My first example--called "10" like BASIC lines were numbered--has all of the setup details.
Example 4 has variable pricing.
Now the goal is to get server-side control. That is, to verify a purchase from my server directly to PayPal. Otherwise put, one should never believe anything that comes from the browser / client. At least, not in this context.
When you look at the JavaScript (control-U / view source) of the previous examples (and probably this one eventually), under "onApprove" is the .then(function(details... "Details" is apt in that a lot of detail comes back, but all I need is to send details.id to the server for validation.
To use the server REST API, you'll need the client id and "secret." The client id is public and, in this case, visible in the JavaScript. The secret is in the aforementioned (see example 1) dashboard / app entry. The secret is just below the corresponding client id.
Make the first "Get an Access Token" call. That results in JSON that includes "access_token":"A21AAL... [80 characters, I think]"
Then, using the details.id, make a call like the following, based on the orders doc. "8DC73665752701203" is the order id from details.id in the JavaScript.
curl -v -X GET "https://api-m.sandbox.paypal.com/v2/checkout/orders/8DC73665752701203" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer A21AAL"
That gives you JSON that will confirm (or deny) the order's completion, amount, shipping address, etc.
I'm removing the PayPal button / JavaScript for now because it doesn't add anything to the previous example. I'll put it back when I write the server code to do something.