Login/Register
Paypal: Client Authentication Failed
Asked Answered
phppaypalpaypal-rest-sdk
S

8

9

Trying to take my paypal REST api site live. It works well in sandbox mode, with verified transfers.

When I switch my sandbox for live client ID and secret, I get the error

{"error":"invalid_client","error_description":"Client Authentication failed"}

I checked and made sure that my code should go live

$apiContext = new \PayPal\Rest\ApiContext(
 new \PayPal\Auth\OAuthTokenCredential(
  PP_CLIENT_ID ,     // ClientID
  PP_CLIENT_SECRET      // ClientSecret
 )
);

// setting mode to live
// https://github.com/paypal/PayPal-PHP-SDK/wiki/Going-Live

$apiContext->setConfig([
 'mode' => 'live',
]);

running this via wp_ajax

Any help would be appreciated! Thanks!

2/5/2019: Seems other people got this problem: https://github.com/paypal/PayPal-PHP-SDK/issues/435

Also the same question on StackOverflow that I missed ... that also had no answer. PayPal App works perfectly as Sandbox, Client Authentication failed on Live: list of steps to check?

Selfjustifying answered 4/2, 2019 at 7:19 Comment(5)
Double and triple check the client id and secret since it seems to be what the API complains about.Picklock
Thanks @MagnusEriksson, I copied and pasted that over and over again from the live site, just to make sure I didn't miss any characters from the string.Selfjustifying
not familiar with the paypal API but maybe the endpoint URL its different on both cases ? from the code it don't look like but does this API need an endpoint URL to be setup ?Cynicism
Thanks for the reply @Cynicism that's definitely a good point. However I am using their Paypal SDK, so I assume the endpoints should be properly set up.Selfjustifying
Use this (api.paypal.com ) URL for live & this (api.sandbox.paypal.com) URL production envSarson
S
19

https://developer.paypal.com/docs/api/overview/#api-requests

when using live credentials the url should be https://api.paypal.com instead https://api.sandbox.paypal.com

reference https://github.com/paypal/PayPal-PHP-SDK/issues/435#issuecomment-462133355

Suzette answered 10/2, 2019 at 13:37 Comment(1)
The URL for generating an access token: https://api.paypal.com/v1/oauth2/token. And besides, the URL for checking subscriptions: https://api-m.paypal.com/v1/billing/subscriptions/{$subscriptionid}Presbyopia
C
12

Try to change return new SandboxEnvironment($clientId, $clientSecret); to

return new ProductionEnvironment($clientId, $clientSecret); in your PayPalClient.php class

Coast answered 12/11, 2019 at 21:8 Comment(7)
You should also explain why your solution helps with the existing problemKulda
Thanks a lot. That was the issue, (Even though in using Node)Bobker
The reason is the SandboxEnvironment class is for test payments to your sandbox account while the ProductionEnvironment class is for live payments to your paypal account. You could use a ternary operator to easily switch between test and live mode. return PAYPAL_MODE == 'test' ? return new SandboxEnvironment($clientId, $clientSecret) : new ProductionEnvironment($clientId, $clientSecret); I hope this answers your question.Ahlers
There is no ProductionEnvironment class in Paypal SDK. I guess its changed to PayPalEnvironmentWildermuth
There is no ProductionEnvironment class in PayPalCheckoutSdk.Core. Am I missing something.Wildermuth
Thanks. Was the same issue here. Works. Sometimes you just don't see the most obvious things, even when they are in plain sight.Encephaloma
@Wildermuth Guess it depends on the API SDK you are using. I'm using github.com/paypal/Checkout-PHP-SDK and ProductionEnvironment exists there.Encephaloma
H
2

I was having a similar issue trying to generate the REST API token, following PayPal REST API docs for sandbox API works. Live should be the same. Make sure you're grabbing the REST API credentials and not grabbing the "NVP/SOAP API apps" secret.

Go here: https://developer.paypal.com/developer/applications/

At the top select Sandbox or Live

Click Create App under REST API apps, NOT NVP/SOAP API apps.

This will give you a Client ID and Secret, both look like a string of upper and lower case alphanumeric, some 40-50 chars in length.

With these credentials, run this curl command to get your access token so you can make calls to the REST API, substitute your client id and secret:

curl -v POST https://api.sandbox.paypal.com/v1/oauth2/token \
  -H "Accept: application/json" \
  -H "Accept-Language: en_US" \
  -u "CLIENT_ID:SECRET" \
  -d "grant_type=client_credentials"

This should return your token:

