I’m using the PayPal API to Request Permissions from a merchant to access certain parts of their accout. One of these is the TransactionSearch method.
Normally using TransactionSearch is possible only when providing a USER, PWD, and SIGNATURE. However, I don’t have access to that information from a merchant when using PayPal’s Permissions service. The only information I have consists of:
- a request token,
- a verification code,
- an access token,
- a token secret
- the generated signature (I’m assuming I generated this correctly)
Using this information, I put together the following X-PAYPAL-AUTHORIZATION header:
X-PAYPAL-AUTHORIZATION:timestamp=1337848711,
token=DmyRT4TygwxPvfNExkH29I53S1il6yTmsJFwXRT7jLjaYyezOfUmnQ,
signature=sphzCP0H47JTDJS8uuMsqWHAIAo=
So in the case of TransactionSearch, how can I use the information above to get the transactions I’m looking for? I can, of course, use my own USER, PWD, and SIGNATURE, but that only gives me my own transactions, even if I user the X-PAYPAL_AUTHORIZATION header. I need those of the merchant who I just got permissions from.
If you are acting on behalf of a third party, you need to include a SUBJECT field in your data request and pass the email of the third party merchant. If you have authenticated with this merchant, you should get their information. In Python (sorry – don’t have a PHP example) these are the fields I’m passing in as part of my data (not my header). My header is empty.
Note that this doesn’t use the key at all, which is sort of out of the ordinary.