Getting "Security header is not valid" error, double checked the API credentials, still not working

halldorr
Contributor
Contributor

Sending a request using the following code:

 

$api_request = 'USER=' . urlencode('ouruser')
		.  '&PWD=' . urlencode('ourpass')
			.  '&SIGNATURE=' . urlencode('oursignature')
			.  '&VERSION=76.0'			
.  '&METHOD=ManageRecurringPaymentsProfileStatus'
			.  '&PROFILEID=' . urlencode($subId)
			.  '&ACTION=' . urlencode('Cancel')
			.  '&NOTE=' . urlencode( 'Profile cancelled by PSGADMIN' );

	$ch = curl_init();
	curl_setopt( $ch, CURLOPT_URL, 'https://api-3t.paypal.com/nvp' ); 
	curl_setopt( $ch, CURLOPT_VERBOSE, 1 );
	curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );
	curl_setopt( $ch, CURLOPT_POST, 1 );
	curl_setopt( $ch, CURLOPT_POSTFIELDS, $api_request );

	$response = curl_exec( $ch );

  Sending using PHP and the response I get back looks likje:

 

Array ( [TIMESTAMP] => 2018-02-08T15:05:39Z [CORRELATIONID] => 44f5a6f13e3b8 [ACK] => Failure [VERSION] => 76.0 [BUILD] => 39206242 [L_ERRORCODE0] => 10002 [L_SHORTMESSAGE0] => Security error [L_LONGMESSAGE0] => Security header is not valid [L_SEVERITYCODE0] => Error )

I have double and triple checked the credentials we're sending (above I have just said ouruser, ourpass etc) but what could be triggering this error?

Login to Me Too
1 ACCEPTED SOLUTION

Accepted Solutions
Solved

MTS_Andre
Moderator
Moderator

You can clear any doubt by making a call directly to the ExpressCheckout endpoint using your API credentials. If it fails then there is something in your API credentials but if it is successful like I think then something in your integration/module is not passing the correct API credentials to PayPal.

 

Just run the html form below into your browser and replace the API credentials with yours. Then click the button "SetExpressCheckout" at the bottom and see the result, you can see that you are making a basic SetExpressCheckout API call towards the live endpoint https://api-3t.paypal.com/nvp:

 

<form method="post" action="https://api-3t.paypal.com/nvp">
API Username: <input type="text" name="USER" value="uk-3xxxx">  <br>
API Password: <input type="text" name="PWD" value="D25xxxxx">  <br>
API Signature: <input type="text" name="SIGNATURE" value="A7yWAlFxxxx">  <br>
Version: <input type="text" name="VERSION" value="204"> <br>
Paymentaction: <input type="text" name="PAYMENTREQUEST_0_PAYMENTACTION" value="sale"> <br>
Amount: <input type="text" name="PAYMENTREQUEST_0_AMT" value="7.50"> <br>
Item Amount: <input type="text" name="PAYMENTREQUEST_0_ITEMAMT" value="7.50"> <br>
Currency: <input type="text" name="PAYMENTREQUEST_0_CURRENCYCODE" value="USD"> <br>
ReturnURL: <input type="text" name="returnUrl" value="http://www.mywebsite.com/success.html"> <br>
CancelURL: <input type="text" name="cancelUrl" value="http://www.mywebsite.com/cancel.html"> <br>
SolutionType: <input type="text" name="solutiontype" value="Sole"> <br>
<br>
<input type="submit" name="METHOD" value="SetExpressCheckout"> <br>
</form>

View solution in original post

Login to Me Too
9 REPLIES 9

angelleye
Advisor
Advisor
Don't URL encode the credential values. That can cause issues. Also, make sure you aren't sending sandbox credentials to the live server or vice-versa. I think you just need to remove the urlencode() in this case, though.

Angell EYE - www.angelleye.com
PayPal Partner and Certified Developer - Kudos are Greatly Appreciated!
Login to Me Too

halldorr
Contributor
Contributor

Hey there, removed the URL encoding and still get the same error. I had also posted this to sandbox to see if I had the credentials mixed up but I get the same error. Anyway, with urlencode removed I get:

 

Array
(
    [TIMESTAMP] => 2018-02-13T00:41:47Z
    [CORRELATIONID] => 442f8cee5e57
    [ACK] => Failure
    [VERSION] => 76.0
    [BUILD] => 39206242
    [L_ERRORCODE0] => 10002
    [L_SHORTMESSAGE0] => Security error
    [L_LONGMESSAGE0] => Security header is not valid
    [L_SEVERITYCODE0] => Error
)
Login to Me Too

angelleye
Advisor
Advisor
Well, that error ALWAYS means that the credentials are incorrect one way or another. So again, double check the values themselves, and double check that you're sending the correct values to the correct PayPal endpoint (sandbox vs. live.)

Also, it would be good to review the RAW request that includes the actual values being sent to PayPal so you can compare with the values that you're expecting to have there.

Angell EYE - www.angelleye.com
PayPal Partner and Certified Developer - Kudos are Greatly Appreciated!
Login to Me Too
Solved

MTS_Andre
Moderator
Moderator

You can clear any doubt by making a call directly to the ExpressCheckout endpoint using your API credentials. If it fails then there is something in your API credentials but if it is successful like I think then something in your integration/module is not passing the correct API credentials to PayPal.

