Request API signature** and click **Agree and Submit** to generate a set of Signature credentials. | + | |
| Here’s an example showing a set of Signature credentials (for [[https://developer.paypal.com/docs/classic/api/apiCredentials/#certs|Certificate]] credentials, see the section below): | Here’s an example showing a set of Signature credentials (for [[https://developer.paypal.com/docs/classic/api/apiCredentials/#certs|Certificate]] credentials, see the section below): | ||
| - | {{https://www.paypalobjects.com/webstatic/en_US/developer/docs/api/classicApiCerts/signatureCredentials.png?nolink&100}} | + | {{https://www.paypalobjects.com/webstatic/en_US/developer/docs/api/classicApiCerts/signatureCredentials.png?nolink&}} |
| ===== Managing certificate credentials ===== | ===== Managing certificate credentials ===== | ||
| Line 76: | Line 69: | ||
| Certificate credentials are much like the Signature credentials described above, however there are differences in the way that you generate and use the credentials. | Certificate credentials are much like the Signature credentials described above, however there are differences in the way that you generate and use the credentials. | ||
| - | **Note:** If your API Certificate is expiring, skip ahead to [[https://developer.paypal.com/docs/classic/api/apiCredentials/#renew|Renewing an API Certificate]]. | + | **Note:** If your API Certificate is expiring, skip ahead to [[https://developer.paypal.com/docs/classic/api/apiCredentials/#renew|Renewing an API Certificate]]. |
| You create an API Certificate much like create Signature credentials. The steps below describe the differences: | You create an API Certificate much like create Signature credentials. The steps below describe the differences: | ||
| - | - | + | 1.On the **Request API Credentials** page, select the **Request API Certificate** radio button, then click the **Agree and Submit** button (see [[https://developer.paypal.com/docs/classic/api/apiCredentials/#step3|Step 3]] above for more details).{{https://www.paypalobjects.com/webstatic/en_US/developer/docs/api/classicApiCerts/createCert.png?nolink&}} |
| - | On the **Request API Credentials** page, select the **Request API Certificate** radio button, then click the **Agree and Submit** button (see [[https://developer.paypal.com/docs/classic/api/apiCredentials/#step3|Step 3]] above for more details). | + | The **Download or Remove API Certificate** page displays. |
| - | {{https://www.paypalobjects.com/webstatic/en_US/developer/docs/api/classicApiCerts/createCert.png?nolink&100}} | + | 2.Click **Download Certificate**.\\ |
| + | The certificate is downloaded to a file named ''cert_key_perm.txt''. Be sure to save the file to a secure location. | ||
| - | The **Download or Remove API Certificate** page displays. | + | PayPal formats the API Certificate file in PEM format. The file contains both your //public certificate// and the associated //private key//. Although the PEM certificate is not human readable, the file is not [[https://developer.paypal.com/docs/classic/api/apiCredentials/#encrypt|encrypted]]. |
| - | + | ||
| - | - | + | |
| - | + | ||
| - | Click **Download Certificate**. \\ The certificate is downloaded to a file named ''cert_key_perm.txt''. Be sure to save the file to a secure location. | + | |
| - | + | ||
| - | PayPal formats the API Certificate file in PEM format. The file contains both your //public certificate// and the associated //private key//. Although the PEM certificate is not human readable, the file is not [[https://developer.paypal.com/docs/classic/api/apiCredentials/#encrypt|encrypted]]. | + | |
| ==== Renewing an API certificate ==== | ==== Renewing an API certificate ==== | ||
| Line 100: | Line 88: | ||
| The certificate renewal process generates a new certificate that you can install to replace any expiring certificate. | The certificate renewal process generates a new certificate that you can install to replace any expiring certificate. | ||
| - | - | + | 1.Log in to your PayPal account, and navigate to the **Manage API Certificate** page.\\ |
| + | To do so, select **My Account > Profile > My Selling Tools**, click the **Update (API Access)** link, then click **View API Certificate**. | ||
| - | Log in to your PayPal account, and navigate to the **Manage API Certificate** page. \\ To do so, select **My Account > Profile > My Selling Tools**, click the **Update (API Access)** link, then click **View API Certificate**. | + | 2.On the **Manage API Certificate** page, check the status of your API Certificate, whether it is **Active** or **About to expire**. |
| - | - | + | {{https://www.paypalobjects.com/webstatic/en_US/developer/docs/api/classicApiCerts/certAlert.png?nolink&}} |
| - | On the **Manage API Certificate** page, check the status of your API Certificate, whether it is **Active** or **About to expire**. | + | 3.If the status of your certificate is **About to expire**, click the **Renew certificate** button. |
| - | {{https://www.paypalobjects.com/webstatic/en_US/developer/docs/api/classicApiCerts/certAlert.png?nolink&100}} | + | An additional certificate is generated and given an **Active** status. Both the new and old certificates appear in the **Manage API Certificate** page. |
| - | - | + | {{https://www.paypalobjects.com/webstatic/en_US/developer/docs/api/classicApiCerts/certRenewed.png?nolink&}} |
| - | If the status of your certificate is **About to expire**, click the **Renew certificate** button. | + | 4.On the certificate marked as //Active//, click **Download certificate** and follow the steps in [[https://developer.paypal.com/docs/classic/api/apiCredentials/#certs|Managing Certificate Credentials]] for details on downloading and using the updated certificate. |
| - | An additional certificate is generated and given an **Active** status. Both the new and old certificates appear in the **Manage API Certificate** page. | + | After you’ve imported the new API Certificate, test your integration to ensure it works with the new certificate. Distribute your new API Certificate to all affected partners. Once the old certificate expires, remove it by clicking the **Remove certificate** button associated with the certificate. |
| - | + | ||
| - | {{https://www.paypalobjects.com/webstatic/en_US/developer/docs/api/classicApiCerts/certRenewed.png?nolink&100}} | + | |
| - | + | ||
| - | - | + | |
| - | + | ||
| - | On the certificate marked as //Active//, click **Download certificate** and follow the steps in [[https://developer.paypal.com/docs/classic/api/apiCredentials/#certs|Managing Certificate Credentials]] for details on downloading and using the updated certificate. | + | |
| - | + | ||
| - | After you’ve imported the new API Certificate, test your integration to ensure it works with the new certificate. Distribute your new API Certificate to all affected partners. Once the old certificate expires, remove it by clicking the **Remove certificate** button associated with the certificate. | + | |
| ==== Encrypting your certificate ==== | ==== Encrypting your certificate ==== | ||
| Line 128: | Line 109: | ||
| The PayPal SDKs for Java, .NET, and Classic ASP require the additional step of encrypting the certificate into PKCS12 format before you can use it with the SDKs. (Note that the PayPal SDK for PHP does not require SSL encryption.) | The PayPal SDKs for Java, .NET, and Classic ASP require the additional step of encrypting the certificate into PKCS12 format before you can use it with the SDKs. (Note that the PayPal SDK for PHP does not require SSL encryption.) | ||
| - | **Tip:** If you do use encryption, be sure to encrypt both your Sandbox and your live API certificates. | + | **Tip:** If you do use encryption, be sure to encrypt both your Sandbox and your live API certificates. |
| The steps to encrypt your certificate require the OpenSSL encryption tool. While Unix users likely have this tool installed with their operating system, Windows users need to download OpenSSL. Accept the defaults to install OpenSSL. | The steps to encrypt your certificate require the OpenSSL encryption tool. While Unix users likely have this tool installed with their operating system, Windows users need to download OpenSSL. Accept the defaults to install OpenSSL. | ||
| - | - | + | 1.Open a command prompt. |
| - | Open a command prompt. \\ In Windows, select **Start > Programs > Accessories > Command Prompt**. | + | In Windows, select **Start > Programs > Accessories > Command Prompt**. |
| - | - | + | 2.Ensure OpenSSL bin directory is in your system path. If it is not, add it to your path. |
| - | Ensure OpenSSL bin directory is in your system path. If it is not, add it to your path. | + | 3.Change directories to the location of the certificate you want to encrypt (''cert_key_pem.txt'') and execute the following command: |
| + | <code asp> | ||
| + | ''openssl pkcs12 -export -in cert_key_pem.txt -inkey cert_key_pem.txt -out paypal_cert.p12'' | ||
| + | </code> | ||
| - | - | + | **Note:** When encrypting a certificate, you’re prompted for a password that you use to decrypt the file. Enter a password at the **Enter Export Password** prompt and be sure to store it in a secure location. |
| - | + | ||
| - | Change directories to the location of the certificate you want to encrypt (''cert_key_pem.txt'') and execute the following command: | + | |
| - | + | ||
| - | <prettyprint prettyprinted> | + | |
