View Issue Details

IDProjectCategoryView StatusLast Update
0007416module PayPal Checkoutmodule PayPal checkout - subpublic2023-02-24 14:55
ReporterKevin Soldner 
Status assignedResolutionopen 
Product Version2.2.3 / 1.2.3 
Target VersionFixed in Version 
Summary0007416: Rate limited by paypal-api after onboarding
DescriptionThe paypal checkout module includes an onboarding system, however, this onboarding does not work for us. After the onboarding, nothing happens and the following error is in the oxideshop.log:

[2023-02-13 11:30:51] OXID Logger.ERROR: POST returned: 429 Too Many Requests
Returned Message: Too many requests. Blocked due to rate limiting.

The following curl request could be used to simulate a similar request:
curl -v -X POST "" -H "User-Agent: GuzzleHttp/7" -H "Host:" -H "Authorization: Basic Og==" -H "Content-Type: application/x-www-form-urlencoded" -H "Accept: application/json" -d grant_type=client_credentials ["[object] (OxidSolutionCatalysts\\PayPalApi\\Exception\\ApiException(code: 429): POST returned: 429 Too Many Requests\nReturned Message: Too many requests. Blocked due to rate limiting.\nResponse: \n{\"name\":\"RATE_LIMIT_REACHED\",\"debug_id\":\"93b27bf93dcf6\",\"links\":[]}\n\nThe following curl request could be used to simulate a similar request:\n \ncurl -v -X POST \"\" -H \"User-Agent: GuzzleHttp/7\" -H \"Host:\" -H \"Authorization: Basic Og==\" -H \"Content-Type: application/x-www-form-urlencoded\" -H \"Accept: application/json\" -d grant_type=client_credentials at ...

We had the exact same issue with 2.2.2, updated to 2.2.3, but nothing changed. We've verified that the version was properly installed and 2.2.3 is displayed in the module management for the paypal module.
Steps To Reproduce1. Paypal -> Configuration
2. Set mode to "Sandbox"
3. Click the big blue button
4. Enter e-mail and password into the new window
5. Confirm
6. Window closes, but nothing happens. Reloading the Paypal -> Configuration window shows no change either, and the error above is in the oxideshop.log
Additional InformationThe version of the Paypal-Module used is 2.2.3, however, it was not selectable in the dropdown above.
The shop version is 6.5.1.
TagsNo tags attached.



2023-02-13 17:25

administrator   ~0015031

- es -


2023-02-13 17:50

developer   ~0015033

Hello Kevin

I'm unable to reproduce the behaviour on my local machine, can you please check the "source/tmp" folder if there a file exists, named "paypaltoken_<shopId>.txt" (f.e. "paypaltoken_1.txt")?

In v2.2.3 an issue has been fixed, which had the described symptoms. It was caused by requesting the paypal token too often in short succession, and fixed with a simple file cache.
So, if the paypaltoken file exists on your system, we might have another variation of the problem, which we need to investigate.
Otherwise I would suggest trying to install the module anew and give it another try.


Kevin Soldner

2023-02-14 10:14

reporter   ~0015038

Hello Lars,

there is no such file in the tmp folder. It's probably worth noting that our tmp is not located in source/tmp, we've set a different folder via the sCompileDir property in the config file, even tho I don't think that should affect the functionality, files like "oxeec_langcache_*" and all other relevant cache files are in the folder.

A reinstallation of the module hasn't changed anything, it still does not generate that file and does not work.


2023-02-14 16:42

developer   ~0015040

Hello Kevin

Thank you very much.
It is indeed no problem to move these folders, as long as permissions etc. are fine, which they are apparently. So no worries here.

I've redone my local setup and repeated the steps multiple times, still not able to reproduce it. However, just to be absolutely sure, I wanted to check another file.

line 277-282 should be:
    public function getTokenCacheFileName(): string
        $config = Registry::getConfig();
        $shopId = $config->getActiveShop()->getId();
        return $config->getConfigParam('sCompileDir') . 'paypaltoken_' . $shopId . '.txt';

If this is missing, the module isn't the right version. The code is triggered only after the last step in the paypal popup, a button labeled like "Return to John Doe's Test Store" (I made screenshots).
Only if this button appears and is clicked, the callback to the shop is made, during which the token file is generated (I incorrectly assumed that it would be created before the popup..)

Is the shop reachable from the internet, or is on a local environment (with a local URL)?
Do you connect a sandbox or a live system (and have you tried vice versa)?


Paypal-connect-shop.png (21,073 bytes)
Paypal-connect-shop.png (21,073 bytes)

Kevin Soldner

2023-02-14 17:22

reporter   ~0015041

Hi Lars,

the code snippet you posted above is indeed contained in the Config.php file - I checked directly on the server via nano. So I seem to have the correct version.

The shop is reachable from the internet, there also is no .htaccess file or similar protections in place - that was my first hunch, so I disabled all of them, but it didn't do anything.

Right now, we're only working with the sandbox mode. We don't have the paypal access data from our customer and we would prefer not to have them. The plan is that the customer is going to go through that process himself, especially because, sometimes, paypal asks for additional information that I might not be able to provide if I go through that process instead of the customer.

tokencachefilename.png (50,240 bytes)
tokencachefilename.png (50,240 bytes)


2023-02-14 18:31

developer   ~0015042

Hello Kevin

Thanks again. Unfortunately it seems, that the fix doesn't address the issue you're experiencing.
It's the proper module version, a real URL, and the Paypal sandbox, just what I'm using

Last thing I can currently think of, is to verify Client-ID and -Secret using Postman, see
(these should be in the var/shops/1.yaml)

I will inform the team and we'll probably have a discussion with somebody from Paypal about this problem.

I'm sorry that I couldn't help you to fix right away.. I'll post back here with news as I have them.


Kevin Soldner

2023-02-23 14:45

reporter   ~0015056

Hi Lars,

sorry for my late reply, I was busy last week and sick this week.

However, I checked the client-id and secret via postman as described in the article you linked and it seems to be fine. I get a json with scope, access_token, nonce etc, just as described in the article. So this seems to be working from what I can see.


2023-02-24 10:42

developer   ~0015057

Hello Kevin

Thanks for the confirmation.
We're still unable to reproduce the issue, having tried it on different machines and environments, and we have no other complaints from customers about this issue. We've discussed internally, our last suggestion would be to set up a fresh installation on a local machine, with only the PayPal Module installed and check, if it still happens. Preferrably use a laptop for the installation, as you then have the opportunity to try it from a different location/network.. best-guess now is, that it has something to do with the network setup, in which the problematic installation runs.


Kevin Soldner

2023-02-24 14:55

reporter   ~0015060

Hi Lars,

my apologies, but I was unclear on my initial post. The problems we have are on the update system at our hoster, on the exact same server the current production environment is running, so those are not locally somewhere. Locally on my dev environment, it does work. However, that doesn't help us as the customer has to be able to go through the onboarding himself. We're talking about 30+ subshops, and I can't do that for all of them locally on my dev environment and then upload the created credentials, that is just not feasible, ignoring the fact that we'd need their paypal credentials, which isn't that great either.

If it is related to the network, I don't have a clue where to start looking for the error as the "rate limit" error is rather generic and also doesn't imply that there is something wrong with the network itself. I'm more than willing discussing this with the hoster but I have no clue what to ask for.