I'm a little confused about the Paypal API and the order in which it works and the relationship between REST and NVP.
My requirement is to access a customers Paypal account, look up sales and perform refunds for them. I don't want them to have to log in everytime but i don't want them to have to log into their own Paypal account and fiddle with the complicated API credential section to grant my application rights - This is too complex for the average user.
What i do want to do is to forward them to a Paypal page that they sign into, which grants me access to their paypal account indefinately with a security token.
I've implemented the Identity routines (https://developer.paypal.com/docs/api/identity/) which allow me get a renewable refresh_token and access_token, however i've realised that this only grants me access to basic profile information (I think?!) as calls to /refund fail with an invalid scope.
What i don't understand, is why Paypal's REST Api has documentation for Sale/Refund via /v1/payments/sale/sale_id/refund but when i try to use it with the access_token from the identity routines, it tells me i don't have the correct scope. It seems like the user has to authorise this every time via a redirection to Paypal?!
I've also found the 'classic' Permissions API which appears to let me do what i want to do (https://developer.paypal.com/docs/classic/permissions-service/integration-guide/PermissionsAbout/) however it seems to use the classic NVP methods of Paypal. I was hoping to use REST and keep it all modern.
The permission section does mention a method called 'GetAccessToken' (https://developer.paypal.com/docs/classic/api/permissions/GetAccessToken_API_Operation/) which appears to return an access token - Can this access token then use used in the REST API where it requires an Access_token (Authorization: Bearer Access-Token')
Do i use the NVP Permission (https://svcs.paypal.com/Permissions/RequestPermissions) to grant myself access via logon, then use the GetAccessToken in classic Paypal to get myself a token for the REST Apis?!
Would someone kindly give me an overview to acheieve this? Grant my application permissions then perform a refund on a sale (preferably using REST Api).
Thanks!