Testing Instructions

Overview

The Paysafe Test environment can be used to test websites or applications without running transactions through the Production (live) processing platform. Payment transactions (e.g., credit card or Direct Debit) processed in the Test environment are not sent to the banking network, but through a simulator. Depending on the information provided with the transaction request, the simulator returns either a successful (approved) or failed (declined) response.

With the Paysafe API you can test the following:

  • Verify support for all the operation types that you require.
  • Review all common errors as well as errors that may occur for each operation, and ensure your application can handle them.
  • Verify the lengths and format for all attributes you send.

The Card Payments API also enables you to simulate specific responses by using special values for the amount, cvv and street request parameters.

Applying for a Test Account

You can apply for a Test account by clicking the SIGN UP button.

Your Test account will provide you with access to a Test version of the Paysafe Merchant Back Office, where you can view the status of your Test transactions. Once logged in to the Back Office you should also retrieve your Account Number (choose Accounts and copy it from the Account column) and your API Key User name and Password (choose Settings > API Key); the password is also available Base64 encoded.

The default Test account can be used for processing Visa and Mastercard card payments (using the Card Payments, Customer Vault, Hosted Payments, and 3D Secure APIs). Special card numbers are available for testing these APIs and for use with Paysafe.js.

Do not use real card numbers or other payment instrument details in the Merchant test environment as it is not compliant with Payment Card Industry Data Security Standards (PCI-DSS), and does not protect cardholder/payee information. Any upload of real cardholder data is strictly prohibited, as described in the Terms of Use.

You will need to open separate accounts for Direct Debit payments (one account for each Direct Debit method you want to support: SEPA, EFT, BACS, and ACH) and one account for each of the Alternate Payment methods supported by Paysafe that you want to use (e.g., SOFORT and BOKU). Also, if you want to test payments in a different supported currency then you will need additional accounts for each payment method/currency combination; for example, SEPA Direct Debit EUR, BACS Direct Debit GBP, Card Payments EUR, and Card Payments GBP. Contact Integration Support with your requirements and they will create the accounts for you.

Multiple accounts are summarized in the figure below.

Signing up for Multiple Accounts

All your accounts can be set up to use the same API key. Please contact Customer Support for more information.

Test API Endpoint

The API endpoint to use for Test transactions is:

https://api.test.paysafe.com

For example:

https://api.test.paysafe.com/threedsecure/v1/accounts/account_id

Using the 3D Secure Simulator

A successful enrollment check – one that returns a threeDEnrollment response of "Y" – is followed by the 3D Secure challenge, where the cardholder must prove their identity. In real life this challenge is provided by the Issuing Bank's Access Control Server (ACS), but to simplify testing you should use our ACS Simulator, which presents a simple interface where you can choose from a range of responses.

The enrollment check response contains the URL of the ACS Simulator https://pay.test.netbanx.com/emulator/test_acs) and a PaReq value, which you must post to the URL. This is best done using a hidden form on your website.

Example Request Form Posted to the ACS Simulator
<form method="POST" action="https://pay.test.netbanx.com/emulator/test_acs">
	<input type="hidden" name="PaReq" value="eJxVUslOwzAQ/ZWIe2MndrZqaqkFBEiA2NRyq1xnRKMSJzhO0/49dhcW+TJvlueZNwNva4N49YqqNyjgAbtOfmBQlZMLs9nTkIbRsmrqUWuacjR0I8qWEU8LzjJO02VcxEm6zPPoQsDT9AW/BGzRdFWjReRKYyBn6JiNWkttBUj1Nbt7FJwmaZIBOUGo0dxdiSSmjPGE5ol7aQrk6AYtaxTXnZItBm9rDF4atQluejS6wz0COcRBNb22Zi/y2FWeAfTmU6ytbbsxIcMwhBrtSupdqJraJRkkqLdh+wnEJwL57fSp91bniHdVKeSisPfvs/0qfrYle7DscTGf55vVbJhOgPgMKKVFEdMopVmcBLQYUzb2rRz8IGvfkVeGurGPAFr/x/QU8YG/DnBbMajVeaIzAty1jUaX4ST+sYH8Nnx564VW1kuaRUURJQXjlGeMcy/5IeBZKidQlNEjjQdAfCk5bZOcDsJZ/w7lG2iWuLM=">
	<input type="hidden" name="TermURL" value="https://merchant.return.url.com/continue3dauthentication" />
	<input type="hidden" name="MD" value="VGhpcyBzZWN0aW9uIGlzIGZvciBhcmJpdHJhcnkgbWVyY2hhbnQgZGF0YS4gSGVsbG8gbXVtIQ==" />
	<input type="submit" value="Press button to continue to the 3D Secure ACS server">
</form>

Paysafe recommends that you put this form in an iframe on your site, and use Javascript to automatically POST to the ACS.

