Issue
I'm writing a service (in .NET Core 3.1 and Refit if it matters) that pulls transaction activities from my PayPal business account for a given date range to use on an admin dashboard. Currently I'm following the tutorial here:
https://developer.paypal.com/docs/api/get-an-access-token-postman/
and here:
https://developer.paypal.com/docs/api/transaction-search/v1/
The first part, I can get an authorization key just fine (using curl or postman, curl below
curl --location --request POST 'https://api.paypal.com/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic <my client id>:<my secret>' \
--header 'Content-Type: application/x-www-form-urlencoded' \
// not sure what this is, postman specific maybe?
--header 'Cookie: tsrce=devdiscoverynodeweb; ts=vr%3D0cee9361171ac120001362adffec14c3%26vreXpYrS%3D1679730671%26vteXpYrS%3D1585061694%26vt%3D0cee9390171ac120001362adffec14c2' \
--data-urlencode 'grant_type=client_credentials'
This gives me an auth token both in postman and my custom service just fine. Next, when I try to pull the transactions (both in Postman and in code), I get an error
cUrl:
curl --location --request GET 'https://api.paypal.com/v1/reporting/transactions?start_date=2020-03-01T00:00:00Z&end_date=2020-03-31T23:59:59Z' \
--header 'Authorization: Bearer <my token>' \
// Postman???
--header 'Cookie: tsrce=devdiscoverynodeweb; ts=vr%3D0cee9361171ac120001362adffec14c3%26vreXpYrS%3D1679730671%26vteXpYrS%3D1585061694%26vt%3D0cee9390171ac120001362adffec14c2'
Error:
{
"localizedMessage": "No permission for the requested operation. ",
"suppressed": [],
"name": "PERMISSION_DENIED",
"message": "No permission for the requested operation. ",
"details": [
{
"field": null,
"value": null,
"location": null,
"issue": "No permission for the requested operation. "
}
],
"information_link": "https://developer.paypal.com/docs/classic/products/permissions/",
"debug_id": "7e315038e8073"
}
The info link in the error starts talking about 3rd party permissions, which I'm not sure is applicable because it is my Business account. Anyone have any ideas? I checked transaction history on my app in PayPal, so I'm at a lost.
Thanks in advance
Solution
You need the scope https://uri.paypal.com/services/reporting/search/read .. if it's not there in the oauth2 response, double check your REST App's permissions.
Refreshing an access token
Existing access tokens are cached for 9 hours--so if you already requested an API token and then just added this permission to your app, it can take up to 9 hours for that permission's new scope to be reflected in the next token's generation.
To avoid waiting 9 hours, you can terminate that existing cached token with:
curl -X POST https://api.sandbox.paypal.com/v1/oauth2/token/terminate \
-u "yourclientid:yoursecret" \
-d "token=REPLACE_WITH_YOUR_TOKEN"
After termination, your next call to get a token will get a newly-generated one, including the new scope that was just added to the REST app.
Answered By - Preston PHX Answer Checked By - Pedro (WPSolving Volunteer)