Since yesterday, PayPal does not work on my site. - customer_id malformed by use of non-sanitized Invoice Prefix #3573
Description
Describe the Bug
For logged in users or guests, the PayPal button does not appear in the cart or on the checkout page.
To Reproduce
Go to cart - no button. Go to checkout - no button.
Screenshots
Nothing to see here.
Expected Behavior
There should be PayPal buttons in the Cart and on the Checkout page.
Actual Behavior
No PayPal buttons
Environment
Woocommerce PayPal Payments 3.0.8 and 3.0.9
Additional Details
This log shows the issue:
2025-08-01T00:08:44+00:00 Debug #8018 - [New Request] POST /
2025-08-01T00:08:44+00:00 Debug #8018 - POST https://api-m.paypal.com/v1/identity/generate-token
Request Body: {"customer_id":"bartolini.net-f4145c85"}
Response Debug ID: 6f14667156655
Response: Array
(
[code] => 400
[message] => Bad Request
)
Response Body: {"name":"INVALID_REQUEST","message":"Request is not well-formed, syntactically incorrect, or violates schema.","debug_id":"6f14667156655","details":[{"field":"/customer_id","value":"bartolini.net-f4145c85","location":"body","issue":"INVALID_PARAMETER_SYNTAX","description":"the value of a field does not conform to the expected format."}],"links":[]}
2025-08-01T00:08:44+00:00 Warning #8018 - [INVALID_REQUEST] Request is not well-formed, syntactically incorrect, or violates schema. CONTEXT: {"args":{"method":"POST","headers":{"Authorization":"Bearer ...
I found that the Invoice Prefix field is used to form the customer_id for use by the API. It seems there are new restrictions in the API that disallow the use of "." or "-" in the customer_id. There are no restrictions on the Invoice Prefix field in the Plugin and there is no sanitization of the field contents when forming the customer_id, so if these characters are included, the customer_id will be malformed.
After changing the Invoice Prefix from bartolini.net- to bartolini or bartolini_, the issue is resolved.