SitePoint Sponsor

User Tag List

Results 1 to 1 of 1
  1. #1
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Kathmandu, Nepal
    0 Post(s)
    0 Thread(s)

    Paypal DoDirectPayment - Security header is not valid !

    Hello there,

    I have been struggling to make this work. My client wants to have a form for entering credit card details in his website while checkout process. I prepared the form and tried the following code which is provided by Paypal itself.

    Code php:
    /** DoDirectPayment NVP example; last modified 08MAY23.
     *  Process a credit card payment. 
    //$environment = 'sandbox';	// or 'beta-sandbox' or 'live'
     * Send HTTP POST Request
     * @param	string	The API method name
     * @param	string	The POST Message fields in &name=value pair format
     * @return	array	Parsed HTTP Response body
    function PPHttpPost($methodName_, $nvpStr_) {
    	$environment = 'sandbox';
    	// Set up your API credentials, PayPal end point, and API version.
    	$API_UserName = urlencode('username');
            $API_Password = urlencode('api_password');
            $API_Signature = urlencode('api_signature');
    	$API_Endpoint = "";
    	if("sandbox" === $environment || "beta-sandbox" === $environment) {
    		$API_Endpoint = "https://api-3t.$";
    	$version = urlencode('56.0');
    	// Set the curl parameters.
    	$ch = curl_init();
    	curl_setopt($ch, CURLOPT_URL, $API_Endpoint);
    	curl_setopt($ch, CURLOPT_VERBOSE, 1);
    	// Turn off the server and peer verification (TrustManager Concept).
    	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
    	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
    	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    	curl_setopt($ch, CURLOPT_POST, 1);
    	// Set the API operation, version, and API signature in the request.
    	$nvpreq = "METHOD=$methodName_&VERSION=$version&PWD=$API_Password&USER=$API_UserName&SIGNATURE=$API_Signature$nvpStr_";
    	// Set the request as a POST FIELD for curl.
    	curl_setopt($ch, CURLOPT_POSTFIELDS, $nvpreq);
    	// Get response from the server.
    	$httpResponse = curl_exec($ch);
    	if(!$httpResponse) {
    		exit("$methodName_ failed: ".curl_error($ch).'('.curl_errno($ch).')');
    	// Extract the response details.
    	$httpResponseAr = explode("&", $httpResponse);
    	$httpParsedResponseAr = array();
    	foreach ($httpResponseAr as $i => $value) {
    		$tmpAr = explode("=", $value);
    		if(sizeof($tmpAr) > 1) {
    			$httpParsedResponseAr[$tmpAr[0]] = $tmpAr[1];
    	if((0 == sizeof($httpParsedResponseAr)) || !array_key_exists('ACK', $httpParsedResponseAr)) {
    		exit("Invalid HTTP Response for POST request($nvpreq) to $API_Endpoint.");
    	return $httpParsedResponseAr;
    // Set request-specific fields.
    $paymentType = urlencode('Sale');				// or 'Sale'
    $firstName = urlencode('raju');
    $lastName = urlencode('gautam');
    $creditCardType = urlencode('visa');
    $creditCardNumber = urlencode('4111111111111111');
    $expDateMonth = '01';
    // Month must be padded with leading zero
    $padDateMonth = urlencode(str_pad($expDateMonth, 2, '0', STR_PAD_LEFT));
    $expDateYear = urlencode('2013');
    $cvv2Number = urlencode('123');
    $address1 = urlencode('1 Some St.');
    $city = urlencode('San Jose');
    $state = urlencode('CA');
    $zip = urlencode('123456');
    $country = urlencode('US');				// US or other valid country code
    $amount = urlencode(20.50);
    $currencyID = urlencode('USD');							// or other currency ('GBP', 'EUR', 'JPY', 'CAD', 'AUD')
    // Add request-specific fields to the request string.
    $nvpStr =	"&PAYMENTACTION=$paymentType&AMT=$amount&CREDITCARDTYPE=$creditCardType&ACCT=$creditCardNumber".
    // Execute the API operation; see the PPHttpPost function above.
    $httpParsedResponseAr = PPHttpPost('DoDirectPayment', $nvpStr);
    if("SUCCESS" == strtoupper($httpParsedResponseAr["ACK"]) || "SUCCESSWITHWARNING" == strtoupper($httpParsedResponseAr["ACK"])) {
    	exit('Direct Payment Completed Successfully: '.print_r($httpParsedResponseAr, true));
    } else  {
    	exit('<pre>DoDirectPayment failed: ' . urldecode(print_r($httpParsedResponseAr, true)) . '</pre>');

    But this gives me the following error:
    DoDirectPayment failed: Array
        [TIMESTAMP] => 2012-07-13T06:37:00Z
        [CORRELATIONID] => 1708c3339d400
        [ACK] => Failure
        [VERSION] => 56.0
        [BUILD] => 3288089
        [L_ERRORCODE0] => 10002
        [L_SHORTMESSAGE0] => Security error
        [L_LONGMESSAGE0] => Security header is not valid
        [L_SEVERITYCODE0] => Error
    Is there something that I am missing? Or doing completely wrong. I found lots of users having this problem but could not find a quite proper reason for this! Can anyone of you point me to some right direction please? Really lingering with this since last 2 says but could not find a solution.

    PS: BTW, it is very much clear that the client is quite aware of the customers who doesn't want to enter their credit card details in their website but still they want!

    Please help! Thank you so much in advance!

    Off Topic:

    Find the Sitepoint logo has been changed! Seems its been very long that I haven't been in Sitepiont!

    Last edited by EastCoast; Jul 16, 2012 at 13:11. Reason: Don't put passwords and usernames in public code!!??
    Mistakes are proof that you are trying.....
    PSD to HTML - | Personal Blog | ZCE - PHP 5


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts