Express Checkout error message: "Security header is not valid"

I'm implementing Express Checkout in PayPal.

I have no problem with the first two steps, SetExpressCheckout and GetExpressCheckout. But when I use DoExpressCheckout, I encounter the error "Security header is not valid".

The API credentials are the same!

I've fixed it by changing the $environment to live in DoExpressCheckout. (The difference $environment makes is that it'll use https://api.sandbox.paypal.com/nvp/ instead of https://api-3t.$environment.paypal.com/nvp)

But why?

Is there something wrong with https://api-3t.$environment.paypal.com/nvp?

Solution 1:

https://api-3t.sandbox.paypal.com/nvp requires different user-accounts than what https://api-3t.paypal.com/nvp requires.

The sandbox accounts can be activated at developer.paypal.com

Solution 2:

I had the same error being thrown for the live environment. For me, it turned out there was a trailing space at the end of my API username.... I removed the space and it worked fine.... I'd pasted them into a config file straight from PayPal and must've copied a blank there as well... so if this happens to you, check for trailing spaces! This would've been obvious if the username was hardcoded in a string, but wasn't because it was in a java properties file.

note that you'll also get this error if your credentials are wrong (ie bad username, password or signature). I just had the same issue happen when I pasted in my info to a config file, and had extra characters at the end of my signature by mistake.

Solution 3:

He may not grant permission for checkout. Refer to this article, apparently down for now but still available here.