error code 10002
When I try to place an order in my storefront, the order is declined with the response message of "Security header is not valid (ID: 10002)". What does this mean, and how do I fix it?
PayPal's documentation for their error code 10002 states: "This error can be caused by an incorrect API username, an incorrect API password, or an invalid API signature. Make sure that all three of these values are correct. For your security, PayPal does not report exactly which of these three values might be in error."
The most common solutions to this issue are as follows:
Credit card payment processing gateway
The values in System Setting #37, "Credit Card payment processing gateway", should be reviewed to ensure that they are correct. (The System Settings are located in the store's Administration Area at: [Admin > System Settings].) In our experience, this usually fixes the problem.
The connection to PayPal Pro requires three values. Here is an example of those settings and what they're values typically look like:
PayPal Pro API User Name: user_api1.domain.com
PayPal Pro API Password: X3GMNC2WVPM4E42B
PayPal Pro API Signature: EFvLeTZCbGJJuIrzJnTQyETGjBrGAt29X73KPAmoyFS8O-.8k9VwkX-z
If the values of these three fields isn't formatted similar to the examples above, then that may be the cause of the "Security Header is not valid" error message. Contact PayPal to obtain the proper values to use for these items.
Test mode
Another culprit could be System Setting #1, "Are you running in Test Mode?". When a store is set to Test Mode, it submits orders to the PayPal Website Payments Pro sandbox server. This is a different server than the one that processes live transactions. It is possible that Website Payments Pro accounts require a separate sandbox user account to be created — with its own unique username, password and API signature.
If this is the case, then either:
A) the sandbox user account's credentials would need to be entered in System Setting #37 while the store is set to Test Mode,
-or-
B) the store would need to be taken out of Test Mode and the regular Website Payments Pro account credentials used instead.
Setting up a PayPal sandbox account is beyond Modular Merchant's area of expertise. Therefore, if you would like to use Test Mode and PayPal's sandbox server, contact PayPal to obtain the proper instructions, sandbox credentials and settings for your Website Payments Pro account. |