Security Header is not valid

  • Resolved airsophia

    (@airsophia)


    3 years, 11 months ago

    Hey,

    Occurring:
    Upon checkout when clicking the Paypal Express Button

    now this is driving me mad. I’m loosing a lot of money right now….
    Things I tried (with no success):

    – Google as much as possible
    – Looking through all topics in this forum
    – Deactivating all kinds of Plug ins, even all
    – Updating everything including WP to 5.7
    – Deleting my Paypal Gateway Credentials on Paypal and getting new ones in

    The only thing that did something:

    – Deactivating Paypal Express Gateway
    But that also means most people can’t shop anymore.

    What I’m trying this evening: using the normal paypal plug in.

    Any help is greatly appreciated!!!

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author WebToffee

    (@webtoffee)

    Hi @airsophia,

    The error is related to your API keys and not related to the plugin. Please check the following.

    1) Make sure you are using only the NVP/SOAP API keys from PayPal. (NOT the REST API)

    2) Make sure the keys you’ve entered match the “Environment” under plugin setting. If “Environment” is set to “Sandbox Mode”, you must enter the Sandbox keys. If “Environment” is set to “Live Mode”, it must be the Live keys. (Your Live and Sandbox keys will be different.)

    3. Make sure the email address verification is completed for the PayPal business account.

    Thread Starter airsophia

    (@airsophia)

    Hey,

    thanks for coming in.

    I already did everything you mentioned. Nothing helped.

    I’ve deactivated all the paypal plug ins and now use the Paypal Standard Gateway.
    Now at least some kind of Paypal Checkout works, but that’s not the best solution.

    Since I’ve also googled the hell out of the error I guess this is super rare and probably no solution known yet.

    Thread Starter airsophia

    (@airsophia)

    BTW: My working solution does not involve API credentials but is now based on the identity token.

    This could be a reason why it works. APIs themselves seem to be a problem.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security Header is not valid’ is closed to new replies.