Creating an order with the PayPal REST API and cURL is working with Bash.

Here is the Bash script:

$ cat paypal.sh 
# https://developer.paypal.com/api/rest/authentication/

# https://developer.paypal.com/dashboard/applications/sandbox
CLIENT_ID="aaa"
CLIENT_SECRET="aaa"

# authenticate
RESULT=$( \
    curl \
    -s \
    -X POST "https://api-m.sandbox.paypal.com/v1/oauth2/token" \
    -u "${CLIENT_ID}:${CLIENT_SECRET}" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials")
ACCESS_TOKEN=$(echo ${RESULT} | sed 's/.*"access_token":"\([-_a-zA-Z0-9]*\)".*/\1/')
echo "ACCESS_TOKEN=${ACCESS_TOKEN}"

# create order
RESULT=$( \
    curl \
    -s \
    -X POST "https://api-m.sandbox.paypal.com/v2/checkout/orders" \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer ${ACCESS_TOKEN}" \
    -H "PayPal-Request-Id: 7b92603e-77ed-4896-8e78-5dea2050476a" \
    -d '{
  "intent": "CAPTURE",
  "purchase_units":
  [
    {
      "reference_id": "d9f80740-38f0-11e8-b467-0ed5f89f718b",
      "amount":
      {
        "currency_code": "EUR",
        "value": "10.00"
      }
    }
  ],
  "payment_source":
  {
    "paypal":
    {
      "experience_context":
      {
        "payment_method_preference": "IMMEDIATE_PAYMENT_REQUIRED",
        "payment_method_selected": "PAYPAL",
        "brand_name": "EXAMPLE INC",
        "locale": "en-US",
        "landing_page": "LOGIN",
        "shipping_preference": "SET_PROVIDED_ADDRESS",
        "user_action": "PAY_NOW",
        "return_url": "https://example.com/returnUrl",
        "cancel_url": "https://example.com/cancelUrl"
      }
    }
  }
}')
ORDER_ID=$(echo ${RESULT}     | sed 's/.*"id":"\([-a-zA-Z0-9_]*\)".*/\1/')
ORDER_STATUS=$(echo ${RESULT} | sed 's/.*"status":"\([A-Z_]*\)".*/\1/')
ORDER_HREF=$(echo ${RESULT}   | sed 's/.*"href":"\([-a-zA-Z0-9_:/.?=]*\)".*/\1/')
echo "ORDER_ID=${ORDER_ID}"
echo "ORDER_STATUS=${ORDER_STATUS}"
echo "ORDER_HREF=${ORDER_HREF}"

Result:

$ ./paypal.sh 
ACCESS_TOKEN=aaa
ORDER_ID=aaa
ORDER_STATUS=PAYER_ACTION_REQUIRED
ORDER_HREF=https://www.sandbox.paypal.com/checkoutnow?token=aaa

Now, let's try with PHP.

Here is the PHP script (I removed error handling because stackoverflow can't accept my question if I let it):

$ cat paypal.php 
<?php
function authenticate()
{
    $ch = false;
    $client_id = "aaa";
    $client_secret = "aaa";
    $http_header = array("Content-Type: application/x-www-form-urlencoded");
    $post_fields = 'grant_type=client_credentials';
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "https://api.sandbox.paypal.com/v1/oauth2/token");
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_USERPWD, $client_id.":".$client_secret);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $http_header);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
    $result = curl_exec($ch);
    $json = json_decode($result);
    $access_token = $json->access_token;
    curl_close($ch);
    return $access_token;
}
function create_order($access_token)
{
    $ch = false;
    $http_header = array
    (
        "Content-Type: application/x-www-form-urlencoded",
        "Authorization: Bearer $access_token",
        "PayPal-Request-Id: 7b92603e-77ed-4896-8e78-5dea2050476a"
    );
    $post_fields = '{
  "intent": "CAPTURE",
  "purchase_units":
  [
    {
      "reference_id": "d9f80740-38f0-11e8-b467-0ed5f89f718b",
      "amount":
      {
        "currency_code": "EUR",
        "value": "10.00"
      }
    }
  ],
  "payment_source":
  {
    "paypal":
    {
      "experience_context":
      {
        "payment_method_preference": "IMMEDIATE_PAYMENT_REQUIRED",
        "payment_method_selected": "PAYPAL",
        "brand_name": "EXAMPLE INC",
        "locale": "en-US",
        "landing_page": "LOGIN",
        "shipping_preference": "SET_PROVIDED_ADDRESS",
        "user_action": "PAY_NOW",
        "return_url": "https://example.com/returnUrl",
        "cancel_url": "https://example.com/cancelUrl"
      }
    }
  }
}';
    echo "create_order: access_token: $access_token\n";
    echo "create_order: http_header: ";
    print_r($http_header);
    echo "create_order: post_fields: $post_fields\n";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "https://api-m.sandbox.paypal.com/v2/checkout/orders");
    curl_setopt($ch, CURLOPT_HEADER, false);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $http_header);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
    $result = curl_exec($ch);
    echo "create_order: result: ";
    print_r($result);
    echo "\n";
    curl_close($ch);
}
$access_token = authenticate();
echo "access_token: ".$access_token."\n";
create_order($access_token);
?>

