问题
I\'m implementing Express Checkout in PayPal.
I have no problem with the first two steps, SetExpressCheckout and GetExpressCheckout. But when I use DoExpressCheckout, I encounter the error \"Security header is not valid\".
The API credentials are the same!
I\'ve fixed it by changing the $environment to live in DoExpressCheckout. (The difference $environment makes is that it\'ll use https://api.sandbox.paypal.com/nvp/ instead of https://api-3t.$environment.paypal.com/nvp)
But why?
Is there something wrong with https://api-3t.$environment.paypal.com/nvp?
回答1:
https://api-3t.sandbox.paypal.com/nvp requires different user-accounts than what https://api-3t.paypal.com/nvp requires.
The sandbox accounts can be activated at developer.paypal.com
回答2:
I had the same error being thrown for the live environment. For me, it turned out there was a trailing space at the end of my API username.... I removed the space and it worked fine.... I'd pasted them into a config file straight from PayPal and must've copied a blank there as well... so if this happens to you, check for trailing spaces! This would've been obvious if the username was hardcoded in a string, but wasn't because it was in a java properties file.
note that you'll also get this error if your credentials are wrong (ie bad username, password or signature). I just had the same issue happen when I pasted in my info to a config file, and had extra characters at the end of my signature by mistake.
回答3:
He may not grant permission for checkout. Refer to this article, apparently down for now but still available here.
来源:https://stackoverflow.com/questions/1712685/express-checkout-error-message-security-header-is-not-valid