Getting 10002 error – Security header is not valid message.

Last Updated: January 14, 2024

This error commonly arises if you have entered the wrong values in the API keys field under plugin settings.
Kindly check and verify the keys. You can get the keys under the same names from your PayPal account.

Log into your PayPal business account.
Click Activity from the top of the page and select API Access
Scroll down to NVP/SOAP API Integration (Classic) and click Manage API Credentials.
Create keys if not already. Else, copy the following credentials:
- API Username
- API Password
- Signature
Next, paste the credentials into corresponding fields under the PayPal plugin settings.

Setup Guide

Can’t find what you need?

Browse our Documentation or contact Support to get your questions answered.

Help Desk

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of the basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website, to store user preferences and provide you with content and advertisements that are relevant. Such cookies will be stored on your browser but only upon procuring consent.

You will also have the option to opt-out of these cookies should you want to. But opting out of some of these cookies may have an effect on your browsing experience as per the descriptions elucidated against the respective categories below.

Necessary

Always Enabled

The cookies defined under this category are absolutely essential for the website to function. Hence they are loaded by default irrespective if user consent.

Cookie	Description
__cfruid	Cloudflare sets this cookie to identify trusted web traffic.
__stripe_mid	Stripe sets this cookie cookie to process payments.
__stripe_sid	Stripe sets this cookie cookie to process payments.
cookielawinfo-checkbox-advertisement	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-necessary	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-preferences	This cookie is set by the GDPR Cookie Consent plugin to check if the user has given consent to use cookies under the "Preferences" category.
CookieLawInfoConsent	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSID	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user sessions on the website. The cookie is a session cookie and is deleted when all the browser windows are closed.
viewed_cookie_policy	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not a user has consented to the use of cookies. It does not store any personal data.

Analytics

Analytics cookies help us understand how our visitors interact with the website. It helps us understand the number of visitors, where the visitors are coming from, and the pages they navigate. The cookies collect this data and are reported anonymously.

Cookie	Description
_ga	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.
_ga_BQH8MSKD4M	This cookie is installed by Google Analytics.
_gat_gtag	Identification code of website for tracking visits.
_gid	This cookie is installed by Google Analytics. The cookie is used to store information on how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_hjAbsoluteSessionInProgress	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjid	Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInPageviewSample	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSample	This cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate heatmaps, funnels, recordings, etc.
_hjIncludedInSessionSample	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjTLDTest	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
CONSENT	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
has_recent_activity	This cookie is used to signal to the code repository website if the user has browsed other website resources during the current session.
tk_ai	Gathers information for our own first-party analytics tool about how our services are used. A collection of internal metrics for user activity and is used to improve user experience.
tk_lr	This cookie is set by the JetPack plugin on sites using WooCommerce. This is a referral cookie used for analyzing referrer behavior for Jetpack.
tk_or	This cookie is set by the JetPack plugin on sites using WooCommerce. This is a referral cookie used for analyzing referrer behavior for Jetpack.
tk_qs	Gathers information for our own first-party analytics tool about how our services are used. A collection of internal metrics for user activity and is used to improve user experience.
tk_r3d	The cookie is installed by JetPack. Used for the internal metrics for user activities to improve user experience.

Advertisement cookies help us provide our visitors with relevant ads and marketing campaigns.

Cookie	Description
_fbp	This cookie is set by Facebook to deliver advertisements when they are on Facebook or on a digital platform powered by Facebook advertising after visiting this website.
fr	The cookie is set by Facebook to show relevant advertisements to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook Pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Preferences

Preference cookies are used to store user preferences to provide them with content that is customized accordingly. This includes the language of the website or the location of the visitor.

Cookie	Description
_gh_sess	This cookie is used to preserve users' states across page requests.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
_hjSession_1376571	30 minutes	No description
_hjSessionUser_1376571	1 year	No description
_octo	1 year	No description available.
_zendesk_authenticated	past	No description
_zendesk_session	session	No description available.
_zendesk_shared_session	session	No description available.
edd_wp_session	12 hours	No description available.
logged_in	1 year	No description available.
m	2 years	No description available.

Getting 10002 error – Security header is not valid message.

<img width="45" height="45" src="/wp-content/uploads/2019/12/customer-support.png" class="mr-3">Can’t find what you need?

Can’t find what you need?