| - | ''<font 9pt/arial;;rgb(72, 72, 76);;#ffffff>openssl pkcs12</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>-</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>export</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>-</font> <font 9pt/arial;;rgb(30, 52, 123);;#ffffff>in</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>cert_key_pem</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>.</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>txt</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>-</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>inkey cert_key_pem</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>.</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>txt</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>-</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>out paypal_cert</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>.</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>p12</font> '' | + | |
| - | </prettyprint> | + | |
| - | + | ||
| - | **Note:** When encrypting a certificate, you’re prompted for a password that you use to decrypt the file. Enter a password at the **Enter Export Password** prompt and be sure to store it in a secure location. | + | |
| The above process creates a file named ‘paypal_cert.p12’, your encrypted API certificate. | The above process creates a file named ‘paypal_cert.p12’, your encrypted API certificate. | ||
| Line 154: | Line 130: | ||
| === Installing the certificate for .NET or Classic ASP === | === Installing the certificate for .NET or Classic ASP === | ||
| - | If you’re using either the PayPal SDK for .NET or the SDK for Classic ASP, you need to //install// the encrypted certificate. | + | If you’re using either the PayPal SDK for .NET or the SDK for Classic ASP, you need to //install// the encrypted certificate. |
| If you’re developing with the PayPal SDK for .NET, Windows requires you to import the certificate into the Windows Certificate Store and grant access to your private key to the user executing your web application. Microsoft provides a utility that accomplishes these tasks in a single command. The utility, called the Windows HTTP Services Certificate Configuration Tool (or WinHttpCertCfg.exe) is freely available from Microsoft. | If you’re developing with the PayPal SDK for .NET, Windows requires you to import the certificate into the Windows Certificate Store and grant access to your private key to the user executing your web application. Microsoft provides a utility that accomplishes these tasks in a single command. The utility, called the Windows HTTP Services Certificate Configuration Tool (or WinHttpCertCfg.exe) is freely available from Microsoft. | ||
| Line 160: | Line 136: | ||
| To use the utility, you need Administrator rights. Enter the following command at a command prompt, and make the appropriate replacements as described below: | To use the utility, you need Administrator rights. Enter the following command at a command prompt, and make the appropriate replacements as described below: | ||
| - | <prettyprint prettyprinted> | + | <code php> |
| - | ''<font 9pt/arial;;rgb(0, 128, 128);;#ffffff>WinHttpCertCfg</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff></font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>-</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>i \<paypal_cert</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>.</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>p12</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>></font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff></font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>-</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>p \<privateKeyPassword</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>></font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff></font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>-</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>c LOCAL_MACHINE\my</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>-</font> <font 9pt/arial;;rgb(72, 72, 76);;#ffffff>a \<userName</font> <font 9pt/arial;;rgb(170, 170, 170);;#ffffff>></font> '' | + | ''WinHttpCertCfg -i \<paypal_cert.p12> -p \<privateKeyPassword> -c LOCAL_MACHINE\my -a \<userName>'' |
| - | </prettyprint> | + | </code> |
| * Replace <paypal_cert.p12> with the name of PKCS12 Encrypted API Certificate you previously generated. | * Replace <paypal_cert.p12> with the name of PKCS12 Encrypted API Certificate you previously generated. | ||
| * Replace <privateKeyPassword> with the password you used to encrypt the certificate. | * Replace <privateKeyPassword> with the password you used to encrypt the certificate. | ||
| Line 169: | Line 146: | ||
| * Under Windows IIS 5 (default configuration), this value is IWAM_, where is the appropriate computer name. | * Under Windows IIS 5 (default configuration), this value is IWAM_, where is the appropriate computer name. | ||
| * Under Windows IIS 6 (default configuration), this value is “NETWORK SERVICE” (make sure to include the quotation marks). | * Under Windows IIS 6 (default configuration), this value is “NETWORK SERVICE” (make sure to include the quotation marks). | ||
| - | |||
| - | \\ | ||
admin_dashboard/system_admin/system_settings/create_sandboxpaypaladaptiveapi.txt · Last modified: 2015/08/24 01:12 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
