Feature Release: Credential Rotation on Developer Portal to Enhance App Security

By

At PayPal, we take security seriously. Since the client-secret in the API world is akin to your password in the web world, it is a well-known security best practice to regularly change the client-secret that your application uses. Regularly scheduled changes to the client-secret keeps the attackers at bay and ensures that your app is less vulnerable to being compromised. To simplify the credential rotation process, we have now enabled this capability as a self-service feature on the developer portal. We hope that this feature will provide greater flexibility to our developers in rotating credentials per their own schedule. Lifecycle… Read more

Webhooks for Payouts

By

Today, we are delighted to launch the much awaited Webhooks support for Payouts. Payouts is a highly convenient mechanism for processing mass payments across multiple accounts in a single API call. With this feature, you can now initiate a payout transaction and receive notifications on your webhook URLs for Processing, Success and Denied scenarios. Merchants and Developers can now subscribe and receive notifications for the following events Payment payoutsbatch processing Payment payoutsbatch success Payment payoutsbatch denied Payouts Processing

Introducing the Webhooks Dashboard

By

Today, we’re excited to announce the Webhooks Dashboard release, which is now available on PayPal Developer Portal. The dashboard comes with a rich feature set providing developers the necessary tools for easier integrations. With this release, developers can now perform the following functions on the dashboard: Search Webhook events based on an application Resend a notification on a single click Access the payload on an event click Filter events based on a selected date range Robust pagination to simplify navigation across events Search Webhook events based on an Application

Key Pinning in Mobile Applications

By

On Tuesday, October 13, 2015, Hubert Le Van Gong of the PayPal Ecosystem Security team gave a presentation to our developer community on SSL key pinning as it applies to mobile application development. I had a chance to interview him before the presentation to discuss the value and proper methods for incorporating key pinning in Android and IOS app development. Highlights of the interview along with Hubert’s recommended approach for key pinning on each platform are below. For follow up questions please contact Hubert Le Van Gong. What is key pinning and how does it fit into the overall mobile… Read more

PayPal’s Brad Wardman Named General Chair of the Anti-Phishing Working Group’s Symposium on Electronic Crime Research

By

The PayPal Information Security team is proud to announce that Brad Wardman has been named the General Chair for the Anti-Phishing Working Group’s (APWG) annual Symposium on Electronic Crime (eCrime) Research. Brad is a data scientist within the security intelligence group where he actively researches and develops mitigation strategies for attacks against PayPal’s customers and infrastructure. Before joining PayPal, Brad completed his Ph.D. at the University of Alabama at Birmingham. His research interests include anti-phishing, open source intelligence strategies, automated attack neutralization, and crimeware. The 2016 symposium will be held June 1st-3rd in Toronto, Canada and has had in interesting… Read more

The New API Transactions Dashboard

By

The new Transactions dashboard, launched recently, is also referred to as “API call history”. It provides histories of the transactions (API calls) made by applications in the sandbox and live environments. It provides details such as the date of the transaction, type of the transaction, status, amount, as well as the details of the API call, such as the request and response messages. The new dashboard has many features: Displays history of all PayPal REST APIs. Shows API call details like HTTP status code, request, response and headers to help with diagnostics. Provides the ability to browse and find details… Read more

TLS Version and Cipher Suites Order Matter: Here’s Why.

By

As with a great many things, when it comes to internet security, the only constant is change. While the framework for secure web communication has been around since the development of SSL in 1994, the specific protocols and ciphers continue to evolve. In order to keep up with the changes, the InfoSec community must continually evaluate new potential threats in the context of security and ongoing usability of older systems. Just as system patches and OS upgrades are regularly released to fix known issues, new and improved protocols and cipher suites are developed that correct inherent flaws and mitigate new… Read more

PayPal Sponsors First of Its Kind Intel Capture the Flag Contest at DEFCON 23

By

DEFCON routinely presents the coolest and most thought provoking topics in the hacking community and this year did not disappoint, partially due to the first PayPal-sponsored Intel Capture the Flag (CTF) virtual manhunt contest. IntelCTF events challenge players to utilize their open source intelligence (OSINT) forensic skills in order to identify malicious actors intent on Internet mayhem. Players find strategically placed “flags” that are planted across the Internet as breadcrumbs, allowing them to solve the e-case of whodunit by simply connecting the virtual dots. This contest, (rated Beginner/Intermediate) which is the first of several that are scheduled for release in… Read more

Vote for PayPal & Braintree at SXSW 2016

By

It’s that time of year again, when you vote on what sessions you want to see at the next iteration of SXSW in Austin. This year, we have a number of great talks that we would love your votes and comments on: Modern-Day Evangelists: Spreading the Tech Gospel (Jonathan LeBlanc on panel) Come join PayPal, Venmo, and Twilio as we dive into the important questions around developer advocacy, and how you can build a burgeoning developer community around your APIs and services. This Strange Planet Earth: Payments are Cultural (Cristiano Betta speaking) Cristiano takes us through a worldwide view of… Read more

From Require.js to Webpack – Part 2 (The How)

By

This is the follow up to a post I wrote recently called From Require.js to Webpack – Part 1 (the why) which was published in my personal blog. In that post I talked about 3 the main reasons my team decided to move from require.js to webpack: Common JS support NPM support a healthy loader/plugin ecosystem. Despite the clear benefits in developer experience (DX) the setup was fairly difficult and I’d like to cover some of the challenges we faced to make the transition a bit easier. From paths to alias to NPM The first thing you do when you’re converting from require.js to… Read more