Manual capture of an AUTHORIZE-intent payment; pspPaymentId is the order id. Each partial capture is its own charge under its own required key — a reused key replays the earlier capture via PayPal-Request-Id and moves no new money.
Tokenize-first completion: the client's confirm() resolves with the approved order id as clientToken; money moves here. CAPTURE-intent orders capture, AUTHORIZE-intent orders authorize (capture comes later via capturePayment).
Missed-webhook recovery over GET /v1/notifications/webhooks-events: the same payload shapes webhooks deliver, normalized by the same mapper, so dedupe by event.id — which real PayPal events always carry — works identically for delivered and fetched events. PayPal retains roughly 30 days.
Throws PayFanoutError (code "invalid_request") on unparseable payloads; maps genuinely unknown-but-valid event types to type "unknown" rather than throwing.
Refunds settle against the CAPTURE — order ids are resolved to it here.
Accepts the order id (active payment window) or the capture id (the durable canonical id — PaymentInfo.pspPaymentId after capture). Orders age out of GET a few days after completion, captures do not.
Polls an async refund (eCheck-funded ones sit PENDING) to a terminal state.
PATCH-amends a CREATED/APPROVED order in place (same order id, so the mounted PayPal button keeps working). COMPLETED orders reject with invalid_request. Currency changes require an explicit amount — the old minor amount is not silently reinterpreted in the new currency.
Side-effect-free credential probe behind a host's "Test connection" button. The client-credentials token mint IS the ideal probe: it reads nothing and moves no money, yet it exercises the exact clientId/clientSecret the adapter authenticates with. Always performs a real token fetch (never trusting a warm cache), and classifies from the RAW HTTP status so a rejected key (401/403) is never confused with a transient outage — the mint issues a single request, so an auth rejection is never retried. Secrets are never echoed back in the message.
Postback verification: PayPal itself confirms the delivery headers + exact raw bytes. Missing headers, a missing webhookId, or an empty body answer false locally without a network call; transport trouble fails closed (false), never open.
Voids the authorization of an AUTHORIZE-intent payment. CAPTURE-intent orders cannot be cancelled via the API — they expire on their own, so cancelling one is rejected rather than faked.