20

up the pay-pal advance in magento . I have fill all the credentials in magento admin . BUt when i go to frontend and click pay-pal button it gives

PayPal gateway has rejected request. Security header is not valid (#10002: Security error

i have googled a lot and found some suggestions like

Remove API Username, API Password and API Signature from Admin->configuration->Paypal->API/Integration Settings. clear cache and test again

i have tried all these but it still gives the same error.

Please suggest me what can be the issue

Rohit Goel
  • 3,396
  • 8
  • 56
  • 107
  • It means you have entered wrong API details in magento backend – Kingshuk Deb Apr 24 '14 at 06:53
  • I don't know if it's still actual and how magento works, but I had the same problem. I tested it in sandbox, but on the endpoint I forgot to add the sandbox word: `https://api-3t.sandbox.paypal.com/nvp` – matthew3r Jun 04 '14 at 10:34
  • Do you use CloudFlare?? – redCodeAlert Jun 29 '15 at 17:44
  • https://www.rakeshjesadiya.com/paypal-gateway-has-rejected-security-header-is-not-valid-10002-security-error-php-magento-2/ check the link for more details – Rakesh Jesadiya Nov 22 '19 at 06:22
  • This can also occur when you make use of a different crypt or mcrypt or openssl solution in magento PHP (like when using openmage lts) – snh_nl Sep 16 '20 at 13:17

6 Answers6

47

The Security header is not valid error is only caused for two reasons:

  1. Wrong credentials Make sure that you've put your API Username, API Password and API Signature correctly. Sometimes it happens that during copy and paste there is accidently a space added, this would trigger this error. Doublecheck this settings in the SDK or in the admin panel of your third party shopping cart.

  2. Wrong Endpoint This error would come up if you send the data to the wrong endpoint. Make sure that you sending the live credentials and data to our live endpoint. When you want to test your store make sure that you use our test endpoint and the credentials from your sandbox test account. If you are using a third party shopping cart, make sure that your store is running in test or live mode, regarding which credentials you are using.

You can check for your credentials here too:

FOR LIVE

https://api-3t.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD

FOR SANDBOX

https://api-3t.sandbox.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD

Just Substitute the user, pwd and signature and enter in your browser. You should get ACK = SUCCESS if you have input your credentials correctly.

You can also get your credentials here : https://www.paypal.com/cgi-bin/webscr?cmd=_get-api-signature&generic-flow=true

Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Vimalnath
  • 6,373
  • 2
  • 26
  • 47
  • 3
    I am getting this after running the suggested url in browser.How to fix ? TIMESTAMP=2014%2d05%2d18T09%3a26%3a17Z&CORRELATIONID=15dc1166a0cf0&ACK=Failure&VERSION=70%2e0&BUILD=11024577&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Restricted%20account&L_LONGMESSAGE0=Account%20is%20restricted&L_SEVERITYCO – Mukesh May 18 '14 at 09:28
  • 1
    that's because your account is restricted for some reason. – Vimalnath May 18 '14 at 11:13
  • How can I remove the restriction? – Mukesh May 19 '14 at 05:09
  • contact PayPal customer support – Vimalnath May 19 '14 at 06:43
  • That link for verifying the production credentials was helpful. It's saying that my Sandbox credentials are invalid, but I'm guessing that there is a different URL for verifying Sandbox credentials. – Ryan Jul 26 '14 at 00:51
  • yes, the endpoint for LIVE and Sandbox are not the same. Sandbox endpoint updated in the answer – Vimalnath Jul 26 '14 at 15:47
  • Thank you for providing links for testing the credentials, helped me realise there's no OAuth-like header signing going on and I can just verify the set that I got easily. – ᴍᴇʜᴏᴠ Jun 17 '17 at 12:46
  • 1
    Seems like api-t3.sandbox.paypal.com isn't working? Getting a server error when trying to load the page. Not sure if this is temporary or if this feature has been removed. – Witt Oct 03 '17 at 16:53
  • The curl request shown [here](https://developer.paypal.com/docs/classic/lifecycle/sb_calls/) does seem to work. – Witt Oct 03 '17 at 17:03
5

This error simply means your credentials are wrong. Please check with the credentials. If you are using sandbox then you are supposed to provide facilitator related credentials.

demo
  • 51
  • 1
  • 1
  • I had a trailing space on the API signature. It worked fine for 4 years until today and started failing with the error "Security Header is not valid". Removing the trailing space fixed it. – Lucas Oct 28 '16 at 14:53
2

Dont let the others fool you, they just type in stuff here they googled on the internet.

Look for the number you get here: https://developer.paypal.com/docs/classic/api/errors/

Because the information provided by these code is a delicate matter, they display this error message instead of you account is locked, account restricted, limit exceeded and so on.

Thats what they told me, at least.

We also get this code from time to time, after hundreds of paypal transactions, so wrong paypal credentials from the side of the shop owner is quite unlikely, isnt it? ;)

Markus
  • 29
  • 1
1

If you are using PayPal Payments Advanced with Magento, you should be using your PayPal Manager credentials, and not your API Credentials.
This could be the reason you are getting Security Banner Header not valid 10002.
Here is the integration steps from Magento:
PayPal Advanced Integration with Magento

You need to setup Layout C in PayPal Manager PayPal Manager Login.
Make certain that you include your error URL, cancel URL, and Return URL. Magento is very good about telling you what URL you should be using.

After you have setup Layout C in PayPal Manager you need to use your Manager Credentials in Magento.
Just in case you need it, here is the information on setting up your Hosted Checkout Pages in PayPal Manager:
PayPal Hosted Checkout Pages

Here is the information on where to find your PayPal Manager credentials:

  • Partner: Your PayPal Partner ID. Most direct Merchants have PayPal as the Partner
  • Vendor: Your PayPal user login name. Also known as Merchant Login
  • User: The ID of an additional user set up on your PayPal account. Same as Merchant login if you have not setup a separate user id in PayPal Manager.

Use your API Signature Credentials from your PayPal account for the Express Checkout setup.

pp_MSI_Jenn
  • 1,589
  • 1
  • 11
  • 15
0

In my case everything seemed fine at Magento level. I asked client questions about PayPal, at which point they tried to login to the paypal.com site and were unable to (authentication failed). Account had been locked. Client was able to resolve with PayPal tech support directly, no Magento issue after all.

Gavin G
  • 856
  • 6
  • 6
0

I got the same problem and found the problem is

  • I type the API signature character by charter, the character "I" is similar to "l"
  • As there are multiple "I" in the signature, I have to tested one by one via the link mentioned by Vimalnath.
  • Then damn it, it works.

Therefore, copy is a better way while being careful about the spaces at the front or end.

Yundong Cai
  • 79
  • 1
  • 2