Why did I get API error code 10008?

PayPal returned API error code 10008 - Security header is not valid.

This error usually relates to the API endpoint or the API credentials.


Here are ways to resolve this issue:

  • If you use a shopping cart, there may be a switch between Test/Sandbox processing and Live processing. Check that the correct value is set.
  • Supply an API URL if asked to do so. See NVP/SOAP API endpoints for a list of URLs.
  • Recopy and paste your API information into the cart.
  • Verify the type of API information that the cart requires. Ensure in PayPal that you haven't requested the wrong information.

If you requested a second certificate, be sure to delete the old certificate from the Windows keystore and then install the new certificate. In addition, check that the permissions to the certificate are correct. Check that you're granting the correct user rights to the certificate (using the winhttpcertcfg command). For troubleshooting, try granting permissions to "Everyone" to see if this resolves the error. If it does, you know that you have a permissions issue.

See also:
How do I request API Signature or Certificate credentials?