PayPal gateway has rejected request. Security header is not valid (#10002: Security error Magento

Rohit Goel picture Rohit Goel · Apr 24, 2014 · Viewed 75k times · Source

up the pay-pal advance in magento . I have fill all the credentials in magento admin . BUt when i go to frontend and click pay-pal button it gives

PayPal gateway has rejected request. Security header is not valid (#10002: Security error

i have googled a lot and found some suggestions like

Remove API Username, API Password and API Signature from Admin->configuration->Paypal->API/Integration Settings. clear cache and test again

i have tried all these but it still gives the same error.

Please suggest me what can be the issue

Answer

Vimalnath picture Vimalnath · Apr 24, 2014

The Security header is not valid error is only caused for two reasons:

  1. Wrong credentials Make sure that you've put your API Username, API Password and API Signature correctly. Sometimes it happens that during copy and paste there is accidently a space added, this would trigger this error. Doublecheck this settings in the SDK or in the admin panel of your third party shopping cart.

  2. Wrong Endpoint This error would come up if you send the data to the wrong endpoint. Make sure that you sending the live credentials and data to our live endpoint. When you want to test your store make sure that you use our test endpoint and the credentials from your sandbox test account. If you are using a third party shopping cart, make sure that your store is running in test or live mode, regarding which credentials you are using.

You can check for your credentials here too:

FOR LIVE

https://api-3t.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD

FOR SANDBOX

https://api-3t.sandbox.paypal.com/nvp?&user=xxxxxxxxxx&pwd=xxxxxxxxxx&signature=xxxxxxxxxx&version=70.0&METHOD=SetExpressCheckout&RETURNURL=http://www.paypal.com/test.php&CANCELURL=http://www.paypal.com/test.php&PAYMENTACTION=Sale&AMT=50&CURRENCYCODE=USD

Just Substitute the user, pwd and signature and enter in your browser. You should get ACK = SUCCESS if you have input your credentials correctly.

You can also get your credentials here : https://www.paypal.com/cgi-bin/webscr?cmd=_get-api-signature&generic-flow=true