paypal API refund

Question 1

Here is the best working example to Refund with NVP

class PayPalRefund
{
private $API_Username, $API_Password, $Signature, $API_Endpoint, $version;
function __construct($intializeData)
{

    if($intializeData['mode'] == "live")
    {
        $this->API_Endpoint = "https://api-3t.paypal.com/nvp";
    }else{
       $this->API_Endpoint = "https://api-3t.sandbox.paypal.com/nvp";
    }
    $this->API_Username = $intializeData['username'];
    $this->API_Password = $intializeData['password'];
    $this->Signature = $intializeData['signature'];
    $this->version = "51.0";
}

/**
 * This function actually Sends the CURL Request for Refund
 * @param string - $requestString
 * @return array - returns the response
 */
function sendRefundRequest($requestString)
{
    $this->API_UserName  = urlencode($this->API_Username);
    $this->API_Password  = urlencode($this->API_Password);
    $this->API_Signature = urlencode($this->Signature);

    $this->version = urlencode($this->version);

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $this->API_Endpoint);
    curl_setopt($ch, CURLOPT_VERBOSE, 1);

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);

    // Set the API operation, version, and API signature in the request.
    $reqStr = "METHOD=RefundTransaction&VERSION={$this->version}&PWD={$this->API_Password}&USER={$this->API_UserName}&SIGNATURE={$this->API_Signature}$requestString";

    // Set the request as a POST FIELD for curl.
    curl_setopt($ch, CURLOPT_POSTFIELDS, $reqStr);

    // Get response from the server.
    $curlResponse = curl_exec($ch);

    if(!$curlResponse)
        return array("ERROR_MESSAGE"=>"RefundTransaction failed".curl_error($ch)."(".curl_errno($ch).")");

    // Extract the response details.
    $httpResponseAr = explode("&", $curlResponse);

    $aryResponse = array();
    foreach ($httpResponseAr as $i => $value)
    {
        $tmpAr = explode("=", $value);
        if(sizeof($tmpAr) > 1)
        {
            $aryResponse[$tmpAr[0]] = urldecode($tmpAr[1]);
        }
    }

    if((0 == sizeof($aryResponse)) || !array_key_exists('ACK', $aryResponse))
        return array("ERROR_MESSAGE"=>"Invalid HTTP Response for POST request ($reqStr) to {$this->API_Endpoint}");

    return $aryResponse;
}

/**
 * @param array $aryData
 * @return array
 */
function refundAmount($aryData)
{
    if(trim(@$aryData['currencyCode'])=="")
        return array("ERROR_MESSAGE"=>"Currency Code is Missing");
    if(trim(@$aryData['refundType'])=="")
        return array("ERROR_MESSAGE"=>"Refund Type is Missing");
    if(trim(@$aryData['transactionID'])=="")
        return array("ERROR_MESSAGE"=>"Transaction ID is Missing");

    $requestString = "&TRANSACTIONID={$aryData['transactionID']}&REFUNDTYPE={$aryData['refundType']}&CURRENCYCODE={$aryData['currencyCode']}";

    if(trim(@$aryData['invoiceID'])!="")
        $requestString = "&INVOICEID={$aryData['invoiceID']}";

    if(isset($aryData['memo']))
        $requestString .= "&NOTE={$aryData['memo']}";

    if(strcasecmp($aryData['refundType'], 'Partial') == 0)
    {
        if(!isset($aryData['amount']))
        {
            return array("ERROR_MESSAGE"=>"For Partial Refund - It is essential to mention Amount");
        }
        else
        {
            $requestString = $requestString."&AMT={$aryData['amount']}";
        }

        if(!isset($aryData['memo']))
        {
            return array("ERROR_MESSAGE"=>"For Partial Refund - It is essential to enter text for Memo");
        }
    }

    $resCurl = $this->sendRefundRequest($requestString);
    return $resCurl;
}

}

Once Class is ready, you can call functions in your Business logic

        require_once('PaypalRefund.php');
        /* Refund Type ('Partial', 'Full')*/
        $intializeData = array('email'=>$this->credentials->email,
                              'username'=>$this->credentials->username,
                              'password'=>$this->credentials->password,
                              'signature'=>$this->credentials->signature,
                              'mode'=>'sandbox',  //'live'
                              );
        $aryData['transactionID'] = $data['transaction_id'];
        $aryData['refundType'] = "Full"; //Partial or Full
        $aryData['currencyCode'] = $data['currency_code'];
        $aryData['amount'] = $data['amount'];   //$data['amount'];
        $aryData['memo'] = $data['notes'];


        // Paypal Refund API Call
        $ref = new PaypalRefund($intializeData);
        $aryRes = $ref->refundAmount($aryData);
        echo "<pre>"; print_r($aryRes);echo "</pre>";die;

You will get Response upfront as well as on IPN URL (if set).

Thanks

Question 2

If this was meant to be a Live refund, please make sure you are using the correct API endpoint.

If this was instead a refund transaction to the Sandbox Test environment, please make sure that the credentials in use are from your Test Seller Account Sandbox.

Question 3

When someone grants you third-party API permissions, they grant you permission to make API calls on their behalf.
And since you're calling the RefundTransaction API on behalf of someone, you'll need to specify the SUBJECT parameter and populate it with the PayPal email address of that person's account.

I.e.

params =  {
    'USER':'name of my api',
    'PWD': 'pass word of my api',
    'SIGNATURE':'my signature'
    'SUBJECT':'email of PP account who granted you 3rd party permissions'
     }

Because you're not specifying this right now, you're basically trying to refund a transactionID that doesn't belong to your own PayPal account. So it rightly denies you from doing so.