问题
My application uses the SetExpressCheckout paypal classic API method. It is working fine when I use real accounts in a live environment.
It used to work fine using test accounts, but some weeks ago it has stopped working right. At some point, my application calls the "SetExpressCheckout" API method using curl in PHP. When I use the test seller account that I've always used for my tests, I always get the following error:
SetExpressCheckout API call failed.
Detailed Error Message: Security header is not valid
Short Error Message: Security error
Error Code: 10002
Error Severity Code: Error
I know that paypal has recently restructured its "developer network", and the issue seems to be caused by this but I have no proof of that. The API I used is now called the "classic" API.
I've read the documentation, and it says that I now have to create a new "real" paypal account, and then use it to log to https://developer.paypal.com. I did that.
Once logged to the developer website, there is a feature allowing us to import all the test buyer and seller accounts used in an old sandbox account. I did that, and my old test accounts appeared in a list.
One of them is the test seller account I used to test. When I check the details of this account, the username, password and signature used to authenticate to the paypal API are there. If I use them, it still returns the previous error.
There is also a feature allowing me to create test accounts. I've created a new seller, and still, I get the same error message.
When I search on google about this issue, most answers says that the username, password or signature are wrong or have hidden white spaces in them. That's not my case.
I don't know how to solve that problem. I am wondering if the API endpoint has changed. I currently use "https://api-3t.paypal.com/nvp" for tests. I am using the NVP API, version 64.
To make it short: 1) My test account used to work 2) The code has not been modified 3) Real accounts used to work and still work. 4) But test buyer account has stopped working 5) The issue chronologically coincide with paypal "developer network" restructuring. 6) I don't know what has changed exactly and might cause this. 7) Does anyone know what has changed and might has caused this (a new parameter in the query string? Endpoint URL changed?)? 8) According to my previous description, do I seem to have misunderstood something, and what?
回答1:
I currently use "https://api-3t.paypal.com/nvp" for tests.
That's your problem. You're using test credentials, but the live API endpoint.
Change your endpoint to https://api-3t.sandbox.paypal.com/nvp and all should be fine.
回答2:
Security header is not valid means that your credentials are incorrect. I've never once seen that error where this wasn't the case.
You need to make sure that if you're using sandbox credentials for testing that you're hitting the correct endpoint and using the correct credentials.
Lots of times people accidentally have sandbox credentials set but then send them to the live endpoint or visa versa. If you're hitting the correct endpoint and your credentials are indeed correct you won't get this error.
来源:https://stackoverflow.com/questions/18024922/paypal-setexpresscheckout-api-method-has-stopped-working-with-sandbox-seller-a