Skip to main content

PayPal OAuth2 Keys



  • Documentation:
  • Summary: Paypal is a worldwide payment system that supports online money transfers. It operates as a payment processor for many online vendors or auction platforms among others. Applications can integrate with PayPal via OAuth2. The credentials are then used to get an access token for further REST API calls with authentication.
  • IPs allowlist: Here is an interesting discussion about IP allowlisting with PayPal services.
  • Scopes: Credentials scopes vary depending on the type of account associated to the credentials.

Revoke the secret#

Application credentials can be revoked and rotated from the user dashboard, on the My Apps & Credentials page, using the Generate new secret button.

Check for suspicious activity#

PayPal supports webhooks that can give hints on suspicious use of credentials: see here on the dashboard.

Details for Paypal oauth2#

  • Category: Payment system

  • Company: PayPal

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 8.04

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - paypal


- text: PAYPAL_ID=AdGE8hDyixVoHmbhASqAThfbBcrbcgiJPBwlAM7u7Kfq3YU-iPGc6BXETtpt\nPAYPAL_SECRET=EPN0WxB5PaRaumTB1ZpCuTuqLqIlF6_EWUcAbZV99Eu86YeNBVm9KVsw_Ez5  client_id: AdGE8hDyixVoHmbhASqAThfbBcrbcgiJPBwlAM7u7Kfq3YU-iPGc6BXETtpt  client_secret: EPN0WxB5PaRaumTB1ZpCuTuqLqIlF6_EWUcAbZV99Eu86YeNBVm9KVsw_Ez5