PayPal technical guide
Everything an engineer needs to connect PayPal to Salesforce: architecture, the exact build steps with real code, field mapping, the data model, security, monitoring, and the pitfalls we design out.
PayPal wired into donation and checkout data flows. We have shipped it across 4 client projects and 7 build tasks.
The value is clean, deduped data landing on the right record the moment it is captured, so nothing is re-keyed and no lead is lost.
We build it the Salesforce-native way: a Connected App and Named Credentials so no secrets ever live in code, field mappings that respect your data model, and record-triggered automation that does the work.
Every PayPal build is delivered by a senior Salesforce architect on a fixed price, tested end to end in a sandbox, deployed to your org, and backed by 30 days of hypercare. You own the result: documented, source-controlled, and free of black-box middleware lock-in.
How PayPal connects to Salesforce
The real connection surface: how it authenticates, what it is built on, the endpoints and events in play, and where the reference docs live.
- Connects via
- No first-party managed package for core Salesforce: typically custom Apex REST + Named Credential to the PayPal Orders/Payments v2 APIOr middleware/iPaaS (MuleSoft, Zapier, Workato)Or third-party AppExchange donation apps; data lands via webhooks or import
- Package
- Custom build (no managed package)
- Authentication
- OAuth 2.0 client_credentials (client_id + secret exchanged at /v1/oauth2/token for a Bearer token); inbound webhooks verified via /v1/notifications/verify-webhook-signature
- API type
- REST+Webhooks
https://api-m.paypal.com (sandbox: https://api-m.sandbox.paypal.com)- Reference
- Official developer docs
Key endpoints
/v1/oauth2/token/v2/checkout/orders/v2/checkout/orders/{id}/capture/v2/payments/captures/{id}/v1/notifications/verify-webhook-signatureWebhook and platform events
CHECKOUT.ORDER.APPROVEDPAYMENT.CAPTURE.COMPLETEDPAYMENT.CAPTURE.DENIEDPAYMENT.CAPTURE.REFUNDEDBILLING.SUBSCRIPTION.CREATEDBuild this with AI agents
Copy the full playbook as a prompt for any coding agent, or install it as a Claude Code skill. Either way your agent builds with our exact approach: the architecture, the Apex code, the field mapping, the rate limits, and the pitfalls to design out. Free, no signup.
Loading the PayPal playbook...What we build for a PayPal integration
PayPal referenced in donation and checkout data flows into Salesforce, including donation imports feeding gift and Account records.
Donation and checkout capture
PayPal donation and checkout data mapped into Salesforce gift and Account records as part of the fundraising and commerce data flows.
Real components we ship
What you will need
What we confirm on both sides before writing a line of code.
From trigger to record, end to end
The production runtime flow, with what happens in each system.
- 01
Action in PayPal
In PayPalA user submits a form, books time, or updates a record in PayPal.
$The trigger event on the vendor side that starts the flow. - 02
Data reaches Salesforce
In transitPayPal sends the payload to Salesforce.
$Delivered via the PayPal push or an Apex REST endpoint over Data flows. - 03
Matched and deduped
In SalesforceFields are mapped to the payment record and matched against existing records.
$Database.upsert on an external-id field so retries never create duplicates. - 04
payment record created or updated
In SalesforceThe payment record is written and routed to the right owner, ready for follow-up.
$A record-triggered flow assigns the owner and fires downstream automation.
How the data actually flows
Left to right: sources, the integration layer, Salesforce, and the outcomes it drives.
// sources feed the integration layer, Salesforce persists, outcomes ship
The objects behind the integration
The Salesforce objects we read and write, what each one is for, and the fields that carry the load.
| Object | Purpose | Key fields |
|---|---|---|
payment record | The primary Salesforce record PayPal data maps onto. | External_Id__c, Name, Status |
Account | Matched or created for the customer or company behind the record. | Name, External_Id__c |
Error_Log__c (custom) | Captures every request, response, and failure so anything can be replayed. | Payload__c, Status__c, Related_Id__c |
Salesforce objects typically in play for PayPal
Build the PayPal integration
Every step we follow to ship a production-grade build, with the code that matters.
Plan the integration and prerequisites
Before any code, we lock down access and design how PayPal and Salesforce will talk.
- A Salesforce edition with API access (Enterprise, Unlimited, or Developer) and a dedicated sandbox track
- A PayPal account on a plan with API access, plus admin rights on both systems
- A dedicated Salesforce integration user with a minimum-access permission set, never a personal admin login
- Decide direction (inbound, outbound, or bidirectional) and cadence (real-time callouts vs scheduled batch)
- Budget the daily API request allocation and per-transaction callout limits up front
Register the app and scope OAuth in PayPal
We create the connection on the PayPal side and collect exactly the access Salesforce needs.
- Create an OAuth app or scoped API token in PayPal to get the Client ID and Client Secret
- Grant the minimum OAuth scopes required, and note the API base URL and version
- Whitelist the Salesforce callback URL if the tool uses the authorization-code flow
Store secrets with External and Named Credentials
We use the modern Salesforce auth stack, so no secret ever lives in code or metadata.
- Create an External Credential (OAuth 2.0 or custom) with a named principal
- Create a Named Credential pointing at the PayPal base URL and enable the generated authorization header
- Grant the External Credential through a permission set, so only the integration user can call out
- This replaces legacy Remote Site Settings and hard-coded tokens entirely
Pro tip: Named Credentials, not code
Named Credentials keep the secret and endpoint out of your Apex and metadata, so nothing sensitive ships in a deployment or lands in version control.
Design the data model and external IDs
We make PayPal records land cleanly on the right Salesforce object with no duplicates.
- Map every PayPal field to the payment record and related objects, documenting type, picklist values, and record types
- Add a unique, external-id, case-insensitive field on each object as the match key
- Define owner assignment, required-field defaults, and relationship lookups
Build inbound ingestion
If PayPal data flows in, we ingest it safely and idempotently.
- Expose an Apex REST resource (@RestResource) or subscribe to PayPal's push or Platform Events
- Authenticate and parse the payload, then Database.upsert on the external id in bulk
- Make it idempotent, so a retried or duplicate payload never creates a second record
@RestResource(urlMapping='/inbound/records/*')
global with sharing class InboundRecordApi {
@HttpPost
global static void upsertRecords() {
List<Row> items = (List<Row>) JSON.deserialize(
RestContext.request.requestBody.toString(), List<Row>.class);
List<MyObject__c> rows = new List<MyObject__c>();
for (Row r : items) {
rows.add(new MyObject__c(External_Id__c = r.id, Name = r.name, Amount__c = r.amount));
}
upsert rows External_Id__c; // bulk + idempotent on the external id
RestContext.response.statusCode = 200;
}
global class Row { global String id; global String name; global Decimal amount; }
}Build outbound sync
If Salesforce drives PayPal, we call out the right way.
- A record-triggered flow to invocable Apex, or an Apex trigger handing off to a Queueable
- Triggers cannot call out synchronously, so the HTTP callout runs asynchronously
- Serialize with JSON.serialize and call PayPal via callout:NamedCredential, handling every status code
public class SyncToServiceQueueable implements Queueable, Database.AllowsCallouts {
private List<Id> ids;
public SyncToServiceQueueable(List<Id> ids) { this.ids = ids; }
public void execute(QueueableContext ctx) {
for (MyObject__c rec : [SELECT Id, Name, External_Id__c FROM MyObject__c WHERE Id IN :ids]) {
HttpRequest req = new HttpRequest();
req.setEndpoint('callout:Service_NC/v1/records'); // secret lives in the Named Credential
req.setMethod('POST');
req.setHeader('Content-Type', 'application/json');
req.setBody(JSON.serialize(new Map<String,Object>{
'externalId' => rec.External_Id__c, 'name' => rec.Name }));
HttpResponse res = new Http().send(req);
if (res.getStatusCode() != 200) ErrorLog.capture(rec.Id, res);
}
}
}Engineer for scale and governor limits
We build it to survive real volume, not just a demo.
- Bulkify everything: no SOQL, DML, or callouts inside loops (100 SOQL and 150 DML per transaction)
- Use Queueable, Batchable, or Scheduled Apex for volume, and chain jobs for large syncs
- Add retry with backoff and a dead-letter Error_Log__c record for anything that fails
global class NightlySyncBatch implements Database.Batchable<SObject>, Database.AllowsCallouts {
global Database.QueryLocator start(Database.BatchableContext bc) {
return Database.getQueryLocator([SELECT Id, External_Id__c FROM MyObject__c WHERE Needs_Sync__c = true]);
}
global void execute(Database.BatchableContext bc, List<MyObject__c> scope) {
ServiceClient.sync(scope); // one callout per 200-record chunk stays under limits
}
global void finish(Database.BatchableContext bc) { /* chain the next job or log the run */ }
}Watch out: governor limits
Salesforce caps SOQL, DML, and callouts per transaction. Bulkify everything and move volume to Queueable or Batch Apex, or the integration will fail at scale.
