Home/ Questions/Q 6873789
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T04:06:49+00:00

This has probably been asked a thousand times… But i’m sure i have all

  • 0

This has probably been asked a thousand times… But i’m sure i have all the endpoints and credentials right. It was working yesterday.

Security error:
Error no: 10002
Error message: Security header is not valid

Right now i’m testing against the sandbox server.

Whenever i try the testURL in my browser i get ACK=Success with a token, but i get “Security header is not valid” error when it runs through the code.

It was working a few hours ago but for some reason i keep getting the same error now.

using user/pwd and signature from a sandbox account

https://api-3t.sandbox.paypal.com/nvp
USER=xxxxxxxxxxxxxxxxxxxx
PWD=XXXXXXXXXXXXX
SIGNATURE=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

I have the following test code:

        String testURL = "https://api-3t.sandbox.paypal.com/nvp?USER=xxxxxxxxxxxxxxxxxxxx&PWD=XXXXXXXXXXXXX&SIGNATURE=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX&VERSION=84.0-2276209&PAYMENTREQUEST_0_PAYMENTACTION=Sale&PAYMENTREQUEST_0_AMT=15&RETURNURL=https%3a%2f%2fdomain.com%2fCheckout.aspx&CANCELURL=https%3a%2f%2fdomain.com%2fCheckout.aspx&METHOD=SetExpressCheckout";

        HttpWebRequest req = (HttpWebRequest)WebRequest.Create(testURL);
        req.Method = "POST";
        req.ContentType = "application/x-www-form-urlencoded";


        //Send the request to PayPal and get the response
        StreamWriter streamOut = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII);
        streamOut.Write(testURL);
        streamOut.Close();
        // get resposne
        StreamReader streamIn = new StreamReader(req.GetResponse().GetResponseStream());
        string strResponse = HttpUtility.UrlDecode(streamIn.ReadToEnd());
        streamIn.Close();

HTTPREsponse when code sends it

TIMESTAMP=2011-11-22T23:25:34Z&CORRELATIONID=392047cb78388&ACK=Failure&VERSION=84.000000&BUILD=2271164&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Security error&L_LONGMESSAGE0=Security header is not valid&L_SEVERITYCODE0=Error

HttpResponse if i just copy paste the testURL in the browser

TOKEN=EC%2d4JW15968AV8121546&TIMESTAMP=2011%2d11%2d22T22%3a59%3a27Z&CORRELATIONID=c790299fd9ac7&ACK=Success&VERSION=84%2e000000&BUILD=2271164

I’ve tried not to UrlEncode the variables in the test url… same problem

thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    OK this might be a bug on Paypal’s side.

    if i change the testUrl from

    String testURL = “https://api-3t.sandbox.paypal.com/nvp?USER=XXX&PWD=YYY&SIGNATURE=ZZZ&VERSION=…….&METHOD=SetExpressCheckout”;

    to

    String testURL = “https://api-3t.sandbox.paypal.com/nvp?&x=y&USER=XXX&PWD=YYY&SIGNATURE=ZZZ&VERSION=…….&METHOD=SetExpressCheckout”;

    it works

    See the bolded part with random first querystring variable.
    PayPal seems to ignore the first querystring parameter when it’s sent from codebehind (which would be user=xxx if there wasn’t x=y before it).

    • 0