OAuth 2.0 is an open standard for authorization that allows applications to access resources on behalf of a user without exposing the user's credentials, like passwords. It’s often used to grant third-party applications limited access to a web service, such as allowing a website to access a user's Google Drive files without needing the user's login details.

Key Roles in OAuth 2.0

• Resource Owner: The user who owns the data and resources (e.g., a user with files in Google Drive).

• Client: The application that wants to access the resource owner’s data (e.g., a web app that wants to read the user's files).

• Resource Server: The server hosting the resources (e.g., Google Drive's servers).

• Authorization Server: The server responsible for authenticating the resource owner and issuing tokens (e.g., Google’s OAuth 2.0 server).

PayPal REST APIs use OAuth 2.0 access tokens to authenticate requests. Your access token authorizes you to use the PayPal REST API server. To call a REST API in your integration, you'll need to exchange your client ID and client secret for an access token.

Scopes in OAuth 2.0

Scopes define the boundaries of access an application has to the resource server. For example, a resource owner may grant the following scopes to an application:

• read: Allow the application to read data from the server.

• write: Allow the application to modify or write data to the server.

• Combined scopes like read+write for applications that need both capabilities.

Each scope is specified during the authorization request, and the resource owner must explicitly consent to these permissions.