“security header not valid” (paypal standard)

  • Resolved horiamar

    (@horiamar)


    3 years ago

    Hello there!
    we use “paypal standard” payment gateway with woocommerce.
    when trying to refund (click on button “refund x$ via paypal standard”) we receive the message: “javascript: security header is not valid”.
    I checked the settings in paypal standard (api, IPN) and they are all ok. The payments work (when a customer pays a sum to the woocommerce webshop) but the refunds do not work.

    What could I do?

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter horiamar

    (@horiamar)

    3 years ago

    this is my log: 

    2021-04-08T11:39:57+00:00 INFO Received valid response from PayPal IPN
2021-04-08T11:39:57+00:00 INFO Found order #1322
2021-04-08T11:39:57+00:00 INFO Payment status: completed
2021-04-08T11:49:47+00:00 INFO Refund Response: Array
(
[headers] => Requests_Utility_CaseInsensitiveDictionary Object
(
[data:protected] => Array
(
[content-type] => text/plain; charset=utf-8
[content-length] => 234
[date] => Thu, 08 Apr 2021 11:49:47 GMT
[cache-control] => max-age=0, no-cache, no-store, must-revalidate
[caller_acct_num] => (edited)
[paypal-debug-id] => 1dcad1b492901
[x-paypal-api-rc] => 10002
[x-paypal-operation-name] => RefundTransaction
[x-slr-retry-api] => RefundTransaction
[http_x_pp_az_locator] => ccg13.slc
[strict-transport-security] => max-age=31536000; includeSubDomains
)

)

[body] => TIMESTAMP=2021%2d04%2d08T11%3a49%3a47Z&CORRELATIONID=1dcad1b492901&ACK=Failure&VERSION=84%2e0&BUILD=55475691&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error
[response] => Array
(
[code] => 200
[message] => OK
)

[cookies] => Array
(
)

[filename] =>
[http_response] => WP_HTTP_Requests_Response Object
(
[response:protected] => Requests_Response Object
(
[body] => TIMESTAMP=2021%2d04%2d08T11%3a49%3a47Z&CORRELATIONID=1dcad1b492901&ACK=Failure&VERSION=[Removed. Phone #s not permitted]AGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error
[raw] => HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 234
Connection: close
Date: Thu, 08 Apr 2021 11:49:47 GMT
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Caller_acct_num: (edited)
Paypal-Debug-Id: 1dcad1b492901
X-Paypal-Api-Rc: 10002
X-Paypal-Operation-Name: RefundTransaction
X-Slr-Retry-Api: RefundTransaction
HTTP_X_PP_AZ_LOCATOR: ccg13.slc
Strict-Transport-Security: max-age=31536000; includeSubDomains

TIMESTAMP=2021%2d04%2d08T11%3a49%3a47Z&CORRELATIONID=1dcad1b492901&ACK=Failure&VERSION=[Removed. Phone #s not permitted]AGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error
[headers] => Requests_Response_Headers Object
(
[data:protected] => Array
(
[content-type] => Array
(
[0] => text/plain; charset=utf-8
)

[content-length] => Array
(
[0] => 234
)

[date] => Array
(
[0] => Thu, 08 Apr 2021 11:49:47 GMT
)

[cache-control] => Array
(
[0] => max-age=0, no-cache, no-store, must-revalidate
)

[caller_acct_num] => Array
(
[0] => (edited)
)

[paypal-debug-id] => Array
(
[0] => 1dcad1b492901
)

[x-paypal-api-rc] => Array
(
[0] => 10002
)

[x-paypal-operation-name] => Array
(
[0] => RefundTransaction
)

[x-slr-retry-api] => Array
(
[0] => RefundTransaction
)

[http_x_pp_az_locator] => Array
(
[0] => ccg13.slc
)

[strict-transport-security] => Array
(
[0] => max-age=31536000; includeSubDomains
)

)

)

[status_code] => 200
[protocol_version] => 1.1
[success] => 1
[redirects] => 0
[url] => https://api-3t.paypal.com/nvp
[history] => Array
(
)

[cookies] => Requests_Cookie_Jar Object
(
[cookies:protected] => Array
(
)

)

)

[filename:protected] =>
[data] =>
[headers] =>
[status] =>
)

)

2021-04-08T11:49:47+00:00 INFO Refund Result: stdClass Object
(
[TIMESTAMP] => 2021-04-08T11:49:47Z
[CORRELATIONID] => 1dcad1b492901
[ACK] => Failure
[VERSION] => 84.0
[BUILD] => 55475691
[L_ERRORCODE0] => 10002
[L_SHORTMESSAGE0] => Security error
[L_LONGMESSAGE0] => Security header is not valid
[L_SEVERITYCODE0] => Error
)
    • This reply was modified 3 years ago by horiamar.
    Thread Starter horiamar

    (@horiamar)

    3 years ago

    As presumed by the Automattic support, it was indeed a simple problem of wrong credentials. The API password was copied wrongly by the shop owner.

    So, for others too: in case you can ACCEPT payments, but CANNOT refund them, it is a wrong API password probably. So: wrong credentials can still allow payments to be processed correctly, but won’t allow refunds alone to be done.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘“security header not valid” (paypal standard)’ is closed to new replies.