How to Migrate from PayPal REST API Calls to the Official Server SDK in Next.js

3 min read

Learn why and how I migrated from manual PayPal REST API calls to the official Server SDK in a Next.js + TypeScript project, gaining type safety and more stable payments.

Motivations
Migration to PayPal Server SDK
Previous Approach (PayPal REST API)
New Approach (PayPal Server SDK)
Results
Limitation
Conclusion
References

Motivations

I had a PayPal integration running smoothly for over a year (using REST API). A month ago, customers suddenly reported payment failures. Logs showed that calls to PayPal REST endpoints were being blocked by Cloudflare. I didn’t have a clear root cause yet, so instead of debugging at the edge, I tried the newly stable @paypal/paypal-server-sdk to simplify my stack and reduce moving parts.

Stack context: Next.js + TanStack Query + tRPC + Drizzle ORM.

Migration to PayPal Server SDK

Switching was surprisingly straightforward:

Initialize client with existing PayPal Client ID and Secret.
Use the Order Controller from the SDK.
Replace my manual axios calls with:
- createOrder
- captureOrder

Previous Approach (PayPal REST API)

Custom axios instance
Interceptor requested an OAuth access token and attached it to each request
Manual DTO handling and error logging

1
import type { AxiosError } from 'axios'
2
import {
3
  type CreateOrderRequestBody,
4
  type OrderResponseBody,
5
} from '@paypal/paypal-js'
6
import axios from 'axios'
7
import { z } from 'zod'
8

9
import { env } from '~/env'
10

11
export const paypalClient = axios.create({
12
  baseURL: env.PAYPAL_API_BASE_URL,
13
  headers: {
14
    'Content-Type': 'application/json',
15
  },
16
})
17

18
paypalClient.interceptors.request.use(
19
  async function (config) {
20
    switch (config.url) {
21
      case '/v1/oauth2/token':
22
        return config
23

24
      default:
25
        const accessToken = await generateAccessToken()
26
        config.headers.setAuthorization(`Bearer ${accessToken}`)
27
        return config
28
    }
29
  },
30
  function (error) {
31
    return Promise.reject(error)
32
  }
33
)
34

35
paypalClient.interceptors.response.use(
36
  function (response) {
37
    return response
38
  },
39
  function (error) {
40
    console.log(error)
41
    return Promise.reject(error)
42
  }
43
)
44

45
async function generateAccessToken() {
46
  const { data } = await paypalClient.post<{ access_token: string }>(
47
    '/v1/oauth2/token',
48
    'grant_type=client_credentials',
49
    {
50
      auth: {
51
        username: env.NEXT_PUBLIC_PAYPAL_CLIENT_ID,
52
        password: env.PAYPAL_CLIENT_SECRET,
53
      },
54
      headers: {
55
        'Content-Type': 'application/x-www-form-urlencoded',
56
      },
57
    }
58
  )
59

60
  return data.access_token
61
}
62

63
export async function createOrder(data: CreateOrderRequestBody) {
64
  const res = await paypalClient.post<OrderResponseBody>(
65
    '/v2/checkout/orders',
66
    data
67
  )
68
  return res.data
69
}
70

71
export async function capturePayment(orderID: string) {
72
  const res = await paypalClient.post<OrderResponseBody>(
73
    `/v2/checkout/orders/${orderID}/capture`
74
  )
75
  return res.data
76
}

New Approach (PayPal Server SDK)

Official SDK client manages auth and DTOs
OrdersController exposes type-safe methods
Cleaner tRPC routes and less boilerplate

1
import {
2
  Client,
3
  Environment,
4
  LogLevel,
5
  OrdersController,
6
} from '@paypal/paypal-server-sdk'
7

8
import { env } from '~/env'
9

10
const client = new Client({
11
  clientCredentialsAuthCredentials: {
12
    oAuthClientId: env.NEXT_PUBLIC_PAYPAL_CLIENT_ID,
13
    oAuthClientSecret: env.PAYPAL_CLIENT_SECRET,
14
  },
15
  timeout: 0,
16
  environment:
17
    env.NODE_ENV === 'production'
18
      ? Environment.Production
19
      : Environment.Sandbox,
20
  logging: {
21
    logLevel: LogLevel.Info,
22
    logRequest: {
23
      logBody: true,
24
    },
25
    logResponse: {
26
      logHeaders: true,
27
    },
28
  },
29
})
30

31
export const orderController = new OrdersController(client)
32

33
// In a tRPC create order route:
34
const res = await orderController.createOrder({ body })
35

36
// In a tRPC capture order route:
37
const res = await orderController.captureOrder({
38
  id: input.paypalOrderID,
39
})

Results

Payments stable again, no Cloudflare blocks observed so far.
Type-safe methods and clearer error handling.
Less boilerplate for authentication and request building.

Under the hood, the SDK still talks to the same REST API endpoints, but now it also handles DTO parsing, type safety, and error formatting.

Limitation

The PayPal Server SDK provides integration access to the PayPal REST APIs. The API endpoints are divided into distinct controllers:

Orders Controller: Orders API v2
Payments Controller: Payments API v2
Vault Controller: Payment Method Tokens API v3 Available in the US only.

For me, this means my main payment flows (creating and capturing orders) are fully supported, which is enough for most of my day-to-day needs. But if I ever need other PayPal features outside these controllers, I’ll still fall back to my old REST API approach, which I already have working.

Conclusion

Since my workflow is mostly about creating and capturing orders, the PayPal Server SDK fits perfectly. It cuts down boilerplate, adds type safety, and handles the low-level REST details for me. For anything else, I can just keep using my existing REST integration. This way, I get the best of both worlds — cleaner code for my main payment logic, and flexibility for the rest.

zy1p's blog