[ad_1]
Hi all,
A WordPress developer I’m working with is asking me to send him my PayPal API username, password and signature. He says this is needed to setup PayPal processing on my website.
Is it common practice to share this information? And is it safe to do so?
Sorry I’m new to all of this.
[ad_2]
You do often need that stuff for Woo commerce PayPal Gateway – I guess it’s how much you trust your developer. Just make sure you send it over something that is encrypted or a vanishing message.
they’re required to connect your paypal with woo commerce. But you can do it by your self. Just take the credentials from your dev, watch a 2 min YT video, and you’ll be easily able to do that by yourself. No need to give your secret credentials to anyone. I usually don’t ask for such credentials. Instead, I encourage the clients to do these thing by themselves
Use a Paypal account that is not connected to your bank account or credit cards. Basically, not a personal account. If it’s not connected to anything, then he can’t withdraw money from it.
There is often a field in the CMS where you can add this (assuming WooCommerce) this means you don’t need to send the password. Which will probably be saved in the data base.
You could encrypt the password in a file before sending, you could send over an end to end encrypted channel like teams. You could also send the password to that file over a separate E2E encrypted channel.
It’s probable the dev could get the key anyway, assuming they have access to the database.
https://snicco.io/blog/introducing-fortress-vaults-and-pillars
You can give him those credentials, and change them when his work is over. That’s what I recommend my clients do.