Paypal: Client Authentication Failed

Question

Trying to take my paypal REST api site live. It works well in sandbox mode, with verified transfers.

When I switch my sandbox for live client ID and secret, I get the error

{"error":"invalid_client","error_description":"Client Authentication failed"}   

I checked and made sure that my code should go live

$apiContext = new \PayPal\Rest\ApiContext(
 new \PayPal\Auth\OAuthTokenCredential(
  PP_CLIENT_ID ,     // ClientID
  PP_CLIENT_SECRET      // ClientSecret
 )
);

// setting mode to live
// https://github.com/paypal/PayPal-PHP-SDK/wiki/Going-Live

$apiContext->setConfig([
 'mode' => 'live',
]);

running this via wp_ajax

Any help would be appreciated! Thanks!

2/5/2019: Seems other people got this problem: https://github.com/paypal/PayPal-PHP-SDK/issues/435

Also the same question on StackOverflow that I missed ... that also had no answer. PayPal App works perfectly as Sandbox, Client Authentication failed on Live: list of steps to check?

Answer 1

Try to change return new SandboxEnvironment($clientId, $clientSecret); to

return new ProductionEnvironment($clientId, $clientSecret); in your PayPalClient.php class

Answer 2

https://developer.paypal.com/docs/api/overview/#api-requests

when using live credentials the url should be https://api.paypal.com instead https://api.sandbox.paypal.com

reference https://github.com/paypal/PayPal-PHP-SDK/issues/435#issuecomment-462133355

Answer 3

I was having a similar issue trying to generate the REST API token, following PayPal REST API docs for sandbox API works. Live should be the same. Make sure you're grabbing the REST API credentials and not grabbing the "NVP/SOAP API apps" secret.

Go here: https://developer.paypal.com/developer/applications/

At the top select Sandbox or Live

Click Create App under REST API apps, NOT NVP/SOAP API apps.

This will give you a Client ID and Secret, both look like a string of upper and lower case alphanumeric, some 40-50 chars in length.

With these credentials, run this curl command to get your access token so you can make calls to the REST API, substitute your client id and secret:

curl -v POST https://api.sandbox.paypal.com/v1/oauth2/token \
  -H "Accept: application/json" \
  -H "Accept-Language: en_US" \
  -u "CLIENT_ID:SECRET" \
  -d "grant_type=client_credentials"

This should return your token:

Sample response
{
    "scope": "https://uri.paypal.com/services/invoicing https://uri.paypal.com/services/disputes/read-buyer https://uri.paypal.com/services/payments/realtimepayment https://uri.paypal.com/services/disputes/update-seller https://uri.paypal.com/services/payments/payment/authcapture openid https://uri.paypal.com/services/disputes/read-seller https://uri.paypal.com/services/payments/refund https://api.paypal.com/v1/vault/credit-card https://api.paypal.com/v1/payments/.* https://uri.paypal.com/payments/payouts https://api.paypal.com/v1/vault/credit-card/.* https://uri.paypal.com/services/subscriptions https://uri.paypal.com/services/applications/webhooks",
    "access_token": "A21AAFEpH4PsADK7qSS7pSRsgzfENtu-Q1ysgEDVDESseMHBYXVJYE8ovjj68elIDy8nF26AwPhfXTIeWAZHSLIsQkSYz9ifg",
    "token_type": "Bearer",
    "app_id": "APP-80W284485P519543T",
    "expires_in": 31668,
    "nonce": "2020-04-03T15:35:36ZaYZlGvEkV4yVSz8g6bAKFoGSEzuy3CQcz3ljhibkOHg"
}

You don't typically integrate these things into your application, rather these are things you do once and then you embed the REST API token into your application.

I know this is kind of repeating the obvious but I hope this helps.

See further instructions here: https://developer.paypal.com/docs/platforms/get-started/#step-1-get-api-credentials

Answer 4

So I've been struggling for an hour with this. Switching from Sandbox to Live gets this error. Client id and secret are correct. I am using the LiveEnvironment from the sdk.

Solution: Delete the production app and create it again. Suddenly, everything works.

Answer 5

I know this is an old post, but in case someone else comes across this issue: Developer accounts don't have the ability to actually process cards, so attempting to hit the production endpoint (https://api-m.paypal.com/v1/) will return:

{"error":"invalid_client","error_description":"Client Authentication failed"}

Answer 6

This is caused by Paypal. You aren't allowed to go Live until you submit your Business for approval. Until then, you'll get a 401 Unauthorized with response content:

{
    "error":"invalid_client",
    "error_description":"Client Authentication failed"
}

The approval process is obscure and it seems like they would prefer you just don't. The link is buried in the API pages and, the errors you might get calling auth are pretty exhaustive but never mention this very obvious, common error nor tell you how to resolve it, and, after you find the link and submit for approval, you get this message:

Thank you for your inquiry. PayPal Partner Sales and technical team will be evaluating your request and will reach out when your request meets minimum business requirements. Note: If you are a merchant or small business proprietor interested in PayPal solutions, you’ve reached this page in error. Instead visit PayPal for Business to learn more about the latest features and benefits of a PayPal Business Account.

"When your request meets minimum business requirements." I mean until we get approval there's no business on the site so... that sounds like heat death of the universe to me.

Link to submit for approval to have a full Business account with permission to go live:

https://www.paypal.com/us/webapps/mpp/partner-program/contact-us