Skip to main content

PayPal OAuth2 Keys

Description#

General#

  • Documentation: https://developer.paypal.com/home/
  • Summary: Paypal is a worldwide payment system that supports online money transfers. It operates as a payment processor for many online vendors or auction platforms among others. Applications can integrate with PayPal via OAuth2. The credentials are then used to get an access token for further REST API calls with authentication.
  • IPs allowlist: Here is an interesting discussion about IP allowlisting with PayPal services.
  • Scopes: Credentials scopes vary depending on the type of account associated to the credentials.

Revoke the secret#

Application credentials can be revoked and rotated from the user dashboard, on the My Apps & Credentials page, using the Generate new secret button.

Check for suspicious activity#

PayPal supports webhooks that can give hints on suspicious use of credentials: see here on the dashboard.

Details for Paypal oauth2#

  • Family: Api

  • Category: Payment system

  • Company: PayPal

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 8.04

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true- type: ContentWhitelistPreValidator  patterns:  - paypal- type: ContentWhitelistPreValidator  patterns:  - id- type: ContentWhitelistPreValidator  patterns:  - secret- type: ContentWhitelistPreValidator  patterns:  - a[a-z0-9_-]{59}

Examples#

- text: PAYPAL_ID=AdGE8hDyixVoHmbhASqAThfbBcrbcgiJPBwlAM7u7Kfq3YU-iPGc6BXETtpt\nPAYPAL_SECRET=EPN0WxB5PaRaumTB1ZpCuTuqLqIlF6_EWUcAbZV99Eu86YeNBVm9KVsw_Ez5  client_id: AdGE8hDyixVoHmbhASqAThfbBcrbcgiJPBwlAM7u7Kfq3YU-iPGc6BXETtpt  client_secret: EPN0WxB5PaRaumTB1ZpCuTuqLqIlF6_EWUcAbZV99Eu86YeNBVm9KVsw_Ez5

Details for Paypal oauth2 base64#

  • Family: Api

  • Category: Payment system

  • Company: PayPal

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: very rare

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true- type: ContentWhitelistPreValidator  patterns:  - paypal- type: ContentWhitelistPreValidator  patterns:  - '[a-z0-9]{215}='  - '[a-z0-9]{162}[a-z0-9=]='

Examples#

- text: >    cy.request({      method: 'POST',      url: 'https://api.paypal.com/v1/oauth2/token',      form: true,      headers: {        authorization: "Basic QVdMNkxmT3poRWZISGJWYjhES0lnUWYtWkNQSG80UzJXdnRMT09HT1lZX2g4MVpXYWEzRlBZR3c1LWtDX19acHYyU0ZEMW43dmFqV3dzOW86RUVQblp0MlI5NEhnWFM0SGROYmpmdmQ1Q0ZLczJ5cEMxQzQ1Zl9wRHpDUGwySDgyVmhYWk5TdndsQjR1YjBBeXF4MDhpcUpaQ3RXUTJIR0Y="      },      body: {        grant_type: "client_credentials"      },    })  client_id: QVdMNkxmT3poRWZISGJWYjhES0lnUWYtWkNQSG80UzJXdnRMT09HT1lZX2g4MVpXYWEzRlBZR3c1LWtDX19acHYyU0ZEMW43dmFqV3dzOW8  client_secret: RUVQblp0MlI5NEhnWFM0SGROYmpmdmQ1Q0ZLczJ5cEMxQzQ1Zl9wRHpDUGwySDgyVmhYWk5TdndsQjR1YjBBeXF4MDhpcUpaQ3RXUTJIR0Y