Home
  • Payments and Transfers
  • Disputes and Limitations
  • My Account
  • My Payment Methods
  • Login & Security
  • Seller Tools

Why did I get API error code 10008?

Issue
PayPal returned API error code 10008 - Security header is not valid.

Cause
This error usually relates to the API endpoint or the API credentials.

Solution

Here are ways to resolve this issue:
  • If you use a shopping cart, there may be a switch between Test/Sandbox processing and Live processing. Check that the correct value is set.
  • Supply an API URL if asked to do so. See NVP/SOAP API endpoints for a list of URLs.
  • Recopy and paste your API information into the cart.
  • Verify the type of API information that the cart requires. Ensure in PayPal that you haven't requested the wrong information.

For ASP.NET
If you requested a second certificate, be sure to delete the old certificate from the Windows Keystore and then install the new certificate. In addition, check that the permissions to the certificate are correct. Check that you're granting the correct user rights to the certificate (using the winhttpcertcfg command). For troubleshooting, try granting permissions to "Everyone" to see if this resolves the error. If it does, you know that you have a permissions issue.
 
See the Developer Portal for a complete list of NVP/SOAP API error codes.
Was this article helpful?

More ways we can help

How are we doing?
Take our survey

If you accept cookies, we'll use them to improve and customise your experience and enable our partners to show you personalised PayPal ads when you visit other sites. Manage cookies and learn more