You don't need your password to integrate paypal into your scripts. All you need is your email address that you registered your paypal account with for the shopping script. The parameters being passed to paypal are just typical shopping bag variables such as item_name_[X], quantity_[X],
item_number_[X], amount_[x], on0_[x], invoice, shipping, cmd..etc. Nothing magical here any working ecommerce shopping cart will have these parameters stored and ready for accessed.

As for IPN, the only thing you need to log in to paypal is to enable IPN, and set the URL for the IPN to be sent to. Again the developer doesn't need your password for this. All he needs is to tell you the URL and you go enter it yourself.

I wrote my entire shopping cart and transactions system from scratch, so I know it as a fact that you don't need paypal's password for integration. So my advice is don't give your password to him.

[edited by: Raymond at 3:18 pm (utc) on Sep. 7, 2006]

The only reason I could see is that he wants to do some test transactions and verify in PayPal.com that they went through.

Even if this is the case, do NOT give him your password! You can setup a "sub-user" with limited access and let him use that. Find out specifically what fundtions he thinks he needs. (Then YOU decide which functionality to give him- definitely do NOT give him access to withdrawing money!). When he's done with the testing, immediately delete the sub-account.

[edited by: LifeinAsia at 3:35 pm (utc) on Sep. 7, 2006]

Or set up a sandbox.paypal.com account for him. Then there's no money moving at all.