Security Error "Security header is not valid"

  • Andy Cottrell

    Andy Cottrell - 2007-04-21

    I am attempting to implement your app on a clients website.  I am using their PayPal credentials and using your doDirectPayment example but I am getting a Security error "Security header is not valid".  The response is as follows:

    object(stdClass)#10 (6) {
      string(20) "2007-04-21T16:25:57Z"
      string(7) "Failure"
      string(13) "2201973126444"
      object(stdClass)#11 (4) {
        string(14) "Security error"
        string(28) "Security header is not valid"
        string(5) "10002"
        string(5) "Error"
      string(8) "2.400000"
      string(6) "1.0006"

    Any help resolving this would be greatly appreciated.


    • drew22

      drew22 - 2007-05-26

      I get the same problem too when I take the sample test file out of the phppaypalpro directory.

      I had path problems with the require_once calls, so i made absolute paths:

      define('PHP_PPPRO_BASE_PATH', dirname(__FILE__).'/');

      And added PHP_PPPRO_BASE_PATH to all require calls:

      the sample test file works in when its in the phppaypalpro directory, but when i take it out I get the secuity "Security header is not valid" message

    • drew22

      drew22 - 2007-05-26

      Got it working. it was just a typo in my $API_USERNAME value;

      I also replaced all require_once calls with require.  require_once should be avoided if possible because it has a lot of overhead.


    • Micah Mitchell

      Micah Mitchell - 2009-02-13

      I am having this same problem Security Header Invalid

      I've checked and re-checked my credentials and dont' get what's wrong.

      The steps I took were
      download it, move it to my server
      change to live in the on line 57
      change to my credentials in examples.php on lines 145,147,149

      Am I missing something?

      Thanks in advance!


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks