我有一个使用 JavaScript 中的 PayPal API 的工作测试版本。当我将其转换为 Curl 以便我可以在服务器端运行它并隐藏凭据时,我仍然可以正确获取令牌,但所有其他端点都无法授权:
curl https://api.sandbox.paypal.com/v1/oauth2/token \
-H 'Accept: application/json' \
-H 'Accept-Language: en_US' \
-u 'XXXCLIENT_IDXXX':'XXXSECRETXXX' \
-d grant_type=client_credentials
$VAR1 = {
'app_id' => 'APP-80W284485P519543T',
'scope' => 'https://uri.paypal.com/services/invoicing https://uri.paypal.com/services/disputes/read-buyer https://uri.paypal.com/services/payments/realtimepayment https://uri.paypal.com/services/disputes/update-seller https://uri.paypal.com/services/payments/payment/authcapture openid https://uri.paypal.com/services/disputes/read-seller https://uri.paypal.com/services/payments/refund https://api.paypal.com/v1/vault/credit-card https://api.paypal.com/v1/payments/.* https://uri.paypal.com/payments/payouts https://api.paypal.com/v1/vault/credit-card/.* https://uri.paypal.com/services/subscriptions https://uri.paypal.com/services/applications/webhooks',
'expires_in' => 32329,
'token_type' => 'Bearer',
'nonce' => '2023-10-09T15:32:55Zhrzfg_lRlbaSCIW8HMlnO5rV1Yp_MQ4TKGag2B8zoBw',
'access_token' => 'A21AAIZFjd0g3gpxiHckR1s60mg17K8GtlcvypfSxzKxWAFBFpeqM7t_8XdifcV1RRBwUvFeExF_OgKU2-PWxGS0oZeLDZ4-Q'
};
curl -v -X POST https://api.sandbox.paypal.com/v2/invoicing/invoices \
-H 'Authorization : Bearer A21AAIZFjd0g3gpxiHckR1s60mg17K8GtlcvypfSxzKxWAFBFpeqM7t_8XdifcV1RRBwUvFeExF_OgKU2-PWxGS0oZeLDZ4-Q' \
-H 'Content-Type: application/json' \
-H 'Prefer: return=representation' \
-d '{
....
}'
$VAR1 = {
'message' => 'Authentication failed due to invalid authentication credentials or a missing Authorization header.',
'links' => [
{
'rel' => 'information_link',
'href' => 'https://developer.paypal.com/docs/api/overview/#error'
}
],
'name' => 'AUTHENTICATION_FAILURE'
};
发生什么事了? auth 标头显然在那里。
嗨,我很确定您的代码中存在语法错误:
....
-H 'Authorization : Bearer A21AAIZFjd0g3gpxiHckR1s60mg17K8GtlcvypfSxzKxWAFBFpeqM7t_8XdifcV1RRBwUvFeExF_OgKU2-PWxGS0oZeLDZ4-Q' \
....
}
-H Authorization : Bearer YOUR_TOKEN
^
error here
单词授权之后不应有“空格”。正确的做法应该是:
-H Authorization: Bearer YOUR_TOKEN