Security header is not valid error message

Question

I'm getting this message

TIMESTAMP=2017-03-29T16:36:41Z&CORRELATIONID=9d5672f086c52&ACK=Failure&VERSION=204&BUILD=31674279&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Security error&L_LONGMESSAGE0=Security header is not valid&L_SEVERITYCODE0=Error

I'm sure that I'm using the right credentials, I've copied them from sandbox account, from View API Signature page.

I'm trying to connect to sandbox environment with the url https://api-3t.sandbox.paypal.com/nvp.
Here is how my payload looks like:

METHOD=MassPay&
USR=usr_api1.name.com&
PWD=9M8SWRPX6JMXDHAP&
SIGNATURE=AFcWxV21C7fd0v3bYYYRCpSSRl31AIajEwSIe41AAl--j033rVmjUPI7&
VERSION=204&
RECEIVERTYPE=EmailAddress&
CURRENCYCODE=USD&
L_EMAIL0=some.user%40company.com&
L_AMT0=25

And I have TLS1.2 enabled. Is there any way to trace the problem except for incorrect credentials? Or maybe I have to set-up my test/dev account? By the way, my dev account isn't Business, but test account is Business and not Client.

Here is code that makes the request:

var sb = new StringBuilder();
foreach (var field in dic)
{
    sb.Append($"{field.Key}={HttpUtility.UrlEncode(field.Value)}&");
}
sb.Remove(sb.Length - 1, 1);
var payload = sb.ToString().Trim();

var req = WebRequest.Create(SandBoxHost + "?" + payload);
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls12;

using (var resp = req.GetResponse()){}

Answer 1

Credentials and URL were correct. However, I found out that you are not able to send Mass Payment via txt file if your sandbox Business account does not have verified credit card. You need to specify this moment when you are creating a new sandbox user. Guess it would not work with API as well if you don't specify credit card.

The real problem was in one of the field names. I used USR instead of USER.