 

Just run the html form below into your browser and replace the API credentials with yours. Then click the button "SetExpressCheckout" at the bottom and see the result, you can see that you are making a basic SetExpressCheckout API call towards the live endpoint https://api-3t.paypal.com/nvp:

 

<form method="post" action="https://api-3t.paypal.com/nvp">
API Username: <input type="text" name="USER" value="uk-3xxxx">  <br>
API Password: <input type="text" name="PWD" value="D25xxxxx">  <br>
API Signature: <input type="text" name="SIGNATURE" value="A7yWAlFxxxx">  <br>
Version: <input type="text" name="VERSION" value="204"> <br>
Paymentaction: <input type="text" name="PAYMENTREQUEST_0_PAYMENTACTION" value="sale"> <br>
Amount: <input type="text" name="PAYMENTREQUEST_0_AMT" value="7.50"> <br>
Item Amount: <input type="text" name="PAYMENTREQUEST_0_ITEMAMT" value="7.50"> <br>
Currency: <input type="text" name="PAYMENTREQUEST_0_CURRENCYCODE" value="USD"> <br>
ReturnURL: <input type="text" name="returnUrl" value="http://www.mywebsite.com/success.html"> <br>
CancelURL: <input type="text" name="cancelUrl" value="http://www.mywebsite.com/cancel.html"> <br>
SolutionType: <input type="text" name="solutiontype" value="Sole"> <br>
<br>
<input type="submit" name="METHOD" value="SetExpressCheckout"> <br>
</form>

Login to Me Too

halldorr
Contributor
Contributor

Received an error. I'll get in there and see about API credentials again today. Maybe I'm using the wrong ones. I logged into my personal business account and got the API credentials and they worked fine in this test. I'll have to get my bosses to check their account again for me.

Login to Me Too

halldorr
Contributor
Contributor

Just wanted to update on this - apparently Paypal API keys last for three years (at least the NVP/SOAP ones) and ours was generated 6 years ago. Generated new ones and it worked fine.

Login to Me Too

websmartcentral
New Community Member

Hi I've run the form, with fresh credentials and still get the error

Security%20header%20is%20not%20valid
TIMESTAMP=2018%2d12%2d01T00%3a10%3a55Z&CORRELATIONID=8606a202f333&ACK=Failure&VERSION=204&BUILD=000000&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error

  What to try now?

 

Thanks Aaron

Login to Me Too

joanmd
Contributor
Contributor

Hi I've run the form, with a new credentials and get ths message:

 

TOKEN=EC%2d3K937197PC0555901&TIMESTAMP=2019%2d08%2d03T00%3a23%3a14Z&CORRELATIONID=fd779b97f6d01&ACK=Success&VERSION=204&BUILD=53374502

what now?

how can I pass card information for complete the purchase?
what parameters I need to use?

 

can you help me please

Login to Me Too

Ayim29
Contributor
Contributor
Browse categories SKIP TO MAIN CONTENTSKIP TO SEARCHSummary Ayim29 Reply to Message Don't forget! Products and services may differ based on the user's country and PayPal account type. Please post the correct response for the user's situation. User halldorr: Canada Business Account Results from the PayPal Help Center Can't find the answer? Browse the PayPal Help Center To help others search for your topic, you can add tags. You can also choose where to post your topic under Location. Re: Getting "Security header is not valid" error, double checked the API credentials, stil Email me when someone replies to my post. Open discussion in popup Replying to: halldorr halldorr Contributor Contributor ‎Feb-13-2018 01:44 AM Getting "Security header is not valid" error, double checked the API credentials, still not working Sending a request using the following code: $api_request = 'USER=' . urlencode('ouruser') . '&PWD=' . urlencode('ourpass') . '&SIGNATURE=' . urlencode('oursignature') . '&VERSION=76.0' . '&METHOD=ManageRecurringPaymentsProfileStatus' . '&PROFILEID=' . urlencode($subId) . '&ACTION=' . urlencode('Cancel') . '&NOTE=' . urlencode( 'Profile cancelled by PSGADMIN' ); $ch = curl_init(); curl_setopt( $ch, CURLOPT_URL, 'https://api-3t.paypal.com/nvp' ); curl_setopt( $ch, CURLOPT_VERBOSE, 1 ); curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 ); curl_setopt( $ch, CURLOPT_POST, 1 ); curl_setopt( $ch, CURLOPT_POSTFIELDS, $api_request ); $response = curl_exec( $ch ); Sending using PHP and the response I get back looks likje: Array ( [TIMESTAMP] => 2018-02-08T15:05:39Z [CORRELATIONID] => 44f5a6f13e3b8 [ACK] => Failure [VERSION] => 76.0 [BUILD] => 39206242 [L_ERRORCODE0] => 10002 [L_SHORTMESSAGE0] => Security error [L_LONGMESSAGE0] => Security header is not valid [L_SEVERITYCODE0] => Error ) I have double and triple checked the credentials we're sending (above I have just said ouruser, ourpass etc) but what could be triggering this error? Solved! Go to Solution. 9 people had this problem. Top Powered by Khoros HELP & CONTACT SECURITY ©1999-2021 PayPal, Inc. All rights reserved. Privacy Legal Policy updates
Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.