Setting up PayPal for your website or app begins with creating secure API credentials. Follow the tutorial below to generate a Client ID, Secret Key and Merchant ID—all straight from PayPal’s official developer portal.
1. Access the PayPal Developer Dashboard
Head to developer.paypal.com and click Log In.
- New to PayPal? Choose Sign Up and complete the standard verification process (email confirmation, phone verification and linking a funding source).
2. Open “My Apps & Credentials”
Once you’re inside the dashboard, hover over My Apps & Credentials in the top navigation bar. This section houses every REST-API app you create.
3. Create a New REST App
Under the REST API apps panel, select Create App.
- App Name: Enter a name you’ll recognize (e.g., “MyStore-Prod” or “MyStore-Sandbox”).
- Environment: Choose Sandbox if you’re still testing or Live if you’re ready for real payments.
- Account Type: Select Merchant—this unlocks payment-processing features.
Click Create App to continue.
4. Copy Your Client ID & Secret Key
PayPal instantly generates two credentials:
| Credential | Purpose | Visibility |
|---|---|---|
| Client ID | Public identifier used in every API request | Safe to embed in frontend code |
| Secret Key | Private token paired with the Client ID for secure server-side calls | Never expose publicly (store in environment variables or a secure vault) |
5. Switch to Live Mode (When Ready)
All apps default to Sandbox. After successful test transactions:
- Return to My Apps & Credentials.
- Toggle the app’s environment switch from Sandbox to Live.
- Copy the new Live Client ID and Secret Key (they differ from Sandbox).
6. Upgrade to (or Confirm) a Business Account
Live credentials require a PayPal Business Account. To upgrade:
- Log in to your regular PayPal account.
- Navigate to Settings › Account Settings.
- Click Upgrade to Business and follow the guided steps.
7. Locate Your Merchant ID
With your account now Business-class:
- Go to Settings › Business Information.
- Your unique Merchant ID appears under the Account Details heading. This value identifies your business across all PayPal services (useful for integrations, invoicing and dispute resolution).
Best Practices for Securing Your Keys
- Store secrets server-side—never in client-facing JavaScript.
- Use environment variables or a dedicated secrets manager (AWS Secrets Manager, Azure Key Vault, etc.).
- Rotate keys periodically and regenerate if you suspect they’ve been exposed.
- Grant minimal permissions to each app, especially if you maintain separate apps for staging and production.
Final Thoughts
That’s it! You now have everything required to link PayPal’s REST API or checkout buttons to your store:
- Client ID – tells PayPal which app is calling
- Secret Key – verifies the call is legitimate
- Merchant ID – ties payments to your specific business entity
Implement these credentials in your preferred SDK (JavaScript, PHP, Node.js, etc.), run a few test sales in Sandbox, and then flip the switch to Live for real-world transactions. Happy selling!
You can learn How to Delete Your PayPal Account Here!
