Sandbox is your test environment to play around with TabaPay API before going live. You should have your Sandbox credentials including your FQDN that should go in the endpoint of any API request (e.g. https://{FQDN}/v1/clients/{ClientID}/transactions).
Are there Test Card Numbers to use in the Sandbox Environment?
PCI requires us and you to use test card numbers when testing. You should never use a real Card Number in the Sandbox Environment. We provide various test cards for various scenarios for your use.
How to generate an error in the Sandbox Environment? (Create Transaction)
For Create Transaction API, the Amount is used to trigger various errors while processing the Create Transaction API request in the Sandbox Environment (Accel uses a 3-digit Network Response Code):
| Amount (USD) | Response Code | Actual Response | Error Description | |||
|---|---|---|---|---|---|---|
| Status Code | Network Response Code | Resource Status | Network Response Code | Resource Status | ||
| 0.01 | 200 | ZZ (or 999) | ERROR | ZZ (or 999) | ERROR | Transaction Error |
| 11.00 | ||||||
| 0.02 | 207 | UNKNOWN | UNKNOWN | Transaction Processing Failed | ||
| 12.00 | ||||||
| 0.03 | 200 | 00 (or 000) | COMPLETED | 00 (or 000) | COMPLETED | Transaction Successful, but upstream processing was delayed for 30 seconds |
| 13.00 | ||||||
| 0.04 | 207 | UNKNOWN | 00 (or 000) | COMPLETED | Transaction Successful, but upstream processing was delayed for 40 seconds | |
| 14.00 | ||||||
How to generate a Partial Approval in the Sandbox Environment? (Create Transaction)
Use amount 0.09 or 19.00. This will only trigger a partial approval if the network supports it (currently, only Visa and MasterCard are supported).
Using Sandbox Test Cards
The trigger amounts in Sandbox are intended to be used with Domestic Test Cards. Additional test cards like 3DS Test Cards may not return the expected behavior.
How to generate an error in the Sandbox Environment? (Delete Transaction)
For Delete Transaction API, the Create Transaction API Amount is used to trigger various errors while processing the Delete Transaction request in the Sandbox Environment (Accel uses a 3-digit Network Response Code):
| Amount | Create Transaction Response | Delete Transaction Response | Error Description | ||||
|---|---|---|---|---|---|---|---|
| Status Code | Network Response Code | Resource Status | Network Response Code | Reversal Network Response Code | Resource Status | ||
| 0.07 | 200 | 00 (or 000) | COMPLETED | 200 | ZZ (or 999) | UNKNOWN | Reversal Request failed |
| 0.08 | 200 | 00 (or 000) | COMPLETED | 200 | 21 | UNKNOWN | Reversal Request failed, the Reversal was too late. |
| Not available when routed to any Regional Network: Currently only STAR and Accel. | |||||||
How to generate an error in the Sandbox Environment? (AVS, CVV2)
For Query Card API with AVS, the Zip Code, Address, and Security Code are used to trigger various AVS Response Codes while processing an AVS request in the Sandbox Environment.
Note: Sandbox behavior may vary slightly by card network (Visa, Mastercard, or Discover). Example Error request and responses can be found in the TabaPay Postman Collection.
| Request | Response | Comments | |||||
|---|---|---|---|---|---|---|---|
Zip Codeowner.address.zipcode |
Line 1owner.address.line1 |
Security Code | Response Text | Network Response Code | Code | ||
| AVS Results | Security Code Results | ||||||
| Any* | Any* | None | NOT DECLINED | 85 | Y | Zip Code and Address were matched | |
| Any* | None | None | NOT DECLINED | 85 | Z | Zip Code was matched | |
| Any* | Any or Omit | Any* | DEPENDS | DEPENDS | DEPENDS | M | Depends upon if Zip Code and Address matches or not, but Security Code was matched |
| Any* | Any or Omit | 999 | DECLINE | 5 | DEPENDS | N | Depends upon if Zip Code and Address matches or not, but Security Code was not matched |
| 99990 | Any or Omit | Any or Omit | DECLINE | 5 | U | Information not available | |
| 99991 | Any or Omit | Any or Omit | DECLINE | 5 | R | AVS unavailable, retry | |
| 99992 | Any* | None | DECLINE | 5 | A | Zip Code was not matched, but Address was matched Sandbox AVS Results Code may vary based on card Network account routing |
|
| 99992 | None or 999 Bad | None | DECLINE | 5 | N | Zip Code and Address were not matched Sandbox AVS Results Code may vary based on card Network account routing |
|
| 99993 | Any or Omit | Any or Omit | DEPENDS | DEPENDS | DEPENDS | DEPENDS | AVS Request delayed for 30 seconds |
| 99994 | Any or Omit | Any or Omit | UNKNOWN | UNKNOWN | UNKNOWN | UNKNOWN | AVS Request timed out Use a Mastercard |
| 99995 | Any or Omit | Any or Omit | DECLINE | 5 | N | Zip Code was not matched, but Address was matched Use a Visa Card |
|
- Any* - Any Zip Code that is not explicitly used to trigger a condition (99990-99995)
- Any* - Any Address that is not explicitly used to trigger a condition (999...) - Address only checks the Street Number
- Any* - Any Security Code that is not explicitly used to trigger a condition (999)
ANI Triggers in Sandbox
In Sandbox, the default ANI match code is M. The specific names (in your Query Card request) used to trigger various ANI match codes are in the list below.
Input Value Used | Field(s) | Result / Behavior |
|---|---|---|
| Use
| Partial match ( |
| Use
| No match ( |
| Use
| Name match not supported ( |
| Use
| No match ( |
Any other value | Any other names* in first middle, or last:
Note: Any names (i.e. not one of: | Match ( |
owner.name.lastis required for ANI.owner.name.middleandowner.name.firstcan optionally be provided.- No decisioning will be done on
owner.name.first/owner.name.middleif it's not part of the ANI request
How to generate a RTP error in the Sandbox Environment?
The Account Number for RTP is used to trigger various errors while processing the Create Transaction API request in the Sandbox Environment (RTP uses a 3-character Network Response Code):
| Account Number | Create Transaction Response | Error Description | ||
|---|---|---|---|---|
| Status Code | Network Response Code | Resource Status | ||
| 100000000...111111111 | 200 | 000 | COMPLETED | N/A |
| 111111112 | 200 | P04 | ERROR | Invalid Account |
| 111111113 | 200 | P11 | ERROR | Sender not authorized |
| 111111114 | 200 | P07 | ERROR | Participant blocked |
| 111111115 | 200 | P02 | ERROR | Invalid Account |
| 111111116 | 200 | P11 | ERROR | Transaction forbidden on this account |
| 111111117 | 200 | P23 | ERROR | Amount received is not the amount agreed or expected |
| 111111118 | 200 | P23 | ERROR | Amount exceeds limits |
| 111111120 | 200 | P21 | ERROR | Incorrect routing number |
| 111111121 | 200 | P14 | ERROR | Participant deceased |
More FAQs
1. Is the Sandbox Environment PCI Compliant?
No. You should be using Test Card Numbers when testing in the Sandbox Environment. You should never use a real Card Number in the Sandbox Environment. We provide various Test Card numbers for various scenarios.
2. What is EM:JSON NOT PACKED?
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Excepteur sint occaecat cupidatat non proident!
Each API request body, or payload should be formatted in compact JSONwhen using the TabaPay API. Create Transaction, Query Card, or Query Bank all require removing any whitespaces for a successful call. API examples in TabaPay docs are presented in a human-readable format for clarity.
Here is an example of Query Card with packed JSON.
{"card":{"accountNumber":"4111111111111111","expirationDate":"202708","securityCode":"232"},"owner":{"name":{"first":"Test","last":"Name"},"address":{"line1":"123 Street","city":"San Francisco","state":"CA","zipcode":"94104","country":"840"}},"currency":"840","timeout":"39"}3. What is the Sandbox Environment SLA?
There should be no expectations on the Sandbox Environment.
4. Can we run a preformance test in Sandbox?
You can not run a Performance Test in the Sandbox Environment. The Sandbox Environment is a very small fraction of the Production Environment. It would be a waste of everyone's resources to do a Performance Test using the Sandbox Environment.
5. What happens if someone decides to run a Performance Test? (in Sandbox)
Your IPs will be blocked.
6. How quickly can we do a change (configuration) on the Sandbox Environment?
We are PCI Level 1 and SOC1 Type 1 and SOC2 Type 2 Compliant. So, what does that mean? We are procedure and process controlled.
Some companies require us to be PCI Level 1 and SOC Compliant (SOC1 Type 2 and SOC2 Type 2). And then some of those same companies still expect us to do things for them immediately (and even on Production).
Here is a real life example that recently occurred:
- A Client demanded to change their limit on a weekend night immediately
- After changing their Limit, the same Client later demanded to change their limit again and again on a weekend night immediately
- After changing their Limit again, we see they never reached the Limits they demanded, in fact, they never even reached their original Limit Not everything is or can be an emergency!
Schedule for Sandbox changes: (1) Have your request by Friday morning (2) Changes will be implemented by end of day Monday (or Tuesday, if Monday is a Holiday)
So please plan ahead. This includes boarding new clients, changing limits, allowlisting IPs, etc.
7. Is there rate limiting in Sandbox?
Yes, there is rate limiting on the Sandbox Environment. Sandbox is a Shared Environment used by many Clients and meant only for Development purposes
8. Can you simulate network response codes in Sandbox?
No, you can not re-create, or simulate network response codes in sandbox. For a list of codes, refer to each reference: