Beruflich Dokumente
Kultur Dokumente
Integration in Practice
(server + client side integrations)
What We Want
The Ultimate Decision
Security Usability
Path to the Standard
The Insecure, Unmanageable Start
Very Secure, Long to Implement
Two Currently Widely Used Specs
REST Architecture
What a RESTful API isn’t
HTTP POST
Access Token Endpoint
Fetching the Access Token
curl https://api.sandbox.paypal.com/v1/oauth2/token \
-H "Accept: application/json" \
-H "Accept-Language: en_US" \
-u "EOJ2S-Z6OoN_le_KS1d75wsZ6y0SFd…" \
-d "grant_type=client_credentials"
Access Token Response
{
"scope": "https://api.paypal.com/v1/payments/.*
https://api.paypal.com/v1/vault/credit-card",
"access_token": "EEwJ6tF9x5WCIZDYzyZGaz6K…",
"token_type": "Bearer",
"app_id": "APP-6XR95014SS315863X",
"expires_in": 28800
}
Using the Access Token
curl -v
https://api.sandbox.paypal.com/v1/payments/payment \
-H "Content-Type:application/json" \
-H "Authorization:Bearer EMxItHE7Zl4cMdkv…" \
-d "{...}"
A few implementation differences
Endpoints
Server-side proxy
Browser Redirect
Redirect URI
User Agent Flow: Redirect
$("#auth_btn").attr("href", auth_uri);
User Agent Flow: Hash Mod
http://site.com/callback#access_token=rBEGu1FQr5
4AzqE3Q&refresh_token=rEBt51FZr54HayqE3V4a&
expires_in=3600
HTTPS Request
User Agent Flow: Get Resources
Access token as a
control structure
Improve Existing
Products
Our showcase:
Seamless Checkout
The Last Considerations