Omnipay Paypal Express Checkout Error: Security header is not valid

I have searched around stack overflow and google in general and have not found a problem similar to mine.

The problem is whenever setTestMode() method is used the error “Security header is not valid” pops up.

But if I remove setTestMode() and just keep the setUsername(), setPassword(), and setSignature() methods, it goes through and redirects straight to paypal (Live Paypal).

So afaik the problem should lie in how I’m using setTestMode and not about incorrect Api Creds as most “Security header is not valid” errors are about.

I am currently using Laravel 5.8 with Omnipay/paypal using Paypal Express Checkout

Here are the files that were used


public function gateway()
$gateway = Omnipay::create('PayPal_Express');

// $gateway->setTestMode(true);

return $gateway;

public function purchase(array $parameters)
$response = $this->gateway()

return $response;


public function checkout($order_id)
$order = Order::findOrFail(decrypt($order_id));

$paypal = new PayPal;

$response = $paypal->purchase([
'amount' => $paypal->formatAmount($order->amount),
'transactionId' => $order->transaction_id,
'currency' => 'PHP',
'cancelUrl' => $paypal->getCancelUrl($order),
'returnUrl' => $paypal->getReturnUrl($order),
'notifyUrl' => $paypal->getNotifyUrl($order),

if ($response->isRedirect()) {

return redirect()->back()->with([
'message' => $response->getMessage(),

Here are the contents of the $response

ExpressAuthorizeResponse {#1098 ▼
#liveCheckoutEndpoint: ""
#testCheckoutEndpoint: ""
#request: ExpressAuthorizeRequest {#1095 ▼
#liveEndpoint: ""
#testEndpoint: ""
#negativeAmountAllowed: true
#parameters: ParameterBag {#1097 ▶}
#httpClient: Client {#1063 ▶}
#httpRequest: Request {#1086 ▶}
#response: ExpressAuthorizeResponse {#1098}
#currencies: ISOCurrencies {#1096}
#zeroAmountAllowed: true
#data: array:9 [▼
"TIMESTAMP" => "2022-02-03T11:04:45Z"
"CORRELATIONID" => "c8d066c9b5ccd"
"ACK" => "Failure"
"VERSION" => "119.0"
"BUILD" => "54118205"
"L_ERRORCODE0" => "10002"
"L_SHORTMESSAGE0" => "Security error"
"L_LONGMESSAGE0" => "Security header is not valid"
"L_SEVERITYCODE0" => "Error"

from Newest questions tagged laravel-5 – Stack Overflow

Related Posts

Codeigniter : Parse error: syntax error, unexpected ‘const’ (T_CONST), expecting variable (T_VARIABLE) in Laravel project

I’m getting following error: **Parse error: syntax error, unexpected ‘const’ (T_CONST), expecting variable (T_VARIABLE)** Note : It’s working in local but facing issue in production server. private…

Firebase receive notification while tab is active or on focus

What i want is to be able to perform an action when a user receives a notification while the browser is open and tab is active or…

Laravel’s alias loader does not find class

We have a legacy project that we cannot update and we need to make some changes in symfony’s Response.php in vendor. We have solved this by copying…

Laravel 5 – generic document management

I have a system where you can create different types of unique documents. For instance, one document is called Project Identified and this expects certain inputs. Originally,…

Laravel Nova limit the results in indexQuery

I ran intro a situation where I need to limit the results of a resource to only 3 results. To be more specific, based on the logged…

Auditoria en laravel 5.8 [closed]

Cómo puedo automatizar el registro de actividades de un usuario en laravel? Si un usuario ingresa a un app de laravel, debo guardar toda su actividas, a…

Leave a Reply

Your email address will not be published.