IMPORTANT Security Fix for ALL versions of Zen Cart

Article Date(s): 12/12/2013 - 12/31/2035
For those of you who have received an email from paypal regarding a service upgrade, no worries because Zen Cart websites are not affected!

Below is the complete email from PayPal

***Please do not disregard this email. Failure to make necessary changes to your PayPal integration may result in an inability to make API calls and/or receive payments through PayPal.

PayPal continues to make significant investments and improvements to its infrastructure to improve our performance, scalability and availability to our customers. These improvements sometimes require us to perform necessary site maintenance upgrades. These upgrades sometimes require merchants to make changes to or update their existing integration.

Please make sure you are ready for this event by consulting with your technology team or individual(s) responsible for your PayPal integration.

What’s happening?

Because of a system upgrade, the following API endpoints are being updated:
When is this happening?

This event is scheduled for the following date(s) and time(s):

Date: March 25, 2014
Time: 11:00 p.m. Pacific Daylight Time (PDT)
Why is this happening?

We are performing this upgrade to ensure more efficient services for PayPal API users.

What do I need to do?

Merchants integrated in the following non-standard ways with PayPal’s API calls will be impacted when we update the API endpoints:

Merchants calling our APIs with a hardcoded PayPal API endpoint IP address rather than using DNS resolution. See section A below.
Merchants using HTTP methods other than GET, POST, DELETE and PUT. See section B below.
Merchants using the HTTP 1.0 protocol. See section C below.
Merchants whose firewall is configured to allow incoming and/or outgoing traffic from only a specific set of IP addresses will need to reconfigure their integration. See section D below.
***If you are integrated with a partner or a cart, please visit this FAQ for more important information.

Action items

Your technical team or individual(s) responsible for your PayPal integration will need to examine your current integration and make necessary changes.

Below are merchant action items for each of the impacts listed above:

Merchants calling our APIs with a hardcoded PayPal API endpoint IP address rather than using DNS resolution
Impact to your business: API calls will timeout or the merchant will encounter an internal error from their system
Your call to action: Use DNS resolution to access our API endpoints and/or open your firewall to the new IP addresses which will be communicated
Merchants using HTTP methods other than GET, POST, DELETE and PUT:
Impact to your business: API calls will return HTTP/1.0 400 Bad Request or HTTP Error 405 Method not allowed
Your call to action: Send the API requests using one of the allowed methods. Heartbeat calls using the HEAD method will not be allowed
Merchants using the HTTP 1.0 protocol:
Impact to your business: API calls will return HTTP/1.0 400 Bad Request
Your call to action: Merchants should update their code to HTTP 1.1 and include the Host header in the API request
Merchants needing firewall changes to allow new IP addresses:
Impact to your business: API calls will error out for merchants whose system responsible for making API calls to PayPal is behind a firewall that uses Access Control List (ACL) rules, and restricts outbound traffic to a limited number of IP addresses.
Your call to action: You need to update your firewall ACL to allow outbound access to a new set of IP addresses we will be publishing. Test your integration on Sandbox (the IP addresses for Sandbox API endpoints are listed here). The list of new IP addresses for our Live API endpoints will be posted here when available in January.
To assist with any questions you may have, we have an FAQ available here.

For additional details of this event, please refer to this blog. Please note that maintenance events can be postponed, rescheduled or cancelled so it’s important that you review this information periodically.

If you have any questions, please contact PayPal Merchant Technical Services by filing a ticket; refer to LIVE API integration change in preparation for March 25. For real time system updates, please go to

Thank you for your understanding.



Shopping Cart

Your cart is empty.

Customer Reviews

Best designer I've ever used worldwide

I've used website designers from coast to coast and even overseas. Trying to move projects ahead within my budget with these other designers but all...

The best thing that happened to our website, was Judy!!!

Judy.... words can not begin to let you know how blessed we were to find YOU!!! The ease and professionalism in which you handled our needs was just...


I have gone through hell and back trying to find someone to help me get my website up and running properly. By the grace of god, I found Judy and...

Zencart Guru

Judy Gunderson and staff are so talented if you have a Zencart website as I do. I found her on the internet while having a zencart problem and she...

Awesome job Judy

Judy, thank you very much for the work you did to my website. it looks great, and it does everything that you said it would. I will be calling on...

Who's Online

There currently are 2 guests online.
Copyright © 2004 - 2022 ZenCart Ecommerce Website Design
Zen Cart Templates Zen Cart Guru
Powered by Zen Cart