PayPal Web Services API - 2006 Manual de usuario descargar pdf (Pagina 23)

Web Services API Reference July 2006 23

PayPal Web Services API Architecture

Services Architecture

Security

The PayPal Web Services API service is protected to ensure that only authorized PayPal

members use it. There are three primary levels of security:

z API username/password and third-party account authentication

z Public/private key encryption via an API certificate or API signature

z Secure Sockets Layer (SSL) data transport

A failure of authenticated security at any one of these levels denies access to the PayPal Web

Services API.

API Certificate A PayPal-generated unique digital certificate file that you download from the PayPal website and use on the

client computer to encrypt the HTTPS requests of your API calls to PayPal’s API server.

An API certificate is suitable if you have complete control over your own web server.

API Signature A PayPal-generated unique digital signature (a line of text, or hash) that you copy from PayPal’s website and

include in your API calls. An alternative to API Certificate security.

Your digital signature, your API username, and your API password all together are called three-token

authentication, because you include each of them as a programatic token in your API calls.

An API signature is suitable for use with Microsoft Windows web servers or other shared web server

configurations, such as those used by web hosting services.

Multiple API signatures can be associated with your API username and password. For security, every time

you view your API credential/signature on https://www.paypal.com, a new signature is generated. In your

API calls, you can use any of the signatures that PayPal generates for you. All the signatures are equally valid

until you remove your credentials by clicking Remove on the View API Signature page.

API Username

and Password

A PayPal-generated identifying account name and password that you use specifically for making API calls.

You include your API username and password with every API call. The API username and password are

different from your PayPal login username (email address) and password.

Subject An indicator in an API call of the merchant for whom the call is being made. This is the programmatic aspect

of third-party authentication. The value of the Subject field is the third-party’s API username.

First-Party

Access

A company makes API calls itself from its own server to PayPal's server. The company has its own API

certificate or API signature, username, and password.

Example:

A staff programmer for a merchant's company obtains a PayPal-issued API certificate file and makes API

calls for the company from the company's own web server.

Third-Party

Access

Another person or company makes API calls on the merchant's behalf. The merchant grants the third-party

his permission to make API calls for him.

Examples:

A web hosting service has its own API certificate, API username, and API password. Its customers, who are

merchants that use PayPal, give the hosting service their permission to make API calls on their behalf. The

hosting service includes a merchant's API username in the "Subject" field of an API call.

A merchant company's programmer has her own PayPal-issued API signature, username, and password. She

gives permission to a shopping cart service to access her API credentials. The shopping cart service makes

API calls on the programmer's company's behalf, using the programmer's credentials.

TABLE 2.2 Basic PayPal API Set-up Concepts and Terminology

Term Definition

1 2 ... 18 19 20 21 22 23 24 25 26 27 28 ... 158 159

Comentarios a estos manuales

Sin comentarios

PayPal Web Services API - 2006 Manual de usuario Pagina 23

Comentarios a estos manuales

Relacionado con productos y manuales para Software PayPal Web Services API - 2006