Sample response
{
    "scope": "https://uri.paypal.com/services/invoicing https://uri.paypal.com/services/disputes/read-buyer https://uri.paypal.com/services/payments/realtimepayment https://uri.paypal.com/services/disputes/update-seller https://uri.paypal.com/services/payments/payment/authcapture openid https://uri.paypal.com/services/disputes/read-seller https://uri.paypal.com/services/payments/refund https://api.paypal.com/v1/vault/credit-card https://api.paypal.com/v1/payments/.* https://uri.paypal.com/payments/payouts https://api.paypal.com/v1/vault/credit-card/.* https://uri.paypal.com/services/subscriptions https://uri.paypal.com/services/applications/webhooks",
    "access_token": "A21AAFEpH4PsADK7qSS7pSRsgzfENtu-Q1ysgEDVDESseMHBYXVJYE8ovjj68elIDy8nF26AwPhfXTIeWAZHSLIsQkSYz9ifg",
    "token_type": "Bearer",
    "app_id": "APP-80W284485P519543T",
    "expires_in": 31668,
    "nonce": "2020-04-03T15:35:36ZaYZlGvEkV4yVSz8g6bAKFoGSEzuy3CQcz3ljhibkOHg"
}

You don't typically integrate these things into your application, rather these are things you do once and then you embed the REST API token into your application.

I know this is kind of repeating the obvious but I hope this helps.

See further instructions here: https://developer.paypal.com/docs/platforms/get-started/#step-1-get-api-credentials

Headspring answered 17/4, 2020 at 21:6 Comment(0)
C
2

This can be caused by Paypal. You aren't allowed to go Live until you submit your Business for approval. Until then, you'll get a 401 Unauthorized with response content:

{
    "error":"invalid_client",
    "error_description":"Client Authentication failed"
}

The approval process is obscure and it seems like they would prefer you just don't. The link is buried in the API pages and, the errors you might get calling auth are pretty exhaustive but never mention this very obvious, common error nor tell you how to resolve it, and, after you find the link and submit for approval, you get this message:

Thank you for your inquiry. PayPal Partner Sales and technical team will be evaluating your request and will reach out when your request meets minimum business requirements. Note: If you are a merchant or small business proprietor interested in PayPal solutions, you’ve reached this page in error. Instead visit PayPal for Business to learn more about the latest features and benefits of a PayPal Business Account.

"When your request meets minimum business requirements." I mean until we get approval there's no business on the site so... that sounds like heat death of the universe to me.

Link to submit for approval to have a full Business account with permission to go live:

https://www.paypal.com/us/webapps/mpp/partner-program/contact-us

Update

Paypal upgraded us to Business without reaching out. We noticed the upgrade when our payments started losing money to fees, with no way to pay fee-free "friends and family" anymore. The upgrade resolved this issue.

Celestinacelestine answered 9/5, 2022 at 20:8 Comment(2)
I don't think this is true for all cases. I had the same error when trying to go live from sandbox. The issue was that I simply forgot to change the code from new SandboxEnvironment(...) to new ProductionEnvironment(...) as the answer from Eugene (https://mcmap.net/q/1118663/-paypal-client-authentication-failed) shows. Worked straight away after I corrected the error.Encephaloma
Thank you @MarioWerner I modified opening sentence to "can be caused" to make clear it's one reason (the reason we dealt with)Celestinacelestine
S
1

So I've been struggling for an hour with this. Switching from Sandbox to Live gets this error. Client id and secret are correct. I am using the LiveEnvironment from the sdk.

Solution: Delete the production app and create it again. Suddenly, everything works.

Semaphore answered 8/11, 2021 at 22:39 Comment(1)
Same here. The default app didn't work, added a new one and it worked straight away.Reata
D
0

I know this is an old post, but in case someone else comes across this issue: Developer accounts don't have the ability to actually process cards, so attempting to hit the production endpoint (https://api-m.paypal.com/v1/) will return:

{"error":"invalid_client","error_description":"Client Authentication failed"}
Deductible answered 9/6, 2021 at 16:13 Comment(1)
Nothing found in this answerPreference
A
0

when changing sandbox to live environment in paypal two things will help you

  1. Generate new app in paypal for client-id and secret-key cause default app might not work in some cases

  2. change the Environment variable in your code from paypal.core.SandboxEnviornment to payapl.core.LiveEnviornment

and update .env file with new generated Client-id and Secret-key

`const paypal = require('@paypal/checkout-server-sdk')
const Environment = paypal.core.LiveEnvironment
const paypalClient = new paypal.core.PayPalHttpClient(new Environment
(
    process.env.PAYPAL_CLIENT_ID,
    process.env.PAYPAL_CLIENT_SECRET,

))`
Allocation answered 29/10, 2023 at 11:51 Comment(0)
O
-1

I got this error today, in Oct 2023 ...

Problem in my case is that you do NOT need to base64 encode the user:password

docs says: Note: Encode CLIENT_ID:CLIENT_SECRET in Base64 before sending it in the API call.

I found this to be FALSE, it only worked when I directly entered client-id:secret WITHOUT base 64 encode.

Also, make sure your api url is correct:

  • api-m.paypal.com (for live requests)
  • api-m.sandbox.paypal.com (for sandbox requests)
Oarsman answered 15/10, 2023 at 0:42 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.