What is the correct sequence of the following operations for obtaining permission to execute a payment call on behalf of a merchant?
1. Merchant approves access to APIs on their behalf
2. Make the RequestPermissions API method call.
3. Redirect the merchant to PayPal with request_token
4. Make the GetAccessToken API method call.