Where can I find PayPal TLS server certificates?
We have TLS server certificates for live and sandbox (test) environments. Review our security guidelines and best practices page of our Developer site.
TLS certificates currently valid for Live PayPal servers:
| Endpoint | TLS Certificate | Expiration Date |
|---|---|---|
| api.paypal.com api-3t.paypal.com api-aa.paypal.com api-aa-3t.paypal.com payflowpro.paypal.com pilot-payflowpro.paypal.com pointofsale.paypal.com svcs.paypal.com | api.paypal.com.pem | May 20, 2025 |
TLS certificates currently valid for Sandbox servers:
| Endpoint | TLS Certificate | Expiration Date |
|---|---|---|
| api.sandbox.paypal.com api-3t.sandbox.paypal.com api-aa.sandbox.paypal.com api-aa-3t.sandbox.paypal.com pointofsale.sandbox.paypal.com svcs.sandbox.paypal.com | api.sandbox.paypal.com.pem | January 30, 2025 |
IMPORTANT: To align with security standards, we make periodic updates to our root TLS provider for API traffic. For some integrations, this requires updating certificates that are pinned to PayPal-owned domains or updating certificate authorities (CA) and intermediaries associated with PayPal-owned domains.
We do not recommend you follow this practice as we are unable to proactively contact you regarding upcoming changes that could impact your processing.
If you still feel it is necessary for your integration, you should know that these certificates are subject to change, and the best way to be apprised of upcoming changes is to subscribe to email notifications via PayPal Status.