The form must send a TermURL (to receive the ACS response), and it can optionally include an MD (merchant-defined variable) value. The MD value contains information – such as the customer ID – that enables you to match the ACS response with the cardholder; do not include any encoding in your MD that could be interpreted as a cross-site scripting attack by your security applications and browsers, otherwise your transaction may be blocked. Your MD can contain up to a kilobyte of encoded data.

The ACS Simulator displays the following page:

ACS Simulator Page

Click a button on the page to simulate that response.

After the ACS has authenticated the cardholder it returns the MD and a PaRes to the TermURL. The PaRes can vary in size between ACS servers, and can reach up to 64Kb in some cases, so do not attempt any filtering as this can lead to errors.

You can now send the PaRes to the authentication endpoint as the paRes attribute to check whether the cardholder has successfully authenticated:

Example Cardholder Authentication Check
curl -X POST https://api.test.paysafe.com/threedsecure/v1/accounts/89987201/enrollmentchecks/5da985f9-8671-4048-ab85-856be2885ce3/authentications \
  -u devcentre322:B-qa2-0-53625f86-302c021476f52bdc9deab7aea876bb28762e62f92fc671e2d0214736abf501e9675e55940e83ef77f5c304edc7968 \
  -H 'Content-type: application/json' \
  -d '
    {
        "merchantRefNum": "merchantABC-123-authentications",
        "paRes": "eJzNWFeT4kgS/isTvY8dPXIIs0GzUbJIIIGE/MuGHDLIgAwyv/4KmOlhZzsu9m7u4XihlKT5Miu/rBLLP/o8+3INqzopi/cX7Cv68iUs/DJIiuj9Rde4t/nLH6ulFldhyBxCv63C1VIK69qNwi9J8P5SnQb0K/oV+/OavwXh9c1t3lD8T2yCzQkUnSyIPwmcWEwJKEFfVss9UMP6bvfbfflNb4rjb9PJhIAa36CsIJKv+BL5ghjVn7sFs1q6foXSpBXkwW+QNEl8u1xmYeVwKymc2y+mEDDx+MS+WG3b2+rGuLvk2AV5Gjj8Aa+NTl0q4FBswfRkIIadOB9idw0loHbhCschRhxDPuC4b/j2O8EsUTu8uX55g7kZQt9kzg6XSLPkiWsVAULOazmOPzp42kZ9ueyCKEGxPixXiIwJ3dYoU+fcgpQULfULrUrNWySfJPQd3ly7pxm7Ze2Uvk22rpu9frSkpBZONx7OdcGvDGIPBY5hNy7OA6TPausgz9ZIXCSLfvuxXIorJKmjhfYQ+dH4IlcoOC3LdwtTwkUQGDVeEX2EtF/f4SN835dwTpuu5rR3wtqwjBYSIIukCgQlAn0W8vD6swEIpj+R+Z0W5RFonvZsnoNrAzpLCJy+DLB7bP3GjqzROGqCz9Bl29+dikeLtJUAIjoU/kc6dPmf2TKD+DrWr3rY5d7BbgJ0erpRoew1tHhF90VYBswPDZfDa9gWGSKKyb/ybg92DPHr77M9ysDVdbbIw1ufXEoNv34sXw5nkyL0wCS4T373YPzSXygfAb/MdePdXkoRhFzNFDw8iRD73TDQ2eoaXPCBvzYjGZLrXqJJr5pIKOWNPkZuavdwvaJhb1JT/yrS3xphLEeECoUjw9z3IebQl8bOX2gFrScV1