0

I'm trying to follow the instructions at https://developer.paypal.com/docs/classic/mass-pay/integration-guide/MassPayUsingAPI/#id101DEJ0100A for paying a customer. https://www.paypal.com/us/cgi-bin/webscr?cmd=_profile-api-signature# tells me the API username, API password and and signature. I paste those values directly into my program, and POST those parameters (as well as other parameters) to https ://api-3t.paypal.com/nvp and I get this response back:

TIMESTAMP=2015%2d05%2d06T23%3a58%3a01Z&CORRELATIONID=6eef131f4a296&ACK=Failure&VERSION=2%2e3&BUILD=16566018&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error

Any tips for troubleshooting what might be going on here?

Thanks in advance!

Kevin

Kevin Austin
  • 1

1 Answers1

0

That error means the API credentials you're using are not accurate. Double the check the values themselves and make sure you didn't miss any characters or add any extra white space on the ends of the values. Also, make sure you're not sending sandbox credentials to the live PayPal server or vice-verse. That's usually what's happening when people run into this.

Drew Angell
  • 25,968
  • 5
  • 32
  • 51
  • Thanks for the quick reply. I've quadruple-checked what paypal is reporting at https://www.paypal.com/us/cgi-bin/webscr?cmd=_profile-api-signature# to make 1,000% sure that I'm putting the correct API username, API password and API signature for the live environment. I really don't think that's it. Is there another interface that I can copy/paste those credentials into to try to troubleshoot this further? – Kevin Austin May 07 '15 at 01:07
  • If the values are indeed correct then you must be sending them to the wrong end point. This error ALWAYS means the credentials are wrong, so it has to be one of those two things. – Drew Angell May 07 '15 at 01:27
  • Do you have any tips on how exactly I could diagnose this? It's only 4 attributes, and I've shared exactly where I'm getting those attributes from. – Kevin Austin May 07 '15 at 01:46
  • If you want to post a sample of your code I can take a closer look, but again, my guess is that you're sending the credentials to the sandbox endpoint instead of the live endpoint even though you think you're sending it to the live endpoint. That's what I would check. Maybe save a log file with the raw request/response and the endpoint that was used. – Drew Angell May 07 '15 at 05:31