Testing Guide
Complete guide to testing AuxVault API integration in sandbox environment.
Sandbox Environment
Base URL:
https://sandbox-api.auxvault.com/api/v1
Key Differences from Production:
- No real money processed
- Test cards always work
- Instant settlement (no waiting)
- Relaxed validation rules
- Unlimited API calls
Test Cards
Approved Transactions
| Card Number | Brand | CVV | Expiry |
|---|---|---|---|
| 4111111111111111 | Visa | 123 | Any future date |
| 5555555555554444 | Mastercard | 123 | Any future date |
| 378282246310005 | American Express | 1234 | Any future date |
| 6011111111111117 | Discover | 123 | Any future date |
Declined Transactions
| Card Number | Result | Decline Reason |
|---|---|---|
| 4000000000000002 | Declined | Generic decline |
| 4000000000000069 | Declined | Expired card |
| 4000000000000119 | Declined | Processing error |
| 4000000000000127 | Declined | CVV mismatch |
| 4000000000000010 | Declined | AVS mismatch |
| 4100000000000019 | Declined | Fraud suspected |
| 4000000000000101 | Declined | Insufficient funds |
Test CVV Codes
Trigger specific CVV responses:
| CVV | Response Code | Result |
|---|---|---|
| 123 | M | Match - approved |
| 999 | N | No match - declined |
| 000 | U | Unknown |
| 111 | P | Not processed |
Test AVS Responses
Trigger specific AVS responses using addresses:
| Address | ZIP | AVS Code | Result |
|---|---|---|---|
| 123 Main St | 12345 | Y | Full match |
| 456 Oak Ave | 99999 | A | Address match only |
| 789 Elm St | 12345 | Z | ZIP match only |
| 999 Test Ln | 99999 | N | No match |
Test Amounts
Trigger specific scenarios with amounts:
| Amount | Behavior |
|---|---|
| $1.00 - $999.99 | Approved |
| $1,000.00 | Declined (amount too large) |
| $0.50 | Validation error (below minimum) |
| $99,999.99 | Approved |
| $100,000.00+ | Declined (exceeds limit) |
Testing Transactions
Test Approved Sale
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "X-Tenant-ID: your-tenant-id" \
-H "Content-Type: application/json" \
-d '{
"type": "sale",
"amount": 100.00,
"currency": "USD",
"paymentMethod": "card",
"card": {
"number": "4111111111111111",
"expiryMonth": "12",
"expiryYear": "2027",
"cvv": "123"
},
"billing": {
"firstName": "Test",
"lastName": "Customer",
"address": "123 Main St",
"city": "New York",
"state": "NY",
"zip": "10001",
"country": "US"
},
"customer": {
"email": "test@example.com"
}
}'
Expected: Status 200, transaction approved
Test Declined Transaction
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions \
-d '{
"card": {
"number": "4000000000000002"
},
...
}'
Expected: Status 200, transaction declined
Test CVV Mismatch
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions \
-d '{
"card": {
"number": "4111111111111111",
"cvv": "999"
},
...
}'
Expected: CVV mismatch, declined or flagged
Test AVS Mismatch
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions \
-d '{
"billing": {
"address": "999 Test Ln",
"zip": "99999"
},
...
}'
Expected: AVS mismatch, declined or flagged
Testing Refunds
# 1. Create transaction
TXNID=$(curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions \
-d '{ "amount": 100.00, ... }' | jq -r '.data.transactionId')
# 2. Refund transaction
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions/$TXNID/refund \
-d '{
"amount": 100.00,
"reason": "Test refund"
}'
# 3. Partial refund
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions/$TXNID/refund \
-d '{
"amount": 50.00
}'
Testing Authorizations
Auth & Capture Flow
# 1. Authorization
TXNID=$(curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions \
-d '{
"type": "auth",
"amount": 100.00,
...
}' | jq -r '.data.transactionId')
# 2. Capture full amount
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions/$TXNID/capture
# 3. Or capture partial
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions/$TXNID/capture \
-d '{"amount": 50.00}'
Auth & Void Flow
# 1. Authorization
TXNID=$(curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions \
-d '{
"type": "auth",
"amount": 100.00,
...
}' | jq -r '.data.transactionId')
# 2. Void authorization
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions/$TXNID/void
Testing Subscriptions
Create & Test Subscription
# 1. Create subscription
SUBID=$(curl -X POST https://sandbox-api.auxvault.com/api/v1/recurring \
-d '{
"customerId": "cust_test_123",
"planId": "plan_monthly",
"amount": 99.00,
"frequency": "monthly",
"startDate": "2026-01-28"
}' | jq -r '.data.subscriptionId')
# 2. Pause subscription
curl -X POST https://sandbox-api.auxvault.com/api/v1/recurring/$SUBID/pause
# 3. Resume subscription
curl -X POST https://sandbox-api.auxvault.com/api/v1/recurring/$SUBID/resume
# 4. Cancel subscription
curl -X POST https://sandbox-api.auxvault.com/api/v1/recurring/$SUBID/cancel
Testing Invoices
# 1. Create invoice
INVID=$(curl -X POST https://sandbox-api.auxvault.com/api/v1/invoices \
-d '{
"customerId": "cust_test_123",
"amount": 500.00,
"dueDate": "2026-02-15",
"items": [
{
"description": "Test Item",
"quantity": 1,
"unitPrice": 500.00
}
]
}' | jq -r '.data.invoiceId')
# 2. Send invoice
curl -X POST https://sandbox-api.auxvault.com/api/v1/invoices/$INVID/send \
-d '{
"sendVia": ["email"],
"email": "test@example.com"
}'
# 3. Record payment
curl -X POST https://sandbox-api.auxvault.com/api/v1/invoices/$INVID/payment \
-d '{
"amount": 500.00,
"paymentMethod": "card"
}'
Testing Webhooks
Set Up Test Webhook
curl -X POST https://sandbox-api.auxvault.com/api/v1/webhooks \
-d '{
"url": "https://your-test-server.com/webhook",
"events": [
"transaction.approved",
"transaction.declined",
"refund.approved"
]
}'
Trigger Test Webhook
# Process a transaction to trigger webhook
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions \
-d '{ ... }'
# Check your webhook endpoint received the event
Test Webhook Endpoint
curl -X POST https://sandbox-api.auxvault.com/api/v1/webhooks/webhook_123/test \
-d '{
"eventType": "transaction.approved"
}'
Testing Error Scenarios
Invalid Card Number
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions \
-d '{
"card": {
"number": "1234567890123456"
},
...
}'
Expected: 400 error, invalid card number
Missing Required Field
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions \
-d '{
"amount": 100.00
}'
Expected: 400 error, missing required fields
Invalid Token
curl https://sandbox-api.auxvault.com/api/v1/transactions \
-H "Authorization: Bearer invalid_token"
Expected: 401 error, unauthorized
Resource Not Found
curl https://sandbox-api.auxvault.com/api/v1/transactions/invalid_id
Expected: 404 error, not found
Test Data Cleanup
Sandbox data persists. Clean up test data regularly:
# List recent transactions
curl https://sandbox-api.auxvault.com/api/v1/transactions?limit=100
# Void test transactions
for txnid in $(curl ... | jq -r '.data[].transactionId'); do
curl -X POST https://sandbox-api.auxvault.com/api/v1/transactions/$txnid/void
done
Automated Testing
Example Test Suite (JavaScript)
const API_BASE = 'https://sandbox-api.auxvault.com/api/v1';
describe('Transaction API', () => {
it('should approve valid transaction', async () => {
const response = await fetch(`${API_BASE}/transactions`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${TOKEN}`,
'X-Tenant-ID': TENANT_ID,
'Content-Type': 'application/json'
},
body: JSON.stringify({
type: 'sale',
amount: 100.00,
card: {
number: '4111111111111111',
expiryMonth: '12',
expiryYear: '2027',
cvv: '123'
},
...
})
});
const data = await response.json();
expect(data.success).toBe(true);
expect(data.data.status).toBe('approved');
});
it('should decline invalid card', async () => {
const response = await fetch(`${API_BASE}/transactions`, {
method: 'POST',
body: JSON.stringify({
card: { number: '4000000000000002' },
...
})
});
const data = await response.json();
expect(data.success).toBe(false);
expect(data.data.status).toBe('declined');
});
});
Rate Limiting in Sandbox
Sandbox has NO rate limits to facilitate testing. In production:
- 100 requests/minute per API key
- 1,000 requests/hour per tenant
Best Practices
✅ DO:
- Test all edge cases - Success, failure, validation errors
- Test webhooks - Ensure your endpoint handles events
- Use test cards - Never use real cards in sandbox
- Clean up data - Remove test data regularly
- Test error handling - Verify your app handles errors gracefully
- Automate tests - Build a test suite
❌ DON'T:
- Don't use real cards - Sandbox only accepts test cards
- Don't skip testing - Test before going live
- Don't assume success - Test failure scenarios too
- Don't ignore webhooks - Critical for production
- Don't test in production - Always use sandbox first
Moving to Production
Before going live:
- ✅ Test all features - Every endpoint you'll use
- ✅ Test error handling - All error scenarios
- ✅ Test webhooks - Verify webhook processing
- ✅ Review security - Token handling, HTTPS, etc.
- ✅ Update to production URL -
https://api.auxvault.com/api/v1 - ✅ Use production credentials - Get from your account manager
- ✅ Monitor transactions - Watch for issues
- ✅ Have rollback plan - In case of issues
Troubleshooting
"Transaction declined" but should be approved
Check:
- Using correct test card (4111111111111111)
- CVV is 123
- Expiry date is future
- All required fields provided
Webhook not receiving events
Check:
- Webhook URL is publicly accessible
- Returns 200 status code
- HTTPS (required)
- Signature verification not blocking
"Unauthorized" errors
Check:
- Token is valid
Authorization: Bearer TOKENheader presentX-Tenant-IDheader present- Token hasn't expired
Next Steps
Need help? Contact support@auxvault.com