How to get access token from PayPal in MVC

Question

I am trying to get an access token from PayPal.

I have set it up as an application within PayPal, and I can see my client ID and secret

I am assuming I don't want to expose my secret in the javascript front end, so I am attempting to get the access code from the C#, pass the token to the front end so I can make AJAX posts/gets.

However, it always returns with unauthorized

This is my effort

var url = "https://api.paypal.com/v1/oauth2/token";

var clientId = "myClientId";
var pwrd = "mySecret";

var client = new WebClient();
client.Credentials = new NetworkCredential(clientId, pwrd);
client.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
client.Headers.Add("Accept: application/json");
var result = "";
using (var httpClient = new HttpClient())
{
    var response = await httpClient.PostAsync(url, null);
    result = response.StatusCode.ToString();
}

return View(model: result);

I do not understand why, when I run this from my live application, it fails

Edit

I replaced

using (var httpClient = new HttpClient())
{
    var response = await httpClient.PostAsync(url, null);
    result = response.StatusCode.ToString();
}

with

var clientId = "myClientId";
var seceret = "mySecret";

var client = new HttpClient();

client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
    "Basic", Convert.ToBase64String(
        System.Text.ASCIIEncoding.ASCII.GetBytes(
           $"{clientId}:{seceret}")));

 var dict = new Dictionary<string, string>();
 dict.Add("Content-Type", "application/x-www-form-urlencoded");

 var req = new HttpRequestMessage(HttpMethod.Post, url) { Content = new FormUrlEncodedContent(dict) };
 var response = await client.SendAsync(req);

The same issue persists. I get a 401

object httpClient knows nothing about your credentials/headers. Use client instead. — Bartosz Olchowik, Jan 03 '22 at 08:08
Does this answer your question? [Setting Authorization Header of HttpClient](https://stackoverflow.com/questions/14627399/setting-authorization-header-of-httpclient) — Markus Safar, Jan 03 '22 at 08:30
No, sadly - I've gone that path and the same issues persists @MarkusSafar. Thank you for helping though :) — MyDaftQuestions, Jan 03 '22 at 09:25

score 2 · Accepted Answer · answered Jan 03 '22 at 08:10

2

And it will never authorize, because HttpClient variable knows nothing about your credentials. You initialized it in WebClient, but you are not using it.

answered Jan 03 '22 at 08:10

Bartosz Olchowik

1,129
8
22

I don't believe WebClient has `post` - does that mean I'd have to use `UploadString` as the docs show it posts, instead of `DownloadString`? – MyDaftQuestions Jan 03 '22 at 08:14
@MyDaftQuestions: it has already an answer here: https://stackoverflow.com/questions/14627399/setting-authorization-header-of-httpclient You can use only httpClient for your purposes, or you could also use `UploadString` with webClient. But pick one, not both. In your code client knows nothing about httpClient, and vice versa. – Bartosz Olchowik Jan 03 '22 at 08:15
Are you suggesting I should use HttpClient instead of WebClient to get an access token? – MyDaftQuestions Jan 03 '22 at 08:46
@MyDaftQuestions: yep, just use credentials in httpClient this time. – Bartosz Olchowik Jan 03 '22 at 08:50
I updated my post - even with the changes you've suggested, the same issue persists :( – MyDaftQuestions Jan 03 '22 at 09:22
try the same code with sample credentials on: `https://developer.paypal.com/docs/business/test-and-go-live/sandbox/` – Bartosz Olchowik Jan 03 '22 at 09:29
That returns a Bad Request - slow progress here – MyDaftQuestions Jan 03 '22 at 10:14
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/240668/discussion-between-bartosz-olchowik-and-mydaftquestions). – Bartosz Olchowik Jan 03 '22 at 10:35

score 1 · Answer 2 · answered Jan 03 '22 at 08:14

1

To elaborate on the comment and other answer, here you create a variable named client

var client = new WebClient();
client.Credentials = new NetworkCredential(clientId, pwrd);
client.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
client.Headers.Add("Accept: application/json");

And in the next code that follows, you do nothing using that client variable. The above is completely ignored and irrelevant to this:

using (var httpClient = new HttpClient())
{
    var response = await httpClient.PostAsync(url, null);
    result = response.StatusCode.ToString();
}

return View(model: result);

So, make use of the client object you created -- likely with UploadValues or similar.

answered Jan 03 '22 at 08:14

Preston PHX

27,642
4
24
44

Thank you for help, I fully understand what I did wrong. But even using `client` still has the same issue of it being unauthorised. – MyDaftQuestions Jan 03 '22 at 08:39
Nothing anyone can advise without seeing the full response and credentials you're using. You should test in sandbox mode first, not with live against api.paypal.com – Preston PHX Jan 03 '22 at 08:47
I updated my post - even with the changes you've suggested, the same issue persists :( – MyDaftQuestions Jan 03 '22 at 09:22
(1) Test with sandbox credentials against api.sandbox.paypal.com , (2) if the problem persists, update your post with both the actual credentials being used, and the actual full text of the HTTP response received, including its debug id – Preston PHX Jan 03 '22 at 09:27

How to get access token from PayPal in MVC

2 Answers2