c# - 'Security header is not valid' using PayPal sandbox in .NET

I am using the PayPal sandbox in ASP.Net C# 4.0. I added the following web references:


When I run this code:

PayPalAPIHelper.PayPalSandboxWS.SetExpressCheckoutReq req = new PayPalAPIHelper.PayPalSandboxWS.SetExpressCheckoutReq()
            SetExpressCheckoutRequest = new PayPalAPIHelper.PayPalSandboxWS.SetExpressCheckoutRequestType()
                Version = Version,
                SetExpressCheckoutRequestDetails = reqDetails

        // query PayPal and get token
        PayPalAPIHelper.PayPalSandboxWS.SetExpressCheckoutResponseType resp = BuildPayPalSandboxWebservice().SetExpressCheckout(req);

In my resp object, the error message says:

Security header is not valid

I was told to give it correct API credentials. I signed up on developer.paypal.com and i'm assuming the email address and password i used are my valid credentials. How and where do I give it my API credentials? Thanks

1 Answer

  1. Matthew- Reply


    Did you check the endpoint addresses in your web.config file

    Those should be referenced to following url's

    For API Certificate => SOAP https://api.sandbox.paypal.com/2.0/

    For API Signature => SOAP https://api-3t.sandbox.paypal.com/2.0/

    If you are using Signature then use the following code

    CustomSecurityHeaderType type = new CustomSecurityHeaderType();
                type.Credentials = new UserIdPasswordType()
                    Username = ConfigurationManager.AppSettings["PayPalUserName"], //Not paypal login username
                    Password = ConfigurationManager.AppSettings["PayPalPassword"], //not login password
                    Signature = ConfigurationManager.AppSettings["PayPalSignature"]

    To get Paypal signature follow the link

    For more info click here


    Please check the following code it is working for me

    CustomSecurityHeaderType type = new CustomSecurityHeaderType();
                type.Credentials = new UserIdPasswordType()
                    Username = ConfigurationManager.AppSettings["PayPalUserName"],
                    Password = ConfigurationManager.AppSettings["PayPalPassword"],
                    Signature = ConfigurationManager.AppSettings["PayPalSignature"]
                PaymentDetailsItemType[] pdItem = new PaymentDetailsItemType[1];
                pdItem[0] = new PaymentDetailsItemType() 
                    Amount = new BasicAmountType(){currencyID = CurrencyCodeType.USD,Value = ItemPrice},
                    Name = ItemName,
                    Number = ItemNumber,
                    Description = ItemDescription, 
                    ItemURL = ItemUrl
                SetExpressCheckoutRequestDetailsType sdt = new SetExpressCheckoutRequestDetailsType();
                sdt.NoShipping = "1";
                PaymentDetailsType pdt = new PaymentDetailsType()
                    OrderDescription = OrderDesc,
                    PaymentDetailsItem = pdItem,
                    OrderTotal = new BasicAmountType()
                        currencyID = CurrencyCodeType.USD,
                        Value = ItemPrice
                sdt.PaymentDetails = new PaymentDetailsType[] { pdt };
                sdt.CancelURL = "http://localhost:62744/PaymentGateway/PaymentFailure.aspx";
                sdt.ReturnURL = "http://localhost:62744/PaymentGateway/ExpressCheckoutSuccess.aspx";
                SetExpressCheckoutReq req = new SetExpressCheckoutReq()
                    SetExpressCheckoutRequest = new SetExpressCheckoutRequestType()
                        SetExpressCheckoutRequestDetails = sdt,
                        Version = "92.0"
                var paypalAAInt = new PayPalAPIAAInterfaceClient();
                var resp = paypalAAInt.SetExpressCheckout(ref type, req);
                if (resp.Errors != null && resp.Errors.Length > 0)
                    // errors occured
                    throw new Exception("Exception(s) occured when calling PayPal. First exception: " +
                    ConfigurationManager.AppSettings["PayPalOriginalUrl"], resp.Token));

Leave a Reply

Your email address will not be published. Required fields are marked *

You can use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>