Ah, that's helpful, I assume you put these bindings in the error page. I'm getting the following: errorSecurity header is not valid10002Error
Thing is I thought I'd set this up to hit the paypal sandbox and not the real server so in theory I shouldn't be getting this error right? Or does the checkout page have to have https running regardless for the transaction to pass?
Final quick question: I can assume from the error code above that I am indeed actually hitting the paypal server right?