IMPORTANT Security Fix for ALL versions of Zen Cart

Article Date(s): 12/12/2013 - 12/31/2035
For those of you who have received an email from paypal regarding a service upgrade, no worries because Zen Cart websites are not affected!

Below is the complete email from PayPal

***Please do not disregard this email. Failure to make necessary changes to your PayPal integration may result in an inability to make API calls and/or receive payments through PayPal.

PayPal continues to make significant investments and improvements to its infrastructure to improve our performance, scalability and availability to our customers. These improvements sometimes require us to perform necessary site maintenance upgrades. These upgrades sometimes require merchants to make changes to or update their existing integration.

Please make sure you are ready for this event by consulting with your technology team or individual(s) responsible for your PayPal integration.

What’s happening?

Because of a system upgrade, the following API endpoints are being updated:
When is this happening?

This event is scheduled for the following date(s) and time(s):

Date: March 25, 2014
Time: 11:00 p.m. Pacific Daylight Time (PDT)
Why is this happening?

We are performing this upgrade to ensure more efficient services for PayPal API users.

What do I need to do?

Merchants integrated in the following non-standard ways with PayPal’s API calls will be impacted when we update the API endpoints:

Merchants calling our APIs with a hardcoded PayPal API endpoint IP address rather than using DNS resolution. See section A below.
Merchants using HTTP methods other than GET, POST, DELETE and PUT. See section B below.
Merchants using the HTTP 1.0 protocol. See section C below.
Merchants whose firewall is configured to allow incoming and/or outgoing traffic from only a specific set of IP addresses will need to reconfigure their integration. See section D below.
***If you are integrated with a partner or a cart, please visit this FAQ for more important information.

Action items

Your technical team or individual(s) responsible for your PayPal integration will need to examine your current integration and make necessary changes.

Below are merchant action items for each of the impacts listed above:

Merchants calling our APIs with a hardcoded PayPal API endpoint IP address rather than using DNS resolution
Impact to your business: API calls will timeout or the merchant will encounter an internal error from their system
Your call to action: Use DNS resolution to access our API endpoints and/or open your firewall to the new IP addresses which will be communicated
Merchants using HTTP methods other than GET, POST, DELETE and PUT:
Impact to your business: API calls will return HTTP/1.0 400 Bad Request or HTTP Error 405 Method not allowed
Your call to action: Send the API requests using one of the allowed methods. Heartbeat calls using the HEAD method will not be allowed
Merchants using the HTTP 1.0 protocol:
Impact to your business: API calls will return HTTP/1.0 400 Bad Request
Your call to action: Merchants should update their code to HTTP 1.1 and include the Host header in the API request
Merchants needing firewall changes to allow new IP addresses:
Impact to your business: API calls will error out for merchants whose system responsible for making API calls to PayPal is behind a firewall that uses Access Control List (ACL) rules, and restricts outbound traffic to a limited number of IP addresses.
Your call to action: You need to update your firewall ACL to allow outbound access to a new set of IP addresses we will be publishing. Test your integration on Sandbox (the IP addresses for Sandbox API endpoints are listed here). The list of new IP addresses for our Live API endpoints will be posted here when available in January.
To assist with any questions you may have, we have an FAQ available here.

For additional details of this event, please refer to this blog. Please note that maintenance events can be postponed, rescheduled or cancelled so it’s important that you review this information periodically.

If you have any questions, please contact PayPal Merchant Technical Services by filing a ticket; refer to LIVE API integration change in preparation for March 25. For real time system updates, please go to

Thank you for your understanding.



Shopping Cart

Your cart is empty.

Customer Reviews

Judy is the best!

I searched for 12 frustrating years for a web designer who is an expert, professional, and thorough; someone who cares about customers' needs, who...

Professional and courteous service

Our experience with Judy has been overwhelmingly positive! She is a great communicator and a delightful person. She saved our company both time and...

Great service

Judy, thank you for your work on my site so happy I found you :)

Judy Gunderson saved my bacon!

Judy Gunderson saved my bacon! Actually, she saved my store database, putting it back together after a series of unfortunate incidents in which...

You are so appreciated!

You are, as always, such a gem and so amazingly appreciated. I will be discussing our next steps regarding hookahshisha with my staff so we may...

Who's Online

There currently are 7 guests online.
Copyright © 2004 - 2021 ZenCart Ecommerce Website Design
Zen Cart Templates Zen Cart Guru
Powered by Zen Cart