Lock down security and compliance
We give the integration exactly the access it needs and nothing more.
- A least-privilege permission set, field-level security, and sharing for the integration user
- Rotate secrets on a schedule, and add Shield Platform Encryption for sensitive fields where required
Test like production
We prove it works before it ships.
- Apex tests with Test.setMock(HttpCalloutMock) covering success, failure, and a 200-record bulk case
- At least 75 percent coverage, plus sandbox UAT and a parallel run against the live system
@IsTest
private class SyncToServiceTest {
private class Mock implements HttpCalloutMock {
public HttpResponse respond(HttpRequest req) {
HttpResponse res = new HttpResponse();
res.setStatusCode(200); res.setBody('{"ok":true}');
return res;
}
}
@IsTest static void syncsInBulk() {
Test.setMock(HttpCalloutMock.class, new Mock());
List<MyObject__c> recs = new List<MyObject__c>();
for (Integer i = 0; i < 200; i++)
recs.add(new MyObject__c(Name = 'Row ' + i, External_Id__c = 'EXT-' + i));
insert recs;
Test.startTest(); // proves the callout is bulk-safe under governor limits
System.enqueueJob(new SyncToServiceQueueable(new List<Id>(new Map<Id,MyObject__c>(recs).keySet())));
Test.stopTest();
}
}Deploy, monitor, and hand over
We ship it safely and keep it healthy.
- Deploy via change sets or an SFDX and CI pipeline, and assign the permission sets
- Turn on monitoring and alerting on the Error Log, and optionally Event Monitoring
- Hand over with 30 days of hypercare and failure alerting
Example field mapping
How PayPal data lands on your Salesforce records. We tailor the full mapping to your org.
| PayPal | Salesforce | Notes |
|---|---|---|
| PayPal email | payment record.Email | Match key |
| PayPal name | payment record.Name | |
| PayPal company | payment record.Company | Required on Lead |
| PayPal record id | payment record.External_Id__c | Unique external id, upsert key |
| PayPal status | payment record.Status | Picklist value mapping |
| Created / updated at | LastModifiedDate | Enables delta sync and audit |
| Owner or rep | payment record.OwnerId | Assignment rules or a default owner |
Rate limits and governor limits
The platform constraints we design around, so the integration stays fast and never falls over at scale.
Specific to PayPal
Salesforce platform limits
Secure by design
How we keep the integration safe, least-privilege, and compliant.
Monitoring, retries, and reliability
What keeps the integration trustworthy in production, and how you know the moment something needs attention.
How we test, deploy, and hand it over
The quality gates every build clears before it touches your production org.
Common pitfalls we design out
The mistakes that quietly break integrations, and how we avoid each one.
Duplicate records on retry
Upsert on a unique external-id field so retried payloads are idempotent.
Hitting governor limits at volume
Bulkify and move work to Queueable or Batch Apex; never call out inside a loop.
Callouts failing when a token expires
Use Named Credentials so Salesforce refreshes the OAuth token automatically.
No visibility when it breaks
We log every call and surface failures on a dashboard with alerts, so an issue never goes unnoticed.
Reporting drifts from reality
External-id keys and a delta timestamp keep Salesforce and the source reconciled, so reports stay trustworthy.
Gotchas specific to PayPal
PayPal integration: technical FAQs
How do you authenticate PayPal with Salesforce?
We connect PayPal using secure named credentials and store every secret in Salesforce Named Credentials with a permission set, so nothing is hard-coded or shipped in metadata.
Does the PayPal integration handle bulk volume?
Yes. All Apex is bulkified, volume moves to Queueable or Batch Apex, and we respect the Salesforce governor limits (SOQL, DML, and callout caps per transaction).
How do you prevent duplicate records?
We upsert on a unique external-id field, so a retried or duplicate payload is idempotent and never creates a second payment record.
How is the integration tested and deployed?
Apex tests with HttpCalloutMock cover the success, failure, and a 200-record bulk case (75 percent plus coverage). We deploy via change sets or an SFDX and CI pipeline.
What happens if PayPal or Salesforce is briefly down?
Failed calls retry with backoff and land in an Error Log object with alerting, so nothing is lost and any event can be replayed.
Inbound, outbound, or both?
We build whichever direction you need: an Apex REST endpoint for inbound, record-triggered flows or Queueable callouts for outbound, or both for a two-way sync.
Want us to build your PayPal integration?
Skip the build. In a free 30-minute call we will map your PayPal flow and hand you a clear, fixed-price plan.
