The form for the PayPal Express Checkout Authentication is basically arrange like so.

Authentication
Username *
[input]
Password *
[input]
The password will be stored as plain text.

This seems rather insecure to store your businesses paypal account password in plaintext on the server, or am I missing something?

Seems like it should at least be encrypted if it's going to be on the server.

Comments

travisc created an issue. See original summary.

torotil’s picture

torotil CreditAttribution: torotil at more onion commented
Status: Active » Closed (works as designed)

I don't think there is a way around it using NVP requests. The website needs to provide the plaintext password to the API itself. Also it's only a API-user not a real paypal account. See https://developer.paypal.com/docs/classic/api/apiCredentials/