25

I'm implementing Express Checkout in PayPal.

I have no problem with the first two steps, SetExpressCheckout and GetExpressCheckout. But when I use DoExpressCheckout, I encounter the error "Security header is not valid".

The API credentials are the same!

I've fixed it by changing the $environment to live in DoExpressCheckout. (The difference $environment makes is that it'll use https://api.sandbox.paypal.com/nvp/ instead of https://api-3t.$environment.paypal.com/nvp)

But why?

Is there something wrong with https://api-3t.$environment.paypal.com/nvp?

Jeremy Visser
  • 6,237
  • 1
  • 25
  • 30
Paypal
  • 361
  • 1
  • 5
  • 10

3 Answers3

35

https://api-3t.sandbox.paypal.com/nvp requires different user-accounts than what https://api-3t.paypal.com/nvp requires.

The sandbox accounts can be activated at developer.paypal.com

ᴍᴀᴛᴛ ʙᴀᴋᴇʀ
  • 2,754
  • 1
  • 26
  • 39
Cheery
  • 24,645
  • 16
  • 59
  • 83
10

I had the same error being thrown for the live environment. For me, it turned out there was a trailing space at the end of my API username.... I removed the space and it worked fine.... I'd pasted them into a config file straight from PayPal and must've copied a blank there as well... so if this happens to you, check for trailing spaces! This would've been obvious if the username was hardcoded in a string, but wasn't because it was in a java properties file.

note that you'll also get this error if your credentials are wrong (ie bad username, password or signature). I just had the same issue happen when I pasted in my info to a config file, and had extra characters at the end of my signature by mistake.

Brad Parks
  • 66,836
  • 64
  • 257
  • 336
  • 5
    I had this because I used Test Account vs. API Username, which both look similar. – Jazzy Nov 14 '12 at 21:50
  • i am facing the same problem but the problem is that it is working locally but not working in production it is giving "Security header is invalid". I dont know why. Iam using activemerchant.. Can yo help m in that? – Mohd Anas Feb 17 '14 at 09:00
  • 1
    i've only come across these 2 cases. I'd delete both the username and password in your current config file, or code, and try again. If that doesn't work, then I'd manually login to the prod and sandbox using the username and password to be sure they hadn't been changed by someone else. Basically this error means "username and password are wrong" - either by mistake because of the extra character, or because they actually are different. Good luck! – Brad Parks Feb 17 '14 at 10:56
  • 1
    @brad-parks bless you...you saved me probably hours...I will drink to you :-) – Jadeye Jun 09 '14 at 15:04
2

He may not grant permission for checkout. Refer to this article, apparently down for now but still available here.

Nathan Arthur
  • 8,287
  • 7
  • 55
  • 80
Sandeep
  • 956
  • 2
  • 9
  • 19