I have set up a website with Shopping cart, everything is ok until I try to checkout with paypal. I have done all the API signiture instructions a couple of times but still getting the same error. I am not sure if this is a server issue or not. This is the error message I am getting. the website is www.midstatetees.com
PayPal has returned an error!
Ack: Failure
Correlation ID: 23599b1fa47d6
Version: 3.2
Error Number: 10002
Short Message: Security error
Long Message: Security header is not valid
Security header not valid
Ron Promisson
Registered User
5 posts
Ron Promisson
Registered User
5 posts
I have received a response back from paypal but I am not sure what to do with the information
PayPal recently launched an alternative to certificate-based API authentication with a new string-based system that uses an API Signature in place of a certificate. A signature is just an additional string value that you use in addition to your API Username and API Password when making API calls. The certificate API option is still available; however, the Signature option is generally easier for developers to work with. This new system has caused some new possibilities for error conditions, including the following which are all potential causes for the Security Header is not Valid error:
- You are not using the correct API Certificate, or you are not using it correctly. Remember that a Sandbox certificate is different than your Live certificate.
- If you are using signature-based authentication, you may be using an incorrect endpoint for the SOAP calls. For signature-based authentication, send production API calls to the following servers:
https://api-3t.paypal.com/nvp for a NVP call, or
https://api-3t.paypal.com/2.0/ for a SOAP-based API call using signature.
If you send signature-based SOAP calls to either https://api.paypal.com/2.0/ or https://api-aa.paypal.com/2.0/, you will see this error.
For the Sandbox 3 token method, use the following endpoints: https://api.sandbox.paypal.com/2.0/ or https://api-aa.sandbox.paypal.com/2.0/
For the certificate method use https://api.sandbox.paypal.com/2.0/
PayPal recently launched an alternative to certificate-based API authentication with a new string-based system that uses an API Signature in place of a certificate. A signature is just an additional string value that you use in addition to your API Username and API Password when making API calls. The certificate API option is still available; however, the Signature option is generally easier for developers to work with. This new system has caused some new possibilities for error conditions, including the following which are all potential causes for the Security Header is not Valid error:
- You are not using the correct API Certificate, or you are not using it correctly. Remember that a Sandbox certificate is different than your Live certificate.
- If you are using signature-based authentication, you may be using an incorrect endpoint for the SOAP calls. For signature-based authentication, send production API calls to the following servers:
https://api-3t.paypal.com/nvp for a NVP call, or
https://api-3t.paypal.com/2.0/ for a SOAP-based API call using signature.
If you send signature-based SOAP calls to either https://api.paypal.com/2.0/ or https://api-aa.paypal.com/2.0/, you will see this error.
For the Sandbox 3 token method, use the following endpoints: https://api.sandbox.paypal.com/2.0/ or https://api-aa.sandbox.paypal.com/2.0/
For the certificate method use https://api.sandbox.paypal.com/2.0/
Scott Swedorski
VP of Software Development
0 posts
Hi Ron
I am not really too sure what they are saying either. Setting up the API access should take only a few moments. You can find full instructions at http://www.coffeecup.com/help/articles/ … t-creator/
I am not really too sure what they are saying either. Setting up the API access should take only a few moments. You can find full instructions at http://www.coffeecup.com/help/articles/ … t-creator/
Learn the essentials with these quick tips for Responsive Site Designer, Responsive Email Designer, Foundation Framer, and the new Bootstrap Builder. You'll be making awesome, code-free responsive websites and newsletters like a boss.
Ron Promisson
Registered User
5 posts
After messing half a day away I finally found that when I copy and pasted it added an extra space at the front of the password.
Thanks
Thanks
Scott Swedorski
VP of Software Development
0 posts
Ahh, yes. spaces are considered a character too. Glad you got it fixed.
Learn the essentials with these quick tips for Responsive Site Designer, Responsive Email Designer, Foundation Framer, and the new Bootstrap Builder. You'll be making awesome, code-free responsive websites and newsletters like a boss.
Have something to add? We’d love to hear it!
You must have an account to participate. Please Sign In Here, then join the conversation.
