Paypal DoDirectPayment - Security header is not valid!

Raju_Gautam · July 13, 2012, 6:43am

Hello there,

I have been struggling to make this work. My client wants to have a form for entering credit card details in his website while checkout process. I prepared the form and tried the following code which is provided by Paypal itself.


/** DoDirectPayment NVP example; last modified 08MAY23.
 *
 *  Process a credit card payment. 
*/

//$environment = 'sandbox';	// or 'beta-sandbox' or 'live'

/**
 * Send HTTP POST Request
 *
 * @param	string	The API method name
 * @param	string	The POST Message fields in &name=value pair format
 * @return	array	Parsed HTTP Response body
 */
function PPHttpPost($methodName_, $nvpStr_) {
	$environment = 'sandbox';

	// Set up your API credentials, PayPal end point, and API version.
	$API_UserName = urlencode('username');
        $API_Password = urlencode('api_password');
        $API_Signature = urlencode('api_signature');
        
	$API_Endpoint = "https://api-3t.paypal.com/nvp";
	if("sandbox" === $environment || "beta-sandbox" === $environment) {
		$API_Endpoint = "https://api-3t.$environment.paypal.com/nvp";
	}
	$version = urlencode('56.0');

	// Set the curl parameters.
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $API_Endpoint);
	curl_setopt($ch, CURLOPT_VERBOSE, 1);

	// Turn off the server and peer verification (TrustManager Concept).
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);

	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_POST, 1);

	// Set the API operation, version, and API signature in the request.
	$nvpreq = "METHOD=$methodName_&VERSION=$version&PWD=$API_Password&USER=$API_UserName&SIGNATURE=$API_Signature$nvpStr_";

	// Set the request as a POST FIELD for curl.
	curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);

	// Get response from the server.
	$httpResponse = curl_exec($ch);

	if(!$httpResponse) {
		exit("$methodName_ failed: ".curl_error($ch).'('.curl_errno($ch).')');
	}

	// Extract the response details.
	$httpResponseAr = explode("&", $httpResponse);

	$httpParsedResponseAr = array();
	foreach ($httpResponseAr as $i => $value) {
		$tmpAr = explode("=", $value);
		if(sizeof($tmpAr) > 1) {
			$httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
		}
	}

	if((0 == sizeof($httpParsedResponseAr)) || !array_key_exists('ACK', $httpParsedResponseAr)) {
		exit("Invalid HTTP Response for POST request($nvpreq) to $API_Endpoint.");
	}

	return $httpParsedResponseAr;
}

// Set request-specific fields.
$paymentType = urlencode('Sale');				// or 'Sale'
$firstName = urlencode('raju');
$lastName = urlencode('gautam');
$creditCardType = urlencode('visa');
$creditCardNumber = urlencode('4111111111111111');
$expDateMonth = '01';
// Month must be padded with leading zero
$padDateMonth = urlencode(str_pad($expDateMonth, 2, '0', STR_PAD_LEFT));

$expDateYear = urlencode('2013');
$cvv2Number = urlencode('123');
$address1 = urlencode('1 Some St.');
$city = urlencode('San Jose');
$state = urlencode('CA');
$zip = urlencode('123456');
$country = urlencode('US');				// US or other valid country code
$amount = urlencode(20.50);
$currencyID = urlencode('USD');							// or other currency ('GBP', 'EUR', 'JPY', 'CAD', 'AUD')

// Add request-specific fields to the request string.
$nvpStr =	"&PAYMENTACTION=$paymentType&AMT=$amount&CREDITCARDTYPE=$creditCardType&ACCT=$creditCardNumber".
			"&EXPDATE=$padDateMonth$expDateYear&CVV2=$cvv2Number&FIRSTNAME=$firstName&LASTNAME=$lastName".
			"&STREET=$address1&CITY=$city&STATE=$state&ZIP=$zip&COUNTRYCODE=$country&CURRENCYCODE=$currencyID";

// Execute the API operation; see the PPHttpPost function above.
$httpParsedResponseAr = PPHttpPost('DoDirectPayment', $nvpStr);

if("SUCCESS" == strtoupper($httpParsedResponseAr["ACK"]) || "SUCCESSWITHWARNING" == strtoupper($httpParsedResponseAr["ACK"])) {
	exit('Direct Payment Completed Successfully: '.print_r($httpParsedResponseAr, true));
} else  {
	exit('<pre>DoDirectPayment failed: ' . urldecode(print_r($httpParsedResponseAr, true)) . '</pre>');
}

But this gives me the following error:


DoDirectPayment failed: Array
(
    [TIMESTAMP] => 2012-07-13T06:37:00Z
    [CORRELATIONID] => 1708c3339d400
    [ACK] => Failure
    [VERSION] => 56.0
    [BUILD] => 3288089
    [L_ERRORCODE0] => 10002
    [L_SHORTMESSAGE0] => Security error
    [L_LONGMESSAGE0] => Security header is not valid
    [L_SEVERITYCODE0] => Error
)

Is there something that I am missing? Or doing completely wrong. I found lots of users having this problem but could not find a quite proper reason for this! Can anyone of you point me to some right direction please? Really lingering with this since last 2 says but could not find a solution.

PS: BTW, it is very much clear that the client is quite aware of the customers who doesn’t want to enter their credit card details in their website but still they want!

Please help! Thank you so much in advance!

Edit:

Off Topic:

Find the Sitepoint logo has been changed! Seems its been very long that I haven’t been in Sitepiont!

Regards
Raju