Express Checkout error message: “Security header is not valid”

Question

I\'m implementing Express Checkout in PayPal.

I have no problem with the first two steps, SetExpressCheckout and GetExpressChecko

Answer 1

I had the same error being thrown for the live environment. For me, it turned out there was a trailing space at the end of my API username.... I removed the space and it worked fine.... I'd pasted them into a config file straight from PayPal and must've copied a blank there as well... so if this happens to you, check for trailing spaces! This would've been obvious if the username was hardcoded in a string, but wasn't because it was in a java properties file.

note that you'll also get this error if your credentials are wrong (ie bad username, password or signature). I just had the same issue happen when I pasted in my info to a config file, and had extra characters at the end of my signature by mistake.

Answer 2

https://api-3t.sandbox.paypal.com/nvp requires different user-accounts than what https://api-3t.paypal.com/nvp requires.

The sandbox accounts can be activated at developer.paypal.com

Answer 3

He may not grant permission for checkout. Refer to this article, apparently down for now but still available here.