IMPORTANT Security Fix for ALL versions of Zen Cart

Article Date(s): 12/12/2013 - 12/31/2035
For those of you who have received an email from paypal regarding a service upgrade, no worries because Zen Cart websites are not affected!

Below is the complete email from PayPal

***Please do not disregard this email. Failure to make necessary changes to your PayPal integration may result in an inability to make API calls and/or receive payments through PayPal.

PayPal continues to make significant investments and improvements to its infrastructure to improve our performance, scalability and availability to our customers. These improvements sometimes require us to perform necessary site maintenance upgrades. These upgrades sometimes require merchants to make changes to or update their existing integration.

Please make sure you are ready for this event by consulting with your technology team or individual(s) responsible for your PayPal integration.

What’s happening?

Because of a system upgrade, the following API endpoints are being updated:
When is this happening?

This event is scheduled for the following date(s) and time(s):

Date: March 25, 2014
Time: 11:00 p.m. Pacific Daylight Time (PDT)
Why is this happening?

We are performing this upgrade to ensure more efficient services for PayPal API users.

What do I need to do?

Merchants integrated in the following non-standard ways with PayPal’s API calls will be impacted when we update the API endpoints:

Merchants calling our APIs with a hardcoded PayPal API endpoint IP address rather than using DNS resolution. See section A below.
Merchants using HTTP methods other than GET, POST, DELETE and PUT. See section B below.
Merchants using the HTTP 1.0 protocol. See section C below.
Merchants whose firewall is configured to allow incoming and/or outgoing traffic from only a specific set of IP addresses will need to reconfigure their integration. See section D below.
***If you are integrated with a partner or a cart, please visit this FAQ for more important information.

Action items

Your technical team or individual(s) responsible for your PayPal integration will need to examine your current integration and make necessary changes.

Below are merchant action items for each of the impacts listed above:

Merchants calling our APIs with a hardcoded PayPal API endpoint IP address rather than using DNS resolution
Impact to your business: API calls will timeout or the merchant will encounter an internal error from their system
Your call to action: Use DNS resolution to access our API endpoints and/or open your firewall to the new IP addresses which will be communicated
Merchants using HTTP methods other than GET, POST, DELETE and PUT:
Impact to your business: API calls will return HTTP/1.0 400 Bad Request or HTTP Error 405 Method not allowed
Your call to action: Send the API requests using one of the allowed methods. Heartbeat calls using the HEAD method will not be allowed
Merchants using the HTTP 1.0 protocol:
Impact to your business: API calls will return HTTP/1.0 400 Bad Request
Your call to action: Merchants should update their code to HTTP 1.1 and include the Host header in the API request
Merchants needing firewall changes to allow new IP addresses:
Impact to your business: API calls will error out for merchants whose system responsible for making API calls to PayPal is behind a firewall that uses Access Control List (ACL) rules, and restricts outbound traffic to a limited number of IP addresses.
Your call to action: You need to update your firewall ACL to allow outbound access to a new set of IP addresses we will be publishing. Test your integration on Sandbox (the IP addresses for Sandbox API endpoints are listed here). The list of new IP addresses for our Live API endpoints will be posted here when available in January.
To assist with any questions you may have, we have an FAQ available here.

For additional details of this event, please refer to this blog. Please note that maintenance events can be postponed, rescheduled or cancelled so it’s important that you review this information periodically.

If you have any questions, please contact PayPal Merchant Technical Services by filing a ticket; refer to LIVE API integration change in preparation for March 25. For real time system updates, please go to

Thank you for your understanding.



Shopping Cart

Your cart is empty.

Customer Reviews

Judy works like a good friend will

Judy is a rare one, not only does she do her work well, but she is so honest and professional. I would recommend her to anyone who needs help on...

Savy and up-to-date for todays competitive markets.

Judy's work is AMAZING! From the moment I first spoke to her on the phone I knew this was the person I wanted to have working to bring MY visions of...


We had Judy and her son work on our cart over the holidays. All anyone can say is WOW! They did a FABULOUS job with our upgrade! We will be...

Above and Beyond!

I have used Judy several times over the years to upgrade my zencart. This last time we did an upgrade to version 1.3.9a. I didn't have to wait long...

Zen Cart Help?

No other place Like this one! Courtesy, knowledge, fair prices that’s Judy, she is a godsend! Thanks Judy

Who's Online

There currently are 4 guests online.
Copyright © 2004 - 2022 ZenCart Ecommerce Website Design
Zen Cart Templates Zen Cart Guru
Powered by Zen Cart