Paypal API Response: Security Header Not Valid

StackOverflow https://stackoverflow.com/questions/23503867

Question

This is the string I am building and sending to Paypal.

        string paypalMessage = "https://api-3t.sandbox.paypal.com/nvp?";

        paypalMessage += "USER=" + USER;
        paypalMessage += "&PWD=" + PWD;
        paypalMessage += "&VERSION=" + VERSION;
        paypalMessage += "&SIGNATURE=" + SIGNATURE;
        paypalMessage += "&METHOD=" + METHOD;
        paypalMessage += "&IPADDRESS=" + IPADDRESS;
        paypalMessage += "&ACCT=" + ACCT;
        paypalMessage += "&EXPDATE=" + EXPDATE;
        paypalMessage += "&CVV2=" + CVV2;
        paypalMessage += "&FIRSTNAME=" + FIRSTNAME;
        paypalMessage += "&LASTNAME=" + LASTNAME;
        paypalMessage += "&STREET=" + STREET;
        paypalMessage += "&CITY=" + CITY;
        paypalMessage += "&STATE=" + STATE;
        paypalMessage += "&COUNTRYCODE=" + COUNTRYCODE;
        paypalMessage += "&ZIP=" + ZIP;
        paypalMessage += "&AMT=" + AMT;

        return paypalMessage;

When I send this to paypal, this is the response I get from Paypal:

TIMESTAMP=2014%2d05%2d06T19%3a55%3a28Z&CORRELATIONID=e06f3f16478d1&ACK=Failure&VERSION=113%2e0&BUILD=10762035&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error

What does this "Security Header Is Not Valid" mean? My google searches tell me its a security thing, but I know USER and PWD are both correct. Signature is what I pulled off of the account after I logged into Paypal Developer website. Is this wrong?

EDIT:

Doing some research while checking for replies, if I'm testing with Sandbox does it mean I need to use a USER/PWD/SIGNATURE from a created Sandbox account that is attached to my actual paypal developer account? Would this be all I need to change to work back and forth between sandbox and live?

Was it helpful?

Solution

Whenever you receive this message it either means that invalid API Credentials were used. Make certain that no added spaces are in your API credentials and that the full signature was copied.

The other option is that your endpoints and your credentials are not matching.

If you use Sandbox credentials and live endpoints then you will receive this message. Same thing if you use live credentials for sandbox endpoints.

Here is a link to another Stack Post with the Same Issue

In the post I have links to the PayPal Developer Documentation. It details going live.

OTHER TIPS

It doesn't always mean invalid API credential or wrong endpoint

If you're absolutely sure in this info, check the encoding you're making your request with - it should be UTF-8 without Byte-Order Mark (BOM), e.g

var requestEncoding = new UTF8Encoding(false); // UTF-8 without BOM

using (var streamWriter = new StreamWriter(request.GetRequestStream(), requestEncoding))
{
    streamWriter.Write(requestBody);
}

This is not a default value, and it helped me after an hour of checking everything

Of course, make sure all of your parameters are url encoded, too

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top