Search code examples
c#visual-studiopaypalhttpwebresponse

Paypal API Response: Security Header Not Valid

This is the string I am building and sending to Paypal.

        string paypalMessage = "https://api-3t.sandbox.paypal.com/nvp?";

        paypalMessage += "USER=" + USER;
        paypalMessage += "&PWD=" + PWD;
        paypalMessage += "&VERSION=" + VERSION;
        paypalMessage += "&SIGNATURE=" + SIGNATURE;
        paypalMessage += "&METHOD=" + METHOD;
        paypalMessage += "&IPADDRESS=" + IPADDRESS;
        paypalMessage += "&ACCT=" + ACCT;
        paypalMessage += "&EXPDATE=" + EXPDATE;
        paypalMessage += "&CVV2=" + CVV2;
        paypalMessage += "&FIRSTNAME=" + FIRSTNAME;
        paypalMessage += "&LASTNAME=" + LASTNAME;
        paypalMessage += "&STREET=" + STREET;
        paypalMessage += "&CITY=" + CITY;
        paypalMessage += "&STATE=" + STATE;
        paypalMessage += "&COUNTRYCODE=" + COUNTRYCODE;
        paypalMessage += "&ZIP=" + ZIP;
        paypalMessage += "&AMT=" + AMT;

        return paypalMessage;

When I send this to paypal, this is the response I get from Paypal:

TIMESTAMP=2014%2d05%2d06T19%3a55%3a28Z&CORRELATIONID=e06f3f16478d1&ACK=Failure&VERSION=113%2e0&BUILD=10762035&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error

What does this "Security Header Is Not Valid" mean? My google searches tell me its a security thing, but I know USER and PWD are both correct. Signature is what I pulled off of the account after I logged into Paypal Developer website. Is this wrong?

EDIT:

Doing some research while checking for replies, if I'm testing with Sandbox does it mean I need to use a USER/PWD/SIGNATURE from a created Sandbox account that is attached to my actual paypal developer account? Would this be all I need to change to work back and forth between sandbox and live?

Solution

  • Whenever you receive this message it either means that invalid API Credentials were used. Make certain that no added spaces are in your API credentials and that the full signature was copied.

    The other option is that your endpoints and your credentials are not matching.

    If you use Sandbox credentials and live endpoints then you will receive this message. Same thing if you use live credentials for sandbox endpoints.

    Here is a link to another Stack Post with the Same Issue

    In the post I have links to the PayPal Developer Documentation. It details going live.