10002 Security error - Security header is not valid

[ravikumar]

Hi there,

I am using Zen Cart v1.3.8a/v1.3.8 and I am new to zencart PaPal Express Checkout. I have setup my API username, password and Signature Code. When I click on the Checkout with PayPal button, the following error is displayed. Please help me to correct this issue.

"We are sorry for the inconvenience. The PayPal account authentication settings are not yet set up, or the API security information is incorrect. We are unable to complete your transaction. Please notify the store owner so they can correct this problem. (10002)"

Thanks & Regards,
Ravi.R

[DrByte]

That means you've entered invalid API username, password, Signature details.

[Bujinkan]

That means you've entered invalid API username, password, Signature details.

Negative. It does not mean that at all. I have triple checked all my entries and get the same error. It ALSO says the security header is not valid. When I asked my hosting server about this, they said it is a security patch issue.

So now that we got that cleared up, how do I fix it?

[DrByte]

Negative. It does not mean that at all. I have triple checked all my entries and get the same error. It ALSO says the security header is not valid. When I asked my hosting server about this, they said it is a security patch issue.

So now that we got that cleared up, how do I fix it?

The error message is coming *from PayPal*, and it refers to the security "header" that's been submitted as part of your attempted transaction. And, the security header is specifically comprised of your API username, API password, and API signature, along with which server you're attempting to process against (live vs sandbox).
So, it has nothing to do with a "security patch".

Your hosting company may be sincere, but they are sincerely wrong.

So, now that we got that cleared up, here's what you need to do ...

1. In Zen Cart, check what mode you've got your module set to: Live or Sandbox.

2. If it's set to "Live", then go get your API credentials from your live PayPal account, and copy+paste those details into your Zen Cart admin's PayPal module settings.

3. If it's set to "Sandbox", then go to your PayPal sandbox account, and get *those* API credentials, and copy+paste *those* credentials into your Zen Cart admin area instead of your live account details.


After that, if the problem persists, please post the exact details of the symptoms *you* are experiencing. *Where* are you setting the "10002 Security Header Not Valid" error message? What *other* text is being displayed with it? *What* are you doing which triggers it?
PayPal lists several potential causes for that short error message, so more details are required to help sort out your unique problem.

[dhcernese]

I'm having the same issue on 1.3.8a. I'm in sandbox mode w/debug log + email. I have set the API user/pwd/signature three times, and I always get the same "Security Header is not valid" return. This is my development site, which doesn't have an SSL certificate, could that be complicating matters?

Code:

from a "[METHOD] => SetExpressCheckout", the response:
Array
(
    [TIMESTAMP] => 2009-12-23T16:58:29Z
    [CORRELATIONID] => dfa1d7b7ec5d3
    [ACK] => Failure
    [VERSION] => 3.2
    [BUILD] => 1105502
    [L_ERRORCODE0] => 10002
    [L_SHORTMESSAGE0] => Security error
    [L_LONGMESSAGE0] => Security header is not valid
    [L_SEVERITYCODE0] => Error
    [CURL_ERRORS] =>
)

I only have one business PayPal account (because its not live yet) and so that's my 'sandbox' account, it has my only credentials. I'm not sure I understand if having multiple accounts/credentials is required, I must be missing something there.

[dhcernese]

... I only have one business PayPal account (because its not live yet) and so that's my 'sandbox' account, it has my only credentials. I'm not sure I understand if having multiple accounts/credentials is required, I must be missing something there.

Duh. Well, I should read more before posting.