Testing Guide

This page describes how to test your integration prior to certification. It is intended to facilitate thorough testing, resulting in an issue free go-live. Prior to reviewing this section, it is recommended that you first choose your integration method(s) and familiarize yourself with the API Specification.

Test environment

All testing should always be done using test accounts on the test environment. Testing with live accounts on the live payment gateway can cause problems such as:

  1. Unnecessary downtime
  2. Live transaction corruption/loss
  3. Incorrect/incomplete results of live transactions
  4. Customer frustration
  5. Undiscovered issues over time, effecting large numbers of transactions
  6. Chargebacks
  7. PCI DSS implications

Setting up the test environment

You should ensure that your test environment is configured as close as possible to your live environment, particularly:

  1. Web server (IIS/Apache) version
  2. Web server configuration, especially the language interface (PHP/ASP etc.) and session timeout
  3. Database connectivity
  4. Firewall

Planning your testing

Before testing, you should become familiar with the relevant sections of our API Specification. This is a complete and definitive guide to integrating your systems with the gateway no matter what programming language, transaction types or integration method.

Planning your testing depends a lot on your method of implementation. For example if using our Hosted Payment Page (HPP) you should test the situation where a redirect back from our host fails, whereas this is unnecessary if you are using the XML method.

Background Validation

If you are using the Hosted Payment Page method of integration, Background validation must be supported by your application flow. For more information on background validation, please consult the background validation documentation page.

Security concerns when testing

PCI DSS states that you should never use live cards in a test environment, otherwise this environment is also subject to PCI audit and DSS rules. For this reason you should use only test card numbers, such as those listed in this document.

We cannot be held accountable for live cards being put through our test systems and sandbox accounts.

Things to test

All cases

You should ensure that your test environment is configured as close as possible to your live environment, particularly:

  1. Host is unavailable (i.e. Use invalid test host URL)
  2. Request details (including hash) are incorrect
  3. Response Hash string is incorrect
  4. Responses for all possible transaction results (Authorization/Decline/Referral/Failure) (see “Sandbox Accounts and Test Cards” section for details)
  5. PCI DSS guidelines are met in all scenarios
  6. Refreshing the receipt page does not re-perform the transaction/resend the receipts
  7. All required currencies are processed correctly

Per integration method

Hosted Payment Page/POST Page

  1. Customer doesn't complete transaction (e.g. closes browser window)
  2. Incorrect Receipt Page URL configured (same as response redirect failure)
  3. Customer takes 60 mins to complete entering details
  4. Simultaneous transactions do not interfere with each other
  5. Background Validation is successful for all transactions and responses (if implemented)

XML gateway

  1. Card number/CVV fields can only contain numeric characters (no spaces either)
  2. Non-numeric characters (including spaces) are not sent in numeric fields
  3. Remote XSD file unavailable (fallback to local cache?)
  4. XML fails validation against remote XSD file
  5. Host returns a failure due to incorrect content in XML request
  6. Host returns a System Error response
  7. Host does not return anything
  8. Host returns extra response fields

Once you have completed the testing of your integration, consult the section Testing and Certifying Your Integration for information about the certification process.

Testing Verification

If needed, we can coordinate testing with you, provide/review specialized test scripts, and help with any issues raised. Contact us at support@integratedcommerce.io to get started.

Sandbox Accounts and Test Cards


Basic transaction testing can be done using the public sandbox accounts. You do not need a full test account for basic proof-of-concept testing. The terminal details are:

A USD 33001SandboxSecret001
B CAD 33002SandboxSecret002
C EUR 33003SandboxSecret003
D GBP 33004SandboxSecret004
E MCP* 36001SandboxSecret001
  • TERMINAL E: MCP is the Multi Currency Terminal Setting.

Test Cards

Test cards that can be used on our host are:

For HPP Integrations

Visa 4444 3333 2222 1111
MasterCard 5404 0000 0000 0001
Laser 6304 9900 0000 0000 044
Maestro 3000 0000 0000 0000 04
UK Domestic Maestro 5641 8200 0000 0005
Electron 4917 3000 0000 0008
Visa Debit 4462 0000 0000 0003
Debit MasterCard 5573 4700 8901 0012
American Express 3742 0000 0000 004
JCB 3569 9900 0000 0009
Diners 3600 0000 0000 08
Solo 6767 6222 2222 2222 222

All test cards can be used with any expiry date in the future, and any CVV (American Express cards have a 4 digit CVV).

For XML Integrations

American Express EUR N Y 3400000000000067
Debit MasterCard EUR Y Y 5103150000000024
Debit MasterCard GBP Y Y 5105091000000085
Debit MasterCard USD Y Y 5100270000000007
Diners EUR N N 3600000000000032
Diners USD N N 6011000000000053
JCB GBP N Y 3528000000000072
Maestro EUR Y Y 5016590000000019
Maestro GBP Y Y 6301144000000066
Maestro USD Y Y 5021230000000007
MasterCard EUR Y Y 5100010000000056
MasterCard GBP N Y 5534223000000085
MasterCard GBP Y Y 5101080000000033
MasterCard JPY Y Y 5120790000000018
MasterCard USD Y Y 5100040000000095
Switch EUR N N 6706989000000008
Switch GBP N N 6301144000000017
Switch USD N N 6706988000000018
Visa Credit EUR N Y 4005530000000086
Visa Credit EUR Y Y 4001310000000095
Visa Credit GBP N Y 4300000000000082
Visa Credit GBP Y Y 4008800000000031
Visa Credit JPY N Y 4051700000000021
Visa Credit JPY Y Y 4205030000000036
Visa Credit USD N Y 4005510000000013
Visa Credit USD Y Y 4000020000000000
Visa Debit EUR N Y 4033400000000005
Visa Debit EUR Y Y 4000340000000069
Visa Debit GBP N Y 4300009900000050
Visa Debit GBP Y Y 4000330000000078
Visa Debit JPY N Y 4051705010000085
Visa Debit JPY Y Y 4000360000000018
Visa Debit USD N Y 4005525010000084
Visa Debit USD Y Y 4000060000000055
Visa Electron EUR Y Y 4003110000000071
Visa Electron GBP Y Y 4001150000000061
Visa Electron JPY Y Y 4980040000000044
Visa Electron USC Y Y 4002730000000010

All test cards can be used with any expiry date in the future, and any CVV (American Express cards have a 4 digit CVV).

Test Response Trigger Amounts

Specific responses can be triggered through transactions with predetermined cent values. The possible cent values and their corresponding responses will vary depending on your testing environment.

Test Responses Using Public Sandbox Accounts

In sandbox mode, test responses can be triggered by specifically using one of the sandbox test accounts and credit cards documented above. Any amount with a valid test decimal will produce the corresponding test response (i.e. 5.01, 99.01 or 1.01).

Cent Value Response
.03CVV failure (Decline)
Any otherAuthorized

Test Responses Using Dedicated Test Accounts

When using dedicated test accounts, the test responses will only be triggered if the amount is greater than 1000 (i.e. 1005.01, 1099.01 or 10,001.01). Amounts lower than 1000 will not trigger test responses.

Cent Value Response
.01 Refer card to issuer (this is not a decline)
.02 Refer to issuer's special conditions (this is not a decline)
.03 Invalid merchant or service provider
.04 Pick Up Card
.05 Do not honor
.06 Error
.07 Pick Up, Special Cond.
.08 Honor with Id (this is not a decline)
.09 Request in Progress (problem with the card number)
Any other Authorized
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International