If the identity provider is PayPal, a subset of PayPal provider attributes can be used as the mapping attribute placeholder value.

The placeholder value must use the following syntax:

${providerAttributes.<PayPal attribute name>}

When you create a new PayPal identity provider entity, the POST request automatically maps the PingOne username attribute to the PayPal user_id attribute. The username attribute is the core mapping attribute; the default PayPal attribute value is user_id. It is also recommended that you map the PingOne email attribute to the PayPal email attribute.

The request body for the email-to-email mapping looks like this, with the value attribute showing the PayPal email attribute expressed using the placeholder syntax:

{
    "name": "email",
    "update": "EMPTY_ONLY",
    "value": "${providerAttributes.email}"
}

The POST /environments/{environmentId}/identityProviders operation adds a new identity provider resource to the specified environment.

When the type property value is set to PAYPAL, PayPal’s clientId, clientSecret, and clientEnvironment property values are required in the request body.

PayPal identity provider settings data model

Property Description
clientId A string that specifies the application ID from PayPal. This is a required property.
clientSecret A string that specifies the application secret from PayPal. This is a required property.
clientEnvironment A string that specifies the PayPal environment. Options are sandbox, and live. This is a required property.

PayPal core attributes

Property Description
user_id A string that specifies the core PayPal attribute. The default value is ${providerAttributes.user_id} and the default update value is EMPTY_ONLY.

PayPal provider attributes

Permission Provider attributes
OpenID Connect scopes: openid, profile, email user_id, name, email
address Options are: address.street_address, address.locality, address.region, address.postal_code, address.country
paypalattributes Options are: payer_id, verified_account