Paypal sandbox not working? Payment failed. Please try again. Security header is not valid

We setup invoiceplane and are trying to setup a sandbox account to test with and it’s constantly failing with

Payment failed. Please try again.
Security header is not valid

I’ve seen other posts saying we need curl so we’ve installed curl and php-curl but it still errors out. I’ve tested the username/password/signature using the paypal method to test with curl and it seems to be fine. Here’s the curl command I used to test in shell.

-d USER=userxxxx
-d PWD=passxxxx
-d SIGNATURE=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-d METHOD=SetExpressCheckout
-d cancelUrl=
-d returnUrl=

Any suggestions on why this might not be working? I’m wondering if some other dependency is not installed but the system is not complaining about it just like php-curl or php-mbstring.

I should have mentioned this is the latest 1.5.6 IP

An update on this, for anyone who is looking. We found that InvoicePlane correctly goes to paypal’s sandbox if the following SQL is run on the local MySQL database:

UPDATE ip_settings SET setting_value='on' WHERE setting_key='gateway_paypal_express_testMode';

When InvoicePlane reads gateway settings, it expects a value of type checkbox to say “on” or “off,” but the setup form is somehow setting the value to 1 or 0.

Thanks for the nice catch and weird behaviour because IP is setup to change the value to “on” if true

I need to have a deeper look (maybe tomorrow) as I don’t use the payements part so I need to configure all :slight_smile:

Edit : I’ve test it and don’t know why it seeks for “on” whereas all tests mode are with 0 or 1 …
I’ve made a change which should work but I need deeper tests as I don’t configure my account with sandbox … so I need to configure all or ask @Kovah if he can tests for me aswell.
Will do a PR soon (I create a ticket for this :


The check is implemented to provide a consistent true/false saving in the database because checkboxes return on as a value if they are switched on.

No @Kovah you’re wrong, in the settings if it’s enable it’s setup to save as 0 or 1 (for every test mode)
cf :

So you check if the value is “on” then set it to true otherwise false but as it’s never “on” in the DB then it never enters in the statement and there is a mistake (that’s why the statement by @dmillermfals to change the value in the DB works because the check is made for “on” to be true) .

So two solutions are possible
1 - change the “on” in “1” to check correctly (which is for me the best solution and in my opinion the one I will do in a PR)
2 - change the 1 to “on” in the settings form (but need to adapt, controllers … which is for me a bit longer)

Up to you :smiley:


Then this might have been an issues with the setup earlier.
Just remove the check.

@dmillermfals Can you do a change for me and test if it works ?
Replace “on” by “1” here

Test if the “testmode” is working fine and if you get no errors ?

I’m finishing the PR but as I had no account set it’s hard to test it correctly :slight_smile:

Small edit : if it’s working I recommand to you to setup the old value until a new update is pushed (it can be changed or we can change the way we use it). It’s up to you to use it at your own risk before we push it if you don’t want to change it because it’s working :slight_smile:


I verified that this change works, and that it goes to the Sandbox after I enable test mode from the admin panel in IP. Thanks!

So you can confirm me that with the fix and without running your SQL hotfix it works like intended ? There is no more bugs do you after applying this patch ?


Yes, that is confirmed. I set up Paypal entirely from within IP, without running any SQL, and it uses the Paypal sandbox correctly. I also tried toggling Test Mode off and on and it seems to be working as intended.

Perfect !! Thanks for your test. Will make the PR tonight and as I said up to you to keep this version if really needed or wait for the next release :wink:

June 2020 - this error is still happening.

InvoicePlane 1.5.11

Payment failed. Please try again.
Security header is not valid

When using Paypal in sandbox mode.

Please have a read there: