So the error being reported back from paypal is "Security header is not valid":
<LongMessage xsi:type="xs:string">Security header is not valid</LongMessage>
this error will occur if the API Credentials you are using are for the PayPal Sandbox server, but you are doing a live checkout, or if the credentials or for the live server, but you have set to use the sandbox for testing.
It may also occur if you have not accepted the billing agreement after requesting the credentials.
Double check the Authorize paypal Express Checkout server behavior on the checkout page to see whether the Use sandbox option is checked or not, also check to make sure you accepted the billing agreement with paypal.