What are API Signature and Certificate credentials and how do I request them?
API credentials identify you as a PayPal Business account holder authorised to perform API operations. There are 2 authentication methods to choose from:
- API Signature: We use a username, password, and a unique string of numbers and letters to identify your account. API Signature credentials don’t expire and are easier to implement and more commonly used.
- API Certificate: We use a username, password, and a downloadable certificate to identify your account. API Certificate credentials are valid for 3 years, and you’ll need to renew them before they expire. We recommend this method for optimal security.
With an Application Programming Interface (API), you can integrate PayPal's payment solutions. You can integrate our API with your online shop or shopping cart. Find out from your shopping cart provider or web developer, which type of API credentials you'll need.
To get started, confirm your account and request API credentials.
Here's how to request API credentials:
- Go to Account Setting.
- Click Update next to API Access.
- Under "NVP/SOAP API integration", click Manage API credentials.
- Select “Request API signature” or “Request API certificate”, depending on your shopping cart requirements.
- Click Agree and Submit.
- We’ll generate your API credentials.
At this time, our API isn’t available for Personal accounts. To obtain API credentials to integrate PayPal's payment solution, you’ll need to upgrade to a Business account.
Here's how to upgrade to a Business account.
- Click the Settings icon next to "Log out."
- Under "Account options," click Upgrade to a business account.
- Enter your business information and click Continue.
- Enter all of the information on the "Tell us about your business" page, then click Continue.
- Select the way you would like to get paid, then click Continue or I'll do this later.
- If you’ve already generated an API Signature, then View API Signature appears. Click that option to view or remove your existing API Signature.
- If you’ve already generated an API Certificate, then View API Certificate appears. Click that option to view or remove your existing API Certificate.
- API Signature credentials include an API Username, API Password, and Signature, which doesn’t expire. These values are hidden by default for added security. Click Show/Hide to toggle them on and off. When finished, click Done.
- API Certificate credentials include an API Username, API Password, and Certificate, which expires automatically after 3 years. Click Download Certificate to save the API Certificate to your desktop.
- If you already have an API signature and need an API certificate, remove the API signature before requesting the API certificate and vice versa.
- If you have 2 active certificates, you’ll need to remove one before you can renew the other one.