3

I integrated the Paypal express checkout into our eCommerce system (NVP version 76.0, PHP 5.2) that has a bespoke checkout process. While in development mode (using the sandbox details) everything works but the moment I switch the signature information (username, password, api_signature and the paypal url) to the live Paypal account information it stopped working. It always responds with a error code: 10002 and message: Security header is not valid If I switch back to sandbox details it starts to work again.

Here is the error example:

TIMESTAMP: 2011-12-06T19:09:31Z
CORRELATIONID: cb966ebeb254d
ACK: Failure
VERSION: 76.0
BUILD: 2271164
L_ERRORCODE0: 10002
L_SHORTMESSAGE0: Security error
L_LONGMESSAGE0: Security header is not valid
L_SEVERITYCODE0: Error

I found some posts on stack overflow of people having the same problem but there solution didn't work @Paypal and I did some digging around (on google) and found that a lot of people experience this problem but there is no definitive solution or a thread that would outline what you need to change when you go live because just changing the details mentioned above (and in the paypal express checkout documentation) doesn't seem to work.

Did anyone find a solution to this problem or maybe I just missed something?

Community
  • 1
  • 1
Alex
  • 1,630
  • 1
  • 20
  • 31

1 Answers1

7

OK so I found the answer:

I contacted Paypal support and even after outlining the issue they still didnt provide a solution but at least there response gave me an idea of what is actually wrong. When you put the system live you not only have to change the:

API_USERNAME
API_PASSWORD
API_SIGNATURE
PAYPAL_URL

with the live details (from Sandbox > Live) but you have to change:

API_ENDPOINT

which they do not provide in there documentation. What I found was that when you switch to live (depending what version of the paypal SDK you have) you have to change the endpoint to the one found in this list API Endpoints

The one I had to use was:

Environment: Live
Authentication: API Signature
Calling: Name-Value Pair
Endpoint: https://api-3t.paypal.com/nvp
Alex
  • 1,630
  • 1
  • 20
  • 31
  • You always have to change the endpoint, irrespective of SDK or not. – Robert Dec 07 '11 at 22:39
  • I understand that now but it was not outlined in the documentation neither the proper example was given for a correct live endpoint url, which even after contacting PayPal support they couldn't provide me with the correct end point url. – Alex Dec 09 '11 at 10:40
  • Which support did you contact? You should contact Merchant Technical Services for any API-related questions; https://www.paypal.com/mts – Robert Dec 09 '11 at 22:11
  • @Robert I contacted paypal support by posting a ticket relevant to my issue and they came back with solutions that didn't work and keeping in mind that there response is not quick and I had to launch the website, I couldn't talk to paypal and wait for them to help resolve the issue, if it takes them a day to come back to me. Especially when they come back with solutions that don't work and other people already posted the same thing online and it didn't work for them as well, so they need to sort out there documentation or at least add proper explanation to the SDK download in a readme file. – Alex Dec 12 '11 at 11:55
  • 1
    Did you contact PayPal MTS via https://www.paypal.com/mts like I mentioned? The regular Customer Service won't be able to assist with this. PayPal MTS is the department you should contact for developer-related support. – Robert Dec 13 '11 at 21:01
  • Like I said I contacted the proper support line but they weren't able to provide a solution to this problem and because of time constraints I had to find the solution my self (this answer response is what the solution I found is). Thanks for your input @Robert – Alex Dec 19 '11 at 11:31
  • Thanks for this! I found it on a google and sure enough, hadn't managed to switch all of the credentials over. – AC Capehart Feb 18 '13 at 03:35