From GroupScript documentation
Security header invalid when paying with PayPal
Most likely reason for this error is PayPal API data mismatch- you have either some of the credentials wrong (double check system/application/config/paypal.php for errors, unneccessary whitespace) or you are using your live API credentials with PayPal Sandbox (test) mode set to true. If you have checked your API credentials and you are sure that your PayPal API information and sandbox/test mode flag is correct, please follow these steps:
- Make a test transaction on your site.
If you are using pre-3.0 version:
- Open your database in phpmyadmin or other database management tool of your choice.
- Navigate to transaction_log table
- Sort the transaction_log table records by id, and open the latest record.
If you are using 3.0 or later:
- Go to your site's Backend->Payments->Transaction log
The results should contain these columns: `query` and `response` - query is a request that is sent to PayPal, and they can see to which server did the request go. Credit card data, and PayPal API credentials are not logged for security reasons. Response is raw response received from PayPal.
Contact PayPal technical support with this information along with your PayPal API information from system/application/config/paypal.php file. They should tell you the reason this transaction failed.