Paypal Token Key

Bridgecrew Policy ID: BC_GIT_84
Severity: MEDIUM

Paypal Token Key


The OAuth 2.0 authentication protocol, which enables users to grant third-party applications access to their PayPal accounts without sharing their login credentials. When a user grants permission to a third-party application, PayPal issues an access token and a refresh token, which the application can use to access the user's PayPal account on their behalf.

Fix - Buildtime


To revoke the key

  1. Log in to your PayPal account at
  2. Click on the "Settings" icon in the top right corner and select "Account Settings."
  3. Click on "API Access" under the "Integrations" section.
  4. Click on "Manage API credentials."
  5. Under the "NVP/SOAP API integration (Classic)" section, find the API credentials associated with the OAuth access token you want to revoke.
  6. Click on "Remove" next to the API credentials.
  7. Confirm that you want to revoke the access token by clicking "Remove" again in the pop-up window.