Compliance Notice: By June 30, 2018, any system that connects to PayPal via HTTPS must support TLS 1.2 or higher. To avoid any disruption of services, ensure your systems are ready.

You must have a PayPal Business Account.
For live transactions, you must enable SSL / https for your domain. 
If you use PayPal – use currencies supported by PayPal

The settings for PayPal can be found in Theme Options -> Membership ->  PayPal Settings.

Create the PayPal processor page

The page itself is not a link that should be accessed directly. The API will use it to communicate with the theme and the merchant. You will see a generic message when opening the URL in the browser. It’s correct and there is no issue with the page.
Have only 1 page with this template!

Choose if you wish to test Sandbox or LIVE

How to take your Sandbox or LIVE credentials

1.Login at https://developer.paypal.com to create the API

2. Go to Dashboard Menu

 

3. Optional: How to create a sandbox account

If you wish to test with sandbox mode (all transactions are purely fictional) you must create your own business sandbox account from Sandbox – Accounts and select it when you add a new app.

 

4. Go to My APPS to create the new app:

Type the APP name and select the sandbox email (will be useful if you wish to test sandbox mode before doing live transactions)

 

5. Copy the Client ID and Secret id.

Be careful when copy SANDBOX or LIVE. You must set the theme options to match Sandbox or Live too. See STEP3.

Add the PayPal Processor URL in your PayPal account for recurring payments (with membership mode enabled)

For sandbox tests, you must go to https://www.sandbox.paypal.com/, login with the sandbox account you created above

For live tests, go to https://www.paypal.com

PayPal common errors:

error:14077410:SSL%20routines:SSL23_GET_SERVER_HELLO:sslv3%20alert%20handshake%20failure

Please see this url with a similar issue http://stackoverflow.com/questions/34926940/php-paypal-error-14077410ssl-routinesssl23-get-server-hellosslv3-alert-hands

And the solution:

Support SHA-256. PayPal is upgrading SSL certificates on all Live and Sandbox endpoints from SHA-1 to the stronger and more robust SHA-256 algorithm. You will need to update your integration to support certificates using SHA-256.

Discontinue use of the VeriSign G2 Root Certificate. In accordance with industry standards, PayPal will no longer honor secure connections that require the VeriSign G2 Root Certificate for trust validation. Only secure connection requests that are expecting our certificate/trust chain to be signed by the G5 Root Certificate will result in successful secure connections.

This document has the details to fwd to hosting:

https://www.paypal-knowledge.com/resources/sites/PAYPAL/content/live/FAQ/1000/FAQ1766/en_US/2015%20Merchant%20Security%20System%20Upgrade%20Guide%20%28U.S.%20English%29.pdf