PayPal Direct Mode — Post-auth data

PayPal Direct Mode — Post-authorization data

What each API returns after PayPal buyer approval in Gr4vy PayPal Direct Mode, how fields map, and when the merchant needs PayPal client secret vs Gr4vy credentials alone.

Prerequisite: How Gr4vy PayPal Direct Mode works

For pre-Gr4vy fraud (PayPal GET before Gr4vy complete), see Pre-Gr4vy fraud — PayPal timing.


Executive summary

QuestionAnswer
After a successful Direct Mode payment, is Gr4vy GET /transactions/{id} enough for reconciliation?Yes. Status, amount, PayPal order id, authorization id, payer id, buyer email, and shipping are present after the completion handshake.
Does the merchant need PayPal client secret to finalize Direct Mode?No. Finalize uses Gr4vy merchant auth + GET default_completion_url + GET /transactions/{id}.
When is PayPal client secret required?Only when the merchant backend calls PayPal REST directly — e.g. GET /v2/checkout/orders/{id}, authorization void, order PATCH, or pre-complete fraud enrichment.
Browser PayPal SDKPublic clientId from Gr4vy session_data only. Secret must never be used in the browser.

Post-approve flow


Gr4vy GET /transactions/{id} (after complete)

Representative fields after the completion handshake:

FieldExampleGr4vy JSON path
Gr4vy transaction idc58b5863-7243-4ce3-aa4f-4dca6ec1beacid
Statusauthorization_succeededstatus
Amount1000 (minor = $10.00)amount
PayPal order id46S52514Y7950482Fpayment_service_transaction_id, additional_identifiers.payment_service_processor_id
PayPal authorization id48R58639WC2361713additional_identifiers.payment_service_authorization_id
PayPal payer idEZTGT5S4DBD82additional_identifiers.payer_id
Buyer emailsb-fa43tz49039152@personal.example.combuyer.billing_details.email_address
ShippingJohn Doe, San Jose CAshipping_details.*

Auth: Gr4vy merchant JWT. No PayPal client secret.

Quirks

  1. raw_response_code: "PAYER_ACTION_REQUIRED" can remain even when status is authorization_succeeded — connector metadata, not a failed auth.
  2. buyer.billing_details.address may be sparse; fulfillment address is usually on shipping_details.
  3. One GET /transactions/{id} after complete is enough for that transaction id.

PayPal GET /v2/checkout/orders/{id}

Endpoint: GET https://api-m.sandbox.paypal.com/v2/checkout/orders/{orderId}
Auth: OAuth client_credentials — client id + secret on the merchant server only.

Field mapping (Gr4vy vs PayPal)

ItemPayPal pathGr4vy path
Order ididpayment_service_transaction_id
Authorization idpurchase_units[0].payments.authorizations[0].idadditional_identifiers.payment_service_authorization_id
Payer idpayer.payer_idadditional_identifiers.payer_id
Buyer emailpayer.email_addressbuyer.billing_details.email_address
Amountpurchase_units[0].amount.value (major)amount (minor)
Shippingpurchase_units[0].shipping.*shipping_details.*

PayPal-only fields (not on Gr4vy)

PayPal pathNotes
purchase_units[0].payments.authorizations[0].seller_protection.*Seller protection eligibility
purchase_units[0].payments.authorizations[0].links[]HATEOAS capture / void URLs
purchase_units[0].payee.merchant_idPayPal merchant id

For OMS after complete, Gr4vy GET is usually sufficient. PayPal GET adds value for fraud before complete and PayPal-native fields (seller protection, void links).


PayPal client secret — when required

Use casePayPal client secret?
Gr4vy finalize (completion URL + Gr4vy GET)No
Gr4vy transaction status / reconciliationNo
PayPal JS SDK in browserNo
PayPal REST GET /v2/checkout/orders/{id}Yes
Post-approve fraud before Gr4vy completeYes
PayPal auth void on fraud decline (fallback)Yes
Merchant-created PayPal orders (create / PATCH)Yes

OAuth pattern:

  1. POST {PAYPAL_API_BASE}/v1/oauth2/token with Authorization: Basic base64(clientId:clientSecret) and grant_type=client_credentials.
  2. Call PayPal APIs with Authorization: Bearer {access_token}.

Gr4vy’s connector uses its own PayPal credentials for orchestration. The merchant’s client secret is only for direct PayPal REST calls from the merchant backend.


Which API to use when

GoalUseWhy
Mark order paid after Direct Mode completeGr4vy GETCanonical PSP status; buyer, shipping, PayPal ids
Fraud before Gr4vy completePayPal GETAt onApprove, Gr4vy may still be buyer_approval_pending
Fraud / OMS after completeGr4vy GETTerminal status and enriched buyer/shipping
Void on fraud declineGr4vy void first; PayPal auth void fallback
Side-by-side debuggingBothCompare order id, auth id, amount, email

State split around onApprove

SystemAt onApproveAfter completion handshake
PayPal orderAPPROVED or COMPLETEDCOMPLETED with authorization id
Gr4vy transactionbuyer_approval_pendingauthorization_succeeded (authorize intent)
TimingGr4vy GETPayPal GET
After onApprove, before completeSparse; status often pendingPrimary for fraud enrichment
After completeFully enrichedLargely redundant for OMS; useful for PayPal-only fields

Post-complete Gr4vy GET is sufficient for OMS/reconciliation for standard Direct Mode fields.