Debugging ActiveMerchant; need full request and response. How to?

Question

Rails 3.0.10 and activemerchant gem 1.29.3

My app works fine in sandbox, but transactions in production mode are failing with "Security header is not valid", "ErrorCode"=>"10002"

We initiated a support request with paypal, after reviewing all the configuration parameters a million times and they feel we're hitting an incorrect endpoint. They've asked for a full trace for the transaction, including headers, etc, so I'm trying to figure out how to do that. I found this article

which suggested adding this to the config block

ActiveMerchant::Billing::PaypalGateway.wiredump_device = File.new(File.join([Rails.root, "log", "paypal.log"]), "a")

But that just results in an empty log; nothing gets dumped to it.

So, how can I obtain this info from the GATEWAY object, if possible? Here's the production config, the format of which is identical to what's used in staging env.

::GATEWAY = ActiveMerchant::Billing::PaypalGateway(
      :login => 'me_api1.blah...',
      :password => 'string...',
      :signature => 'longer string...'
    )

Thanks.

Answer 1

Needed to add the additional line as follows:

ActiveMerchant::Billing::PaypalGateway.wiredump_device.sync = true

Within the same config block in the environment

Answer 2

Somewhere in the class library you're using there should be a function to output this for you (if it's a well built library, that is.)

Even without that, though, you should be able to look in that PaypalGateway function to see where/how it's setting the endpoint. It's either hard-coding the value or it'll be setting different endpoints based on some sandbox option you have configured somewhere else in the class.

It's hard to tell you more than that without getting a look a the actual class library you're using, but I can concur that it must be either incorrect credentials or an incorrect endpoint. I've never once seen that security header error when it wasn't simply invalid credentials, which means either your values are incorrect or you're hitting the wrong endpoint.

If you want to post that whole function (or maybe even the whole library as the endpoint could be getting set from some other function) I can take a look and find the problem for you.