Result:

$ php -f paypal.php 
access_token: aaa
create_order: access_token: aaa
create_order: http_header: Array
(
    [0] => Content-Type: application/x-www-form-urlencoded
    [1] => Authorization: Bearer aaa
    [2] => PayPal-Request-Id: 7b92603e-77ed-4896-8e78-5dea2050476a
)
create_order: post_fields: {
  "intent": "CAPTURE",
  "purchase_units":
  [
    {
      "reference_id": "d9f80740-38f0-11e8-b467-0ed5f89f718b",
      "amount":
      {
        "currency_code": "EUR",
        "value": "10.00"
      }
    }
  ],
  "payment_source":
  {
    "paypal":
    {
      "experience_context":
      {
        "payment_method_preference": "IMMEDIATE_PAYMENT_REQUIRED",
        "payment_method_selected": "PAYPAL",
        "brand_name": "EXAMPLE INC",
        "locale": "en-US",
        "landing_page": "LOGIN",
        "shipping_preference": "SET_PROVIDED_ADDRESS",
        "user_action": "PAY_NOW",
        "return_url": "https://example.com/returnUrl",
        "cancel_url": "https://example.com/cancelUrl"
      }
    }
  }
}
create_order: result: 403 Forbidden

So, as you can see I get "403 Forbidden" instead of the expected result.

Can you explain why please?

Thank you.

Best regards.

CodePudding user response：

The problem was in the PHP script.

I used the wrong Content-Type.

Here is the patch:

diff -ruN 20221113/paypal.php current/paypal.php
--- 20221113/paypal.php 2022-11-13 12:32:58.127153085  0100
    current/paypal.php  2022-11-13 13:07:06.875074932  0100
@@ -26,7  26,7 @@
    $ch = false;
    $http_header = array
    (
-       "Content-Type: application/x-www-form-urlencoded",
        "Content-Type: application/json",
        "Authorization: Bearer $access_token",
        "PayPal-Request-Id: 7b92603e-77ed-4896-8e78-5dea2050476a"
    );

Result:

$ php -f paypal.php 
access_token: aaa
create_order: access_token: aaa
create_order: http_header: Array
(
    [0] => Content-Type: application/json
    [1] => Authorization: Bearer aaa
    [2] => PayPal-Request-Id: 7b92603e-77ed-4896-8e78-5dea2050476a
)
create_order: post_fields: {
  "intent": "CAPTURE",
  "purchase_units":
  [
    {
      "reference_id": "d9f80740-38f0-11e8-b467-0ed5f89f718b",
      "amount":
      {
        "currency_code": "EUR",
        "value": "10.00"
      }
    }
  ],
  "payment_source":
  {
    "paypal":
    {
      "experience_context":
      {
        "payment_method_preference": "IMMEDIATE_PAYMENT_REQUIRED",
        "payment_method_selected": "PAYPAL",
        "brand_name": "EXAMPLE INC",
        "locale": "en-US",
        "landing_page": "LOGIN",
        "shipping_preference": "SET_PROVIDED_ADDRESS",
        "user_action": "PAY_NOW",
        "return_url": "https://example.com/returnUrl",
        "cancel_url": "https://example.com/cancelUrl"
      }
    }
  }
}
create_order: result: {"id":"aaa","status":"PAYER_ACTION_REQUIRED","payment_source":{"paypal":{}},"links":[{"href":"https://api.sandbox.paypal.com/v2/checkout/orders/aaa","rel":"self","method":"GET"},{"href":"https://www.sandbox.paypal.com/checkoutnow?token=aaa","rel":"payer-action","method":"GET"}]}