Paypal api – PayPal Checkout Smart Payment Button use Custom Payee

if the custom payee email is invalid still the payment completes and the fund goes to the account of the API credentials owner

What do you mean by ‘invalid’? Please be specific about your meaning.

If the email is not associated with an existing PayPal account, the payment will be in a pending state. The owner has 30 days to create a PayPal account using that email (or add it to an already existing PayPal account) and accept the pending payment. If they do not do so within 30 days, the payment will be automatically refunded. In this scenario, it is not the case that “the fund goes to the account of the API credentials owner”. That is not happening.

Now, if you are trying to pass a payee object at payment setup time with a blank / empty string email_address, then it will just be ignored, and the payment will go to the API credentials owner as per normal payment processing w/o a custom payee.

So, you need to do your own validation to ensure the payee field is non-blank. You could simply check that it is a non-empty string.

Or, do one better, and actually check that it is an email address in a valid format:

function isEmail(y) {
    var re = /^(([^<>()[]\.,;:s@"]+(.[^<>()[]\.,;:s@"]+)*)|(".+"))@(([[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}])|(([a-zA-Z-0-9]+.)+[a-zA-Z]{2,}))$/;
    return re.test(String(y).toLowerCase());
}

If it is not valid, you should not allow the order creation to proceed using that non-valid custom payee, since it will obviously not create the transaction you wish. Instead, you should display an error that the checkout is not set up properly for this user/recipient/payee.