🔍 PayPal Authentication Debug - HTTP 401 Çözümü

Test Modu: Sandbox
API URL: https://api.sandbox.paypal.com

Sonuç:

PayPal Yanıtı:

{"scope":"https://uri.paypal.com/services/payments/futurepayments https://uri.paypal.com/services/invoicing https://uri.paypal.com/services/vault/payment-tokens/read https://uri.paypal.com/services/disputes/read-buyer https://uri.paypal.com/services/payments/realtimepayment https://uri.paypal.com/services/payments/client-payments-eligibility https://uri.paypal.com/services/identity/activities https://api.paypal.com/v1/vault/credit-card https://api.paypal.com/v1/payments/.* https://uri.paypal.com/services/reporting/search/read https://uri.paypal.com/services/vault/payment-tokens/readwrite https://uri.paypal.com/services/applications/webhooks https://api.paypal.com/v1/payments/refund https://uri.paypal.com/services/credit/client-offer-presentment/read https://uri.paypal.com/services/disputes/update-seller https://uri.paypal.com/services/paypalhere openid https://uri.paypal.com/services/payments/payment/authcapture Braintree:Vault https://uri.paypal.com/services/disputes/read-seller https://uri.paypal.com/services/payments/refund https://uri.paypal.com/services/payments/orders/client_sdk_orders_api https://uri.paypal.com/payments/payouts https://api.paypal.com/v1/vault/credit-card/.* https://uri.paypal.com/services/subscriptions https://api.paypal.com/v1/payments/sale/.*/refund","access_token":"A21AAJbdITakngZouPhni9-wOWPICK7An35layFos8zyLYTRudqeghg2VQa0z5c-uHuTnTNc5MOEOkbGBMvIze_GIYJlVMqgA","token_type":"Bearer","app_id":"APP-80W284485P519543T","expires_in":32400,"nonce":"2025-12-17T20:32:40ZeJPBPkXCMRB3sa6KWpkhpRXSv9Y9pbtsXDz-Y-d20J8"}

Test Modu: Live
API URL: https://api.paypal.com

Sonuç:

PayPal Yanıtı:

{"error":"invalid_client","error_description":"Client Authentication failed"}

HTTP Debug Log:

*   Trying 173.0.92.23...
* TCP_NODELAY set
* Connected to api.paypal.com (173.0.92.23) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=San Jose; O=PayPal, Inc.; CN=api.paypal.com
*  start date: Mar 13 00:00:00 2025 GMT
*  expire date: Apr 13 23:59:59 2026 GMT
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
*  SSL certificate verify ok.
* Server auth using Basic with user 'AVHwtp97dPZ_wrGpAOf69S5LN4BAKl0uRQcDNBIdcK_hhNHifYoZfrOtmlHtzOZXkEh_ljVKzCWk23ws'
> POST /v1/oauth2/token HTTP/1.1
Host: api.paypal.com
Authorization: Basic QVZId3RwOTdkUFpfd3JHcEFPZjY5UzVMTjRCQUtsMHVSUWNETkJJZGNLX2hoTkhpZllvWmZyT3RtbEh0ek9aWGtFaF9salZLekNXazIzd3M6RUh2U1pZbFNzTllyZVNxUU04emRvbmp1UnRZYVcxZ0U0WFptWlgwcXc1UXRndGRJcVRjVUJCMGhqNm1DZjg2ckdSWWJ0N3R3RUJOTHloQjE=
Accept: application/json
Accept-Language: en_US
Content-Type: application/x-www-form-urlencoded
Content-Length: 29

* upload completely sent off: 29 out of 29 bytes
< HTTP/1.1 401 Unauthorized
< Date: Wed, 17 Dec 2025 20:32:41 GMT
< Content-Type: application/json
< Content-Length: 77
< Connection: keep-alive
< CF-RAY: 9af930f0dc58d0cf-SOF
< Access-Control-Expose-Headers: Server-Timing
< Cache-Control: max-age=0, no-cache, no-store, must-revalidate
< Paypal-Debug-Id: 7711be65b5a8f
< Pragma: no-cache
< Server-Timing: traceparent;desc="00-00000000000000000007711be65b5a8f-098eb1cfa4d05bdf-01"
< Set-Cookie: l7_az=ccg01.phx; Path=/; Domain=paypal.com; Expires=Wed, 17 Dec 2025 21:02:41 GMT; HttpOnly; Secure
< Set-Cookie: __cf_bm=7hWhTCSk4cT9CwgT7n.X1SDGnGRUqHfiscbpAf1O07c-1766003561-1.0.1.1-QDtn7rb3NkjH8TIr4qF62veYf4G6v6O6MYQix9gU.cnKjZEHwoQCZOCIdGPEW0tGy.Ob6NV7akU0AwFNoLgMoyGpHHAHffsi7x3P6uQ2Qxo; path=/; expires=Wed, 17-Dec-25 21:02:41 GMT; domain=.api.paypal.com; HttpOnly; Secure
< Vary: Accept-Encoding
< X-Paypal-Token-Service: IAAS
< cf-cache-status: DYNAMIC
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< Server: cloudflare
< 
* Connection #0 to host api.paypal.com left intact

Client ID Analizi:

• Tam Client ID: AVHwtp97dPZ_wrGpAOf69S5LN4BAKl0uRQcDNBIdcK_hhNHifYoZfrOtmlHtzOZXkEh_ljVKzCWk23ws
• Uzunluk: 80 karakter
• İlk 10 karakter: AVHwtp97dP
• Son 10 karakter: VKzCWk23ws
• Özel karakterler: ✅ Yok

Client Secret Analizi:

• Tam Client Secret: EHvSZYlSsNYreSqQM8zdonjuRtYaW1gE4XZmZX0qw5QtgtdIqTcUBB0hj6mCf86rGRYbt7twEBNLyhB1
• Uzunluk: 80 karakter
• İlk 10 karakter: EHvSZYlSsN
• Son 10 karakter: twEBNLyhB1
• Özel karakterler: ✅ Yok

Method 1: Basic Authentication Header

Sonuç: ❌ HTTP 401 - Authentication Failed
Yanıt: {"error":"invalid_client","error_description":"Client Authentication failed"}...

Method 2: POST Body Authentication

Sonuç: ❌ HTTP 401 - Authentication Failed
Yanıt: {"error":"invalid_client","error_description":"Client Authentication failed"}...