Paypal-checkout-components: payment endpoint: http 200 {"ack":"permission_denied","message":"Insufficient privileges"}

Thanks for the report! Do you see the api retry successfully, or does this block the transaction entirely?

On the first click/launch attempt, the call to the execute API returns a 200 with the 'permission denied' response and will not retry on it's own so the first transaction fails entirely.

Upon re-clicking/launching the paypal component, you can see the first call out to the execute endpoint returns with a 401 (with a similar body as the previous call), and then the script appears to retry with another call that succeeds. The second and third attached images should show that behavior.

The same issue in production environment. Many customers who use Guest checkout meet this error. Here is a code example based on yours https://developer.paypal.com/demo/checkout/#/pattern/client:

<!DOCTYPE html>

<head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <script src="https://www.paypalobjects.com/api/checkout.js"></script>
</head>

<body>
    <div id="paypal-button-container"></div>

    <script>
        paypal.Button.render({

            env: 'production', // sandbox | production

            // PayPal Client IDs - replace with your own
            // Create a PayPal app: https://developer.paypal.com/developer/applications/create
            client: {
                sandbox:    'AZDxjDScFpQtjWTOUtWKbyN_bDt4OgqaF4eYXlewfBP4-8aqX3PiV8e1GWU6liB2CUXlkA59kJXE7M6R',
                production: 'AVrYNSEWkHloe1DES1CU_U6gPbu_8XMTYev2g8iPeITNDavdHGwJ7xtO49hB5VCufXpG7Q70ovcBvoLr'
            },

            // Show the buyer a 'Pay Now' button in the checkout flow
            commit: false,
            locale:"en_US",
            style: {
                color:"gold",
                fundingicons:false,
                label:"checkout",
                shape:"rect",
                size:"responsive"
            },

            // payment() is called when the button is clicked
            payment: function(data, actions) {

                // Make a call to the REST api to create the payment
                return actions.payment.create({
                    payment: {
                        transactions: [
                            {
                                amount: { total: '0.01', currency: 'USD' }
                            }
                        ]
                    }
                });
            },

            // onAuthorize() is called when the buyer approves the payment
            onAuthorize: function(data, actions) {

                // Make a call to the REST api to execute the payment
                return actions.payment.execute().then(function() {
                    window.alert('Payment Complete!');
                });
            }

        }, '#paypal-button-container');

    </script>
</body>

If customer is logged in in Paypal it works correctly.

Can you please confirm if you still see this issue?

For me it works well now. Did you fix something?

Yep, we made a fix. Thanks for confirming on your side!

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.