I'm using the PayPal API to Request Permissions from a merchant to access certain parts of their accout. One of these is the TransactionSearch method.
Normally using TransactionSearch is possible only when providing a USER, PWD, and SIGNATURE. However, I don't have access to that information from a merchant when using PayPal's Permissions service. The only information I have consists of:
Using this information, I put together the following X-PAYPAL-AUTHORIZATION header:
X-PAYPAL-AUTHORIZATION:timestamp=1337848711, token=DmyRT4TygwxPvfNExkH29I53S1il6yTmsJFwXRT7jLjaYyezOfUmnQ, signature=sphzCP0H47JTDJS8uuMsqWHAIAo=
So in the case of TransactionSearch, how can I use the information above to get the transactions I'm looking for? I can, of course, use my own USER, PWD, and SIGNATURE, but that only gives me my own transactions, even if I user the X-PAYPAL_AUTHORIZATION header. I need those of the merchant who I just got permissions from.
If you are acting on behalf of a third party, you need to include a SUBJECT field in your data request and pass the email of the third party merchant. If you have authenticated with this merchant, you should get their information. In Python (sorry - don't have a PHP example) these are the fields I'm passing in as part of my data (not my header). My header is empty.
return [('VERSION', self.api_version), # This is 84 for me.
('user', self.api_username), # This is *your* username.
('PWD', self.api_password), # This is *your* password
('SIGNATURE', self.api_signature), # This is *your* signature.
('SUBJECT', self.subject)] # This is the third party's email.
Note that this doesn't use the key at all, which is sort of out of the ordinary.