dFXMQB7JuvFQmR0bF06gbmTUStjNPjASKcfwJf6Ar6frqekeOPWE8taHYnmJTN82EYcRMX6ubk+rF0en9aR++ZbkJh0dWFokuGLdxHys6rJrkCBsCEl0SBNocaRr4Ck0rjLtWDK3RWQ8dgUxFp0t8SvhFh1JA0TnAUKOk+h2n2IyhKALbkYxtYomfZycHN0aXzwZHYw8SBXiA6SzVS6KCc41diGeHDzJJlTr2Ycuw3bmxzeDqDdjgwVEnqaBjovtvW7YLdo6l0rZJTiSl7uiHDc924lpJWUUCk7t/OpbWWm6gSs61IQNCrkN7aQS9xJx6OdVHKQ3cm0zW/iqT1mzPjcCgItmgQKQxJzn2THFwTbVwLLl0LRFiFToW3OOu2S57ylPvWQ3sH7aSRvMYnDOL69aU41/PgaaKv9Wd5QDYUakCusg+0ZHNgnJu7QhdqB26m5GRk6W+peSL2jcnaoWc0nazd9CUmeHjJLBM4gqQox+LdqblknydFK+zM1qfOOM1Mr10MWj5+WAJFoNfNoK/LnZZ8rrvB8nGZLQZDwHhi3wkV+e1YmpyPENDRt9tzjRaLMJqhuAennIHUIUorXNyJ7PhIfNjKbluLUHLFo5OA1hFoH3SSzCnSKH3V9IFZ5VNB2TCzpP5VNmYnlcmxhSj5ouoBNtFzgrnTSik05LR5TS0y4QPOU+fyXlLzCp+I+sKPzlQVDQoa8Pt0pD3GeN1I0f6nmOsHeOcvGivkTE3z19N4G0u+njc6CqN9EosvV6McTzRSusXsSmn1qiUeo0aXM8xqr2r5gtY6X5y2KAMeIcE+5k9n9LJ0m50siGd6KEZ1cScGlj+WQkYSJBfohPbMd13OsXf6ZTa2lN79c/txW4lcHr4iiVaRYWeZW77cGvlUqNQMgtYMfaKqFvHvixpUidpgJQ0G5NGgTDvMv2vspTCfi0HvWM/cug/cvD4LPMK5Qlf/Yyvp0cgPuS2Bk4B/US9zV+oJ/BHCaA8fbjwB8EjGIW91R7A8sgA0i1RNrANmYMRkIEaB3uvKksxK17Xw8W35RqzGkUe1Gw3mgIIcfpMTIxu3oITzix8zuTHwB05Cw+ux9xr6IKst5bNhIdyMtlbxmnWS/QsPxoGwWZBsSHVpDJcV9JthprFPrHfiVEmy0eiJFvC7cnjMZ8hbI1F25idbgpsa2SUm18DBhTFwesH2IYLUhEYoADq55yoR04UoA+Ha1231XBBCFAG+amd5Q1uXucxZJSwH+OjPey5UjQa3o13cdRTY2Aag5zH0YgmctFp9FE6Yheq1BogJRE/GMze5XQghMqVz8e+BSji5PtKrCTct+CxQvWUfMmHw2lbC9vDdjppzyi2u/L1Nj/n6lraUWdenG7gmXx6LZnjOtA2ylaiLvI/oxOzv9Hp4kagE+CwFkSwt4QddxKFqyB/VgZpLf3adB+B+jHd82/T3RKvHvE/aEdqYjEaO0qw2Xcai8uaNMhYeZNhP8k6f2QtidIfNKak3TNtfDw++znEmgLlEdfXaP0pT43VJIq928Kzb+OZXOHh88bPF7Cffn08RM68YxRb3JSOEF99GdxrD2DKKICUE0EJW3HHB9Q0JengoDuFtzatrBh97HKNPOPoafwlETqrf12nzGKSn0/6qEzJhWlT1fEcLuwT0RxxvipTcXA8nkD7tDwHhWdua48eZxd7kXPJayx0G2LGJVJ+Lhw4zrlLAQ6zKWcMexe57myJblNk99pvnXQy7MweaeE5wIOzMsvO7p44b4lpg9o0B98f4IACfBoFMLdA79a3caaiO4qyWY5mlIvfLJLOT7q2rzaCfi5doTkhhQpzzW71WR8kNnJQWJcL+Hf6pRWeAu3/+BYl/Myv7qYTsJ3CSQAiOv5t37nHvrOQNORhjmyG4xgHiD+g3d70OtEiHUcuUXLi0IV+TMRxTSKv/jEtw3FmmLldTINhPyPrXIh2ypQxiDWSwestJoi1dRpBW5d0uzPwmDuk4/RUDlQIdiPn4EWFddkoGjk+irns04OF+T2uVGzfY666bfVdfe4rfsJbmeM3XIXeXgoOsqiXIyp9dpIjP+7IyMe9+ceN+v6uff9f4PZ6+Px/wb8AnfVotg=="
    }'

For more information on how the 3D Secure Simulator fits into the flow, see this blog article.

3D Secure Test Card Numbers

For details, see Test Cards.

3D Secure Results

For details, see 3D Secure Results.

Did you find this page useful?