PayPal Community

Fred199 · ‎Apr-07-2023

Hello,

I am trying to setup a hosted fields payment checkout but get an error

```

Payment could not be captured! {"name":"NOT_AUTHORIZED","details":[{"issue":"PERMISSION_DENIED","description":"You do not have permission to access or perform operations on this resource."}],"message":"Authorization failed due to insufficient permissions.","debug_id":"f74667379ba92","links":[{"href":"https://developer.paypal.com/docs/api/orders/v2/#error-PERMISSION_DENIED","rel":"information_link"}]}

```

https://cors.api.sandbox.paypal.com/v2/checkout/orders/skljnf94545vmnkjd-rnj1/confirm-payment-source returns a 403 error

The createOrder seems to work fine but I would say it fails when capturing.

I use the following code

```

// If this returns false or the card fields aren't visible, see Step #1.
if (paypal.HostedFields.isEligible()) {
let orderId;

// Renders card fields
paypal.HostedFields.render({
// Call your server to set up the transaction
createOrder: () => {
return fetch("/checkout-create-order", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
// use the "body" param to optionally pass additional order information like
// product ids or amount.
body: JSON.stringify({
purchase_units: [
{
amount: {
currency_code: "USD",
value: "100.00"
},
reference_id: "***********"
}

}
],
payer: {
email_address: "**********"
},
intent: "CAPTURE",
payment_source: {
paypal: {
experience_context: {
payment_method_preference: "IMMEDIATE_PAYMENT_REQUIRED",
payment_method_selected: "PAYPAL",
brand_name: "EXAMPLE INC",
locale: "en-US",
landing_page: "BILLING",
shipping_preference: "SET_PROVIDED_ADDRESS",
user_action: "PAY_NOW",
return_url: "https://www.website.co.uk/returnUrl",
cancel_url: "https://www.website .co.uk/cancelUrl"
}
}
}
})
})
.then((res) => res.json())
.then((orderData) => {
orderId = orderData.id; // needed later to complete capture
return orderData.id
})
.catch((err) => {
// Here handle error
alert(err);
});
},
styles: {
'.valid': {
color: 'green'
},
'.invalid': {
color: 'red'
}
},
fields: {
number: {
selector: "#card-number",
placeholder: "4111 1111 1111 1111"
},
cvv: {
selector: "#cvv",
placeholder: "123"
},
expirationDate: {
selector: "#expiration-date",
placeholder: "MM/YY"
}
}
}).then((cardFields) => {
document.querySelector("#card-form").addEventListener("submit", (event) => {
event.preventDefault();
cardFields
.submit({
// Cardholder's first and last name
cardholderName: document.getElementById("card-holder-name").value,
// Billing Address
billingAddress: {
// Street address, line 1
streetAddress: document.getElementById(
"card-billing-address-street"
).value,
// Street address, line 2 (Ex: Unit, Apartment, etc.)
extendedAddress: document.getElementById(
"card-billing-address-unit"
).value,
// State
region: document.getElementById("card-billing-address-state").value,
// City
locality: document.getElementById("card-billing-address-city")
.value,
// Postal Code
postalCode: document.getElementById("card-billing-address-zip")
.value,
// Country Code
countryCodeAlpha2: document.getElementById(
"card-billing-address-country"
).value,
},
})
.then(() => {
fetch('/checkout-capture-order/' + data.orderID, {
method: "POST",
})
.then((res) => res.json())
.then((orderData) => {
console.log("sssssssssssss");
// Two cases to handle: ?order=${orderId}
// (1) Non-recoverable errors -> Show a failure message
// (2) Successful transaction -> Show confirmation or thank you
// This example reads a v2/checkout/orders capture response, propagated from the server
// You could use a different API or structure for your 'orderData'
var errorDetail =
Array.isArray(orderData.details) && orderData.details[0];
if (errorDetail) {
var msg = "Sorry, your transaction could not be processed.";
if (errorDetail.description)
msg += "\n\n" + errorDetail.description;
if (orderData.debug_id) msg += " (" + orderData.debug_id + ")";
return alert(msg); // Show a failure message
}
// Show a success message or redirect
alert("Transaction completed!");
});
})
.catch((err) => {
alert("Payment could not be captured! " + JSON.stringify(err));
});
});
});
} else {
// Hides card fields if the merchant isn't eligible
document.querySelector("#card-form").style = 'display: none';
}

```

Whenever I click the pay button I get permission denied.

I checked the account has acdc (card payment) enabled, but apart from that I am not sure what permission I am supposed to look at

Can anyone suggest something?

Thanks

scholar1-2023 · ‎Apr-14-2023

Hi @Fred199 ,

Did you find any solution yet?

I am also getting the same error.

I am testing(in sandbox) paypal advanced checkout hosted page solution with contingencies: ['SCA_ALWAYS'].

But after the createOrder method execution i noticed that PP sdk is calling cors.api.sandbox.paypal.com/v2/checkout/orders/6EP84425MD218111F/confirm-payment-source endpoint which returns 401 with error {"error":"invalid_token","error_description":"Access Token not found in cache"}.

here 6EP84425MD218111F is my orderId.

Fred199 · ‎Apr-14-2023

I get a 403 error and you seem to get a 401

It's not quite the same thing.

My PC was down all week so I am afraid I do not have found a solution yet

It's quite frustrating...

liinature · ‎Feb-15-2024

hi there! anybody find solution?

MTS_Jennifer · ‎Feb-17-2024

Hi @Fred199 ,

Thank you for posting to the PayPal Merchant Community.

I noticed in your request you have PayPal mentioned twice as the payment method and payment source, instead of card. The payment source needs to be card and not PayPal. If PayPal is the payment method, we are expecting the buyer to log into their PayPal account to complete the purchase.

This should not be included payment_method_selected: "PAYPAL" since PayPal was not the payment method selected.

Ensure that the payment source is card, here is an example of updating the payment source:

    "payment_source": {
        "card": {
            "number": "cardnumber",
            "security_code": "111",
            "expiry": "2028-06"
          }
      }
         }

Thank you,

Jennifer

MTS

PayPal Community

Permission denied with advanced hosted fields checkout

Haven't Found your Answer?