0

I'm trying to connect my website to the Paypal Sandbox in order to use the Express Checkout feature. I've used this link as reference but i keep getting the 10002 Error "Security header is not valid".

From the documentation this has to be a invalid credentials problem but if i made the request manually through soapUI it returns "Sucess", if i use the curl command it also works as expected.

Scenario: ASP.NET page with two Web References one to https://www.sandbox.paypal.com/wsdl/PayPalSvc.wsdl and another to https://www.paypalobjects.com/wsdl/PayPalSvc.wsdl, the given credentials are Username, Password and Signature as you can see in the following code snippet:

using CloudShop.com.paypal.sandbox.www; namespace CloudShop { public static PayPalAPIAASoapBinding BuildPayPalWebservice() { UserIdPasswordType credentials = new UserIdPasswordType() { Username = CloudShopConf.PayPalAPIUsername, Password = CloudShopConf.PayPalAPIPassword, Signature = CloudShopConf.PayPalAPISignature }; PayPalAPIAASoapBinding paypal = new PayPalAPIAASoapBinding(); paypal.RequesterCredentials = new CustomSecurityHeaderType() { Credentials = credentials }; return paypal; }

Right now i would like to know how to proceed with the debug. What could be wrong?

Improve this question
1
  • So how did you solve this issue? Commented Jul 3, 2012 at 7:14

1 Answer 1

Reset to default
3

Some ideas:

  • Check if you are using the Live-Credentials for the sandbox account.

  • Are you using https://api-3t.sandbox.paypal.com/2.0/ (especially the -3t part) as the endpoint? You should as you are using Signature authentication.

  • As usual, you should step through every setting you are using: protocol, API Endpoint, Version, Credentials etc. and compare you're manual SoapUI call with the information stored in you shop configuration.

I also found a blog article on this error that might help resolving this issue.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

For "POINT 1" the credentials are for the sandbox, for sure. For "POINT 2" i put 'paypal.Url = "api-3t.sandbox.paypal.com/2.0/";' before the paypal.RequesterCredentials but the problem remains. I'm a little bit lost right now to be honest...
You should probably find a way to see the actual, raw SOAP Request sent by your application (remove your credentials and add it to your question). There has to be a difference to your SoapUI request (which you might want to add here as well). Both SOAP and the PayPal API (documentation) aren't the most comprehensible pieces of technology out there.
I did a wireshark capture to confirm the remote endpoint, an it is also correct. The Destination IP is 173.0.82.83 which matches with the answer of nslookup " Non-authoritative answer: Name: api-3t.sandbox.paypal.com Address: 173.0.82.83". Do you know any way to open the SOAP envelope since the connection is SSL protected?
Not really, you could have a look at wiki.wireshark.org/SSL and support.citrix.com/article/CTX116557. But maybe it's easier to debug the message in your code, before it gets sent/encrypted.
After rewriting the whole thing, the SOAP Request started to work. Still wondering what was wrong?!

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.