PayPal

v0.1.0OAuth2

Global payments + payouts giant. Owns Braintree (separate package). Orders v2 + Payments + Payouts + Subscriptions + Disputes + Webhooks. OAuth2 client_credentials. Sandbox/live toggle.

19 tools3 env vars🌐 GLOBALstable on npm

Install

terminal

$ npm install @codespar/mcp-paypal

Quickstart

Add this entry to your claude_desktop_config.json (or any MCP-compatible client config).

claude_desktop_config.json

{
  "mcpServers": {
    "paypal": {
      "command": "npx",
      "args": [
        "-y",
        "@codespar/mcp-paypal"
      ],
      "env": {
        "PAYPAL_CLIENT_ID": "<your_paypal_client_id>",
        "PAYPAL_CLIENT_SECRET": "<your_paypal_client_secret>"
      }
    }
  }
}

After restart, your agent can call any of the 19 tools below — try create_order first.

Environment variables · 3

Required to authenticate the server. Stored encrypted when using CodeSpar managed hosting.

PAYPAL_CLIENT_ID

required

PayPal REST app client id (from developer.paypal.com Apps & Credentials).

PAYPAL_CLIENT_SECRET

requiredsecret

PayPal REST app client secret (OAuth2 client_credentials password).

PAYPAL_ENV

optional

PayPal environment. 'sandbox' (default, https://api-m.sandbox.paypal.com) or 'live' (https://api-m.paypal.com).

Available tools · 19

Each tool is independent — your agent loads only what it needs to reduce context and response time.

WRITEcreate_order

Create a PayPal Order via POST /v2/checkout/orders. Pass intent ('CAPTURE' or 'AUTHORIZE') and purchase_units (each with an amount object). Returns the order with id, status, and HATEOAS links (including the approve URL for the buyer).

READget_order

Fetch a PayPal Order by id via GET /v2/checkout/orders/{id}. Returns the full order including status, purchase_units, and payments collection.

WRITEcapture_order

Capture payment for an approved order via POST /v2/checkout/orders/{id}/capture. Use after the buyer approves an order with intent=CAPTURE. Returns the captured payment details.

WRITEauthorize_order

Authorize payment for an approved order via POST /v2/checkout/orders/{id}/authorize. Use after the buyer approves an order with intent=AUTHORIZE. Returns the created authorization (capture later with capture_authorization).

WRITEcapture_authorization

Capture a previously authorized payment via POST /v2/payments/authorizations/{id}/capture. Pass an amount object for partial captures, or omit to capture the full authorized amount. Set final_capture=true on the last partial capture.

DELETErefund_capture

Refund a captured payment via POST /v2/payments/captures/{id}/refund. Pass an amount object for partial refunds, or omit for a full refund. Idempotent via PayPal-Request-Id.

DELETEvoid_authorization

Void (release) an unsettled authorization via POST /v2/payments/authorizations/{id}/void. Use when funds were authorized but will not be captured. Returns 204 No Content on success.

WRITEget_payment_details

Fetch a payment object by id via GET /v2/payments/{type}/{id}. type is one of 'authorizations', 'captures', or 'refunds'. Returns the full payment object with status and links.

Compatible frameworks

MCP is a protocol — any framework that speaks it can mount this server.

Claude Agent SDKAnthropic

OpenAI AgentsOpenAI

Vercel AI SDKVercel

LangChainLangChain

LlamaIndexLlamaIndex

CrewAICrewAI

MastraMastra

Any MCP clientProtocol

Frequently asked questions

All credentials are encrypted at rest in an isolated vault scoped per organization. OAuth2 tokens are automatically refreshed before expiry. Your agent code never sees raw secrets — it receives scoped, short-lived session tokens.