All of the PayPal Payment Modules are currently missing support for using 3rd party API access credentials.
Merchants can choose to configure their PayPal account to allow a third party to make API requests to PayPal on their behalf using their own API credentials, thus protecting their account from potentially unwanted API access. By setting "Subject" to the primary account e-mail address of the merchant for which requests are being made on behalf of, merchants do not need to expose full access to the PayPal API to third party implementers.
Currently, the included PayPal payment modules only support "1st party access" in that they only use the Username, Password, and Signature to authorize transactions.
This is a very simple update which would require adding an extra field to configuration page of each PayPal module and a corresponding Setting in the database to store it. Then simply pass the setting value to the "Subject" property of the "UserIdPasswordType" object created with the API request (the same object which defines the API Signature/Username/Password) and 3rd party API access will be supported.