Common Problems

Samesite cookie error

Chrome recently launched an update restricting cookies from other sites such as the ones created by SagePay.

In order to solve this,
In your Magento backend, go to System > Configuration. On the left menu, under General section, click Web.  The Session Cookie Management options have a field for the cookie path.
The first thing is making sure HTTP Only is enabled, the second is adding the following to the cookie path: /;Secure;SameSite=None
See screenshot for reference:
Cookie Management

If the above does not work this can be configured directly on the web server.

For apache users just add the following entry in the apache configuration file:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=None

For nginx users please read the following doc:
For nginx plus users please read the following doc:

Message not from "trusted origin"

Enabling CORS should solve this problem:

For apache users please read this Guide.
For nginx users just follow this Configuration Guide. 

API endpoints abused for stolen credit card testing

One way to avoid this is blocking the ip addresses making the purchases.

In addition find the below links with more information on this matter:

Some recommendations for PayPal

One Step Checkout Error.
We are aware of an error on Magento 2.4 when using version 1.2.040 (OSC) and 1.4.2 (Opayo Suite formerly SagePay Suite)
This can be easily solved updating OSC to the latest release.

Your Sage Pay Suite license is invalid.
This error is provided when you haven't entered a valid license on the module configuration page. Please note that the license keys are unique for each URL. We can provide you up to 4 free dev licenses if you have your support on date. Since the dev licenses are free the domain must specify that the site is a dev, the url must contain the word dev, local, beta, staging, test, etc. Ex: Please email us directly to 

Invalid Sage Pay API credentials.
This error is provided when your credentials on the basic settings are not correct or are from the wrong environment. Please note that if you want to use TEST mode the credentials should be from the SagePay test environment.

Token expired and causing problem when running composer update
If your token expired and it's causing problems when you run composer update. You can renew your support to get a new token or simply run composer config --unset repositories.ebizmarts

Invalid merchant authentication
This error is provided when your API Credentials on the PI Integration are not correct. You can read how configure PI Integration and where to find your API Credentials HERE.

Authentication values are missing
This error is provided when you haven't input the credentials on the PI integration. You can read how configure PI Integration HERE

Something went wrong: Invalid FORM encrypted password.
This error is provided when your Encryption password is not correct. You can read how configure FORM Integration HERE

5006 - Unable to redirect to Vendor's web site. The Vendor failed to provide a RedirectionURL.

This is a wildcard error message, it could mean a lot of things but here is a few common issues that might lead to this.
- A firewall is not letting Sage Pay POST information to Magento
- The site is in maintenance mode and restricted only to some ip addresses or any kind of restriction
- Site is protected with username and password not letting people viewing it unles they enter the correct information. On this one it can be bypassed if you only filter GET requests, more information here.
- An error in Magento is happening when the POST data reaches our controller, before or after.
- SSL 3.0 is enabled, Sage Pay does not reach servers that are using SSL 3.0.

Something went wrong: Invalid transaction id (Magento 2.3)
To fix this, follow the steps above:
1. Run bin/magento setup:db-schema:upgrade​. 
2. Go to the database, search for the table sales_oder_payment, in the structure of the table look for the field last_trans_id. Check that the length of the field is 100. 
3. If the length is not 100, then go to the table patch_list and remove the entry Ebizmarts\SagePaySuite\Setup\Patch\Schema\EnlargeLastTransIdand repeat the previous steps.
4. Clean Magento's cache by running bin/magento cache:flush

To enable the 3.00 protocol for a single store, leaving the others with the 4.00 protocol (3Dv2)

First go to the module's basic settings on the default scope and enable the 4.00 protocol:

Then run the below query:

INSERT INTO core_config_data (scope, scope_id, path, value, updated_at) VALUES ('stores', {storeID}, 'sagepaysuite/global/protocol', '3.00', '2020-11-24 15:35:00');

Replace {storeID} with the id of the store where you want to use the 3.00 protocol.
Don’t forget to flush your Magento’s cache.

In case you want to remove that entry from your database, run the below query:

DELETE FROM core_config_data WHERE path = 'sagepaysuite/global/protocol' AND scope = 'stores';