Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The form for the PayPal Express Checkout Authentication is basically arrange like so.
Authentication
Username *
[input]
Password *
[input]
The password will be stored as plain text.
This seems rather insecure to store your businesses paypal account password in plaintext on the server, or am I missing something?
Seems like it should at least be encrypted if it's going to be on the server.
Comments
Comment #2
torotil CreditAttribution: torotil at more onion commentedI don't think there is a way around it using NVP requests. The website needs to provide the plaintext password to the API itself. Also it's only a API-user not a real paypal account. See https://developer.paypal.com/docs/classic/api/apiCredentials/