Paypal API Response: Security Header Not Valid

0
votes

This is the string I am building and sending to Paypal.

        string paypalMessage = "https://api-3t.sandbox.paypal.com/nvp?";

        paypalMessage += "USER=" + USER;
        paypalMessage += "&PWD=" + PWD;
        paypalMessage += "&VERSION=" + VERSION;
        paypalMessage += "&SIGNATURE=" + SIGNATURE;
        paypalMessage += "&METHOD=" + METHOD;
        paypalMessage += "&IPADDRESS=" + IPADDRESS;
        paypalMessage += "&ACCT=" + ACCT;
        paypalMessage += "&EXPDATE=" + EXPDATE;
        paypalMessage += "&CVV2=" + CVV2;
        paypalMessage += "&FIRSTNAME=" + FIRSTNAME;
        paypalMessage += "&LASTNAME=" + LASTNAME;
        paypalMessage += "&STREET=" + STREET;
        paypalMessage += "&CITY=" + CITY;
        paypalMessage += "&STATE=" + STATE;
        paypalMessage += "&COUNTRYCODE=" + COUNTRYCODE;
        paypalMessage += "&ZIP=" + ZIP;
        paypalMessage += "&AMT=" + AMT;

        return paypalMessage;

When I send this to paypal, this is the response I get from Paypal:

TIMESTAMP=2014%2d05%2d06T19%3a55%3a28Z&CORRELATIONID=e06f3f16478d1&ACK=Failure&VERSION=113%2e0&BUILD=10762035&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error

What does this "Security Header Is Not Valid" mean? My google searches tell me its a security thing, but I know USER and PWD are both correct. Signature is what I pulled off of the account after I logged into Paypal Developer website. Is this wrong?

EDIT:

Doing some research while checking for replies, if I'm testing with Sandbox does it mean I need to use a USER/PWD/SIGNATURE from a created Sandbox account that is attached to my actual paypal developer account? Would this be all I need to change to work back and forth between sandbox and live?

2
c#visual-studiopaypalhttpwebresponse
Yeah, security header not valid means invalid API credentials. If you are trying to use the sandbox server you need to use the creds from your developer account. - Aaron

2 Answers

0
votes

Whenever you receive this message it either means that invalid API Credentials were used. Make certain that no added spaces are in your API credentials and that the full signature was copied.

The other option is that your endpoints and your credentials are not matching.

If you use Sandbox credentials and live endpoints then you will receive this message. Same thing if you use live credentials for sandbox endpoints.

Here is a link to another Stack Post with the Same Issue

In the post I have links to the PayPal Developer Documentation. It details going live.

0
votes

It doesn't always mean invalid API credential or wrong endpoint

If you're absolutely sure in this info, check the encoding you're making your request with - it should be UTF-8 without Byte-Order Mark (BOM), e.g

var requestEncoding = new UTF8Encoding(false); // UTF-8 without BOM

using (var streamWriter = new StreamWriter(request.GetRequestStream(), requestEncoding))
{
    streamWriter.Write(requestBody);
}

This is not a default value, and it helped me after an hour of checking everything

Of course, make sure all of your parameters are url encoded, too