Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
- Maintainers
- 1
Getting Started with PayPal Server SDK
Introduction
Important Notes
- Available Features: This SDK currently contains only 3 of PayPal's API endpoints. Additional endpoints and functionality will be added in the future.
- API Changes: Expect potential changes in APIs and features as we finalize the product.
Information
The PayPal Server SDK provides integration access to the PayPal REST APIs. The API endpoints are divided into distinct controllers:
- Orders Controller: Orders API v2
- Payments Controller: Payments API v2
- Vault Controller: Payment Method Tokens API v3 Available in the US only.
Find out more here: https://developer.paypal.com/docs/api/orders/v2/
Install the Package
The package is compatible with Python versions 3.7+.
Install the package from PyPi using the following pip command:
pip install paypal-server-sdk==1.0.0
You can also view the package at: https://pypi.python.org/pypi/paypal-server-sdk/1.0.0
Initialize the API Client
Note: Documentation for the client can be found here.
The following parameters are configurable for the API Client:
| Parameter | Type | Description |
|---|---|---|
environment | Environment | The API environment. Default: Environment.SANDBOX |
http_client_instance | HttpClient | The Http Client passed from the sdk user for making requests |
override_http_client_configuration | bool | The value which determines to override properties of the passed Http Client from the sdk user |
http_call_back | HttpCallBack | The callback value that is invoked before and after an HTTP call is made to an endpoint |
timeout | float | The value to use for connection timeout. Default: 60 |
max_retries | int | The number of times to retry an endpoint call if it fails. Default: 0 |
backoff_factor | float | A backoff factor to apply between attempts after the second try. Default: 2 |
retry_statuses | Array of int | The http statuses on which retry is to be done. Default: [408, 413, 429, 500, 502, 503, 504, 521, 522, 524] |
retry_methods | Array of string | The http methods on which retry is to be done. Default: ['GET', 'PUT'] |
logging_configuration | LoggingConfiguration | The SDK logging configuration for API calls |
client_credentials_auth_credentials | ClientCredentialsAuthCredentials | The credential object for OAuth 2 Client Credentials Grant |
The API client can be initialized as follows:
client = PaypalServersdkClient(
client_credentials_auth_credentials=ClientCredentialsAuthCredentials(
o_auth_client_id='OAuthClientId',
o_auth_client_secret='OAuthClientSecret'
),
environment=Environment.SANDBOX,
logging_configuration=LoggingConfiguration(
log_level=logging.INFO,
request_logging_config=RequestLoggingConfiguration(
log_body=True
),
response_logging_config=ResponseLoggingConfiguration(
log_headers=True
)
)
)
Environments
The SDK can be configured to use a different environment for making API calls. Available environments are:
Fields
| Name | Description |
|---|---|
| Production | PayPal Live Environment |
| Sandbox | Default PayPal Sandbox Environment |
Authorization
This API uses the following authentication schemes.
List of APIs
Classes Documentation
FAQs
PayPal's SDK for interacting with the REST APIs
We found that paypal-server-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
By Sarah Gooding - May 06, 2025