沙盒環境
Cardflo 沙盒環境允許開發人員集成和測試支付解決方案,而不會影響實時交易。 這個隔離空間反映了我們的生產環境,可以對所有 Cardflo 功能進行徹底測試,從支付處理到 Webhook 和 API 交互,確保平穩過渡到實時操作。
- 類別
- 開發者
- 功能數
- 10
- 適用於
- 所有方案
概覽
A sandbox environment acts as a non-production instance of a payment gateway or orchestration platform, allowing developers to model the entire transaction lifecycle without moving real funds. It operates as a replica of the live API, including components for authorisation, capture, and settlement.
Within this isolated container, technical teams can verify their integration logic, request structures, and authentication headers against strict validation rules.
By using test credentials and simulated Card Identification Numbers (BINs), merchants can evaluate how their backend reacts to various responses, such as successful payments, soft declines, or 3DS authentication prompts.
The sandbox sits between the merchant application and the simulated acquirer, providing a safe space to ensure that the code handles edge cases, such as insufficient funds or expired cards,
before moving to a live production environment where errors could result in loss of revenue or increased chargeback ratios.
運作方式
Credential generation and authentication
Developers obtain a specific set of API keys or Bearer tokens designated for the testing environment. These credentials route requests to a mock processor rather than the live payment schemes.
This ensures that no merchant identification number (MID) is billed for processing fees and no real cardholder data enters the production systems.
Simulated transaction processing
The merchant sends a payment request using predefined test card numbers that trigger specific outcomes. For example, using one BIN might simulate a successful authorisation, while another triggers a CVV mismatch or a hard decline.
The sandbox returns an identical JSON response structure to the live API to ensure compatibility.
Webhook event notification
Once a transaction status changes in the sandbox, the system generates asynchronous webhooks. The merchant server receives these notifications at a designated endpoint to verify that their system correctly updates the internal database.
This step is critical for testing automatic order fulfilment or subscription management logic in real time.
State change and settlement
Users can manually or programmatically transition the state of a transaction from authorised to settled or refunded within the testing dashboard.
This allows for the verification of post-purchase workflows, including the handling of retrieval requests or partial refunds, ensuring the merchant UI reflects the correct financial state.
為何重要
Risk mitigation during deployment
Implementing new payment flows directly in production creates high operational risk. By utilising a sandbox, developers can identify logical errors or malformed API requests that would otherwise lead to failed checkouts.
This isolation protects the integrity of the live Merchant Identification Number and prevents accidental triggers of anti-fraud filters that could occur during aggressive testing of new card-present or card-not-present integration logic.
Validation of complex logic
Modern payments often involve multi-step processes like Strong Customer Authentication (SCA) or recurring billing. A sandbox allows for the rigorous testing of cardholder-initiated and merchant-initiated transactions without the financial cost of real transactions.
It ensures that the system correctly interprets various decline codes and response messages from issuers, allowing for the refinement of dunning logic and retry strategies to optimise eventual conversion rates.
應用案例
Initial API integration
New merchants use the sandbox to map their internal order management systems to the payment gateway's API endpoints. This confirm that data fields like currency codes and merchant category codes are correctly formatted for authorisation.
Recurring billing verification
Subscription-based businesses test their dunning sequences by simulating card expiry or insufficient funds. This ensures that the system correctly attempts retries and sends appropriate notifications to the customer before service suspension.
Webhook endpoint debugging
Developers use the testing environment to verify that their firewall and server configurations allow for incoming webhook notifications. This prevents issues where orders remain 'pending' despite successful authorisation at the acquirer level.
Alternative payment method testing
Before enabling local payment methods, merchants can simulate the redirect flows required for APMs. This ensures that the user experience remains consistent when the customer is sent to a third-party wallet or bank portal.
數據概覽
Typical efficiency gains observed by technical teams when using a comprehensive sandbox compared to manual documentation review and direct production testing.
Estimated range of reduction in post-deployment bugs related to payment logic when rigorous sandbox testing is implemented as part of the CI/CD pipeline.
Industry standard response time for mock API endpoints, allowing for rapid iteration during the software development lifecycle.
相關術語
Talk to our team about a live rollout on your acquiring stack.
What you get with 沙盒環境
- 模擬完整的支付生命週期,包括批准和拒絕
- 測試與 Cardflo API 和 SDK 的集成
- 嘗試不同的支付方式和配置
- 驗證 Webhook 通知和響應
- 安全地開發和調試自定義支付流程
- 為各種場景存取全面的測試數據
- Configure multiple merchant profiles to test currency conversion and domestic versus international processing.
- Audit the logging of transaction IDs, ARNs, and timestamps for internal financial reconciliation.
- Model the behaviour of partial captures and multiple refunds on a single transaction.
- Examine the impact of merchant category codes on simulated authorisation rates and fee structures.
A short scoping call, then a written plan for your MIDs.
Questions about 沙盒環境
Cardflo 沙盒環境的目的是什麼?
沙盒為開發人員提供了一個安全、隔離的空間,用於集成和測試 Cardflo 的支付編排平台。 它允許對所有功能進行全面測試,而不會影響實時商戶帳戶或客戶交易,確保穩健的集成。
沙盒環境是否支持所有 Cardflo 功能?
是的,Cardflo 沙盒環境旨在盡可能接近生產環境。 開發人員可以測試核心支付處理、智能路由邏輯、拒付恢復機制和 API 交互,確保集成開發的全部功能兼容性。
我如何存取 Cardflo 沙盒?
創建帳戶後即可存取 Cardflo 沙盒。 開發人員會收到必要的憑證和文檔,以便立即開始測試。
提供全面的指南,以協助初始設置和各種測試場景,促進高效開發。
Is stored cardholder data in the sandbox subject to PCI-DSS compliance?
While the sandbox should not contain real cardholder data, the security of the API keys and the simulated data remains important. Most sandbox environments use pseudo-data that resembles real PANs but fails Luhn algorithm checks or belongs to unassigned ranges.
However, developers should maintain good security practices and never use real customer data within a testing environment to avoid potential data leakage risks.
Will my webhook endpoints receive the same payload as the production environment?
The JSON or XML payload delivered to your webhook URL in the sandbox should mirror the production schema exactly. This includes the same fields for transaction ID, amount, currency, and status codes.
Testing this ensures that your backend parser is correctly configured to handle the live data stream without needing to make code changes during the transition to production.
Can I test the settlement and reconciliation process in the sandbox?
You can simulate the transitions that lead to settlement, such as moving a transaction from 'authorised' to 'captured'. Some sandboxes allow you to generate mock reports that resemble the settlement files provided by acquirers.
This helps in building automated reconciliation tools that match internal order IDs with the transaction references provided by the payment service provider.
