“Security header is not valid” error code 10002 – PayPal Payment Gateway

Share this article:
Email this to someone
email
Share on Facebook
Facebook
0Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin

The “Security header is not valid” error message is only caused for two reasons:

Wrong Credentials

Make sure that you’ve put your API Username, API Password and API Signature correctly. 

Sometimes it happens that during copy and paste there is accidentally a space added, this would trigger this error. Double-check this settings in the SDK or in the admin panel of your third party shopping cart.

Wrong Endpoint

This error would come up if you send the data to the wrong endpoint. 

Make sure that you sending the live credentials and data to our live endpoint. 

When you want to test your store make sure that you use our test endpoint and the credentials from your sandbox test account. 

If you are using a third party shopping cart, make sure that your store is running in test or live mode, regarding which credentials you are using.

Here’s how you can check if your credentials are correct:

FOR LIVE

https://api-3t.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD

FOR SANDBOX

https://api-3t.sandbox.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD

Just Substitute the user, pwd and signature and enter in your browser.You should get ACK = SUCCESS if you have input your credentials correctly.

You can also get your credentials from under your PayPal dashboard : https://www.paypal.com/cgi-bin/webscr?cmd=_get-api-signature&generic-flow=true