Introducing the Webhooks Dashboard

By and

Today, we’re excited to announce the Webhooks Dashboard release, which is now available on PayPal Developer Portal. The dashboard comes with a rich feature set providing developers the necessary tools for easier integrations. With this release, developers can now perform the following functions on the dashboard: Search Webhook events based on an application Resend a notification on a single click Access the payload on an event click Filter events based on a selected date range Robust pagination to simplify navigation across events Search Webhook events based on an Application

Key Pinning in Mobile Applications

By and

On Tuesday, October 13, 2015, Hubert Le Van Gong of the PayPal Ecosystem Security team gave a presentation to our developer community on SSL key pinning as it applies to mobile application development. I had a chance to interview him before the presentation to discuss the value and proper methods for incorporating key pinning in Android and IOS app development. Highlights of the interview along with Hubert’s recommended approach for key pinning on each platform are below. For follow up questions please contact Hubert Le Van Gong. What is key pinning and how does it fit into the overall mobile… Read more

PayPal’s Brad Wardman Named General Chair of the Anti-Phishing Working Group’s Symposium on Electronic Crime Research

By

The PayPal Information Security team is proud to announce that Brad Wardman has been named the General Chair for the Anti-Phishing Working Group’s (APWG) annual Symposium on Electronic Crime (eCrime) Research. Brad is a data scientist within the security intelligence group where he actively researches and develops mitigation strategies for attacks against PayPal’s customers and infrastructure. Before joining PayPal, Brad completed his Ph.D. at the University of Alabama at Birmingham. His research interests include anti-phishing, open source intelligence strategies, automated attack neutralization, and crimeware. The 2016 symposium will be held June 1st-3rd in Toronto, Canada and has had in interesting… Read more

The New API Transactions Dashboard

By and

The new Transactions dashboard, launched recently, is also referred to as “API call history”. It provides histories of the transactions (API calls) made by applications in the sandbox and live environments. It provides details such as the date of the transaction, type of the transaction, status, amount, as well as the details of the API call, such as the request and response messages. The new dashboard has many features: Displays history of all PayPal REST APIs. Shows API call details like HTTP status code, request, response and headers to help with diagnostics. Provides the ability to browse and find details… Read more

TLS Version and Cipher Suites Order Matter: Here’s Why.

By

As with a great many things, when it comes to internet security, the only constant is change. While the framework for secure web communication has been around since the development of SSL in 1994, the specific protocols and ciphers continue to evolve. In order to keep up with the changes, the InfoSec community must continually evaluate new potential threats in the context of security and ongoing usability of older systems. Just as system patches and OS upgrades are regularly released to fix known issues, new and improved protocols and cipher suites are developed that correct inherent flaws and mitigate new… Read more

PayPal Sponsors First of Its Kind Intel Capture the Flag Contest at DEFCON 23

By

DEFCON routinely presents the coolest and most thought provoking topics in the hacking community and this year did not disappoint, partially due to the first PayPal-sponsored Intel Capture the Flag (CTF) virtual manhunt contest. IntelCTF events challenge players to utilize their open source intelligence (OSINT) forensic skills in order to identify malicious actors intent on Internet mayhem. Players find strategically placed “flags” that are planted across the Internet as breadcrumbs, allowing them to solve the e-case of whodunit by simply connecting the virtual dots. This contest, (rated Beginner/Intermediate) which is the first of several that are scheduled for release in… Read more

Vote for PayPal & Braintree at SXSW 2016

By and

It’s that time of year again, when you vote on what sessions you want to see at the next iteration of SXSW in Austin. This year, we have a number of great talks that we would love your votes and comments on: Modern-Day Evangelists: Spreading the Tech Gospel (Jonathan LeBlanc on panel) Come join PayPal, Venmo, and Twilio as we dive into the important questions around developer advocacy, and how you can build a burgeoning developer community around your APIs and services. This Strange Planet Earth: Payments are Cultural (Cristiano Betta speaking) Cristiano takes us through a worldwide view of… Read more

From Require.js to Webpack – Part 2 (The How)

By

This is the follow up to a post I wrote recently called From Require.js to Webpack – Part 1 (the why) which was published in my personal blog. In that post I talked about 3 the main reasons my team decided to move from require.js to webpack: Common JS support NPM support a healthy loader/plugin ecosystem. Despite the clear benefits in developer experience (DX) the setup was fairly difficult and I’d like to cover some of the challenges we faced to make the transition a bit easier. From paths to alias to NPM The first thing you do when you’re converting from require.js to… Read more

PayPal’s API Style Guide

By and

About the author: Jason is the former head of the API Design team at PayPal, helping development teams design high quality, usable APIs across the platform. He blogs at apiux.com, and has a Youtube channel API Workshop (https://www.youtube.com/channel/UCKK2ir0jqCvfB-kzBGka_Lg). Since 2013, PayPal has been developing a new generation of APIs, using REST semantics. While our public API developer community has seen the outward effects of this, internally we’ve been using the same strategy. Since 2013, we’ve defined most of the PayPal platform using REST APIs. As part of the team guiding this engineering-wide project (we call it PPaaS aka “PayPal as… Read more

PayPal SSL Certificate Changes

By and

To continue our policy of ensuring the highest level of security for our merchants, developers, and consumers, PayPal is making upgrades to the SSL certificates on all web and API endpoints. Merchants and developers will need to ensure that all required upgrades are implemented, as described below, to prevent an outage to your payment processing, Instant Payment Notifications (IPN) services, or other API service connections. Why are These Changes Needed? Due to security concerns over advances in computing power, the industry is phasing out 1024-bit SSL certificates (G2) in favor of 2048-bit certificates (G5), and is moving towards a higher… Read more