Sandbox environment
Point your requests at the sandbox host and authenticate with a sandbox API key:Card outcomes in the sandbox are simulated deterministically — the amount you send decides the result (see below). Production always routes to the real acquirer.
Card payment test scenarios
Drive a scenario
Capture a test card with rinne-js
Enter a test card into the Card Element, which encrypts the number and CVC in the customer’s browser. You never send a raw PAN — card data that reaches the API unencrypted is rejected with
400 VALIDATION_ERROR before any processing.Choose the amount that selects the outcome
Set the transaction
amount (in cents) so its last two digits match the outcome you want from the table below. For example, 1051 (R$ 10.51) simulates an insufficient-funds decline.Outcome by amount
The outcome is chosen by the last two digits of the amount (in cents). Detect a successful payment fromstatus; for declines, acquirer_response_code carries the acquirer’s reason code, matching what production would store.
| Amount ends in | Outcome | Status | Code | Meaning |
|---|---|---|---|---|
00 (and anything not listed below) | Approved | APPROVED | — | Authorized |
51 | Declined | REFUSED | 51 | Insufficient funds |
05 | Declined | REFUSED | 05 | Do not honor |
54 | Declined | REFUSED | 54 | Expired card |
14 | Declined | REFUSED | 14 | Invalid card |
96 | Provider error | FAILED | 500 | Provider error (HTTP status, not an issuer reason code) — status_reason is ACQUIRER_TIMEOUT |
Test cards
Any valid card number works. These are the recommended ones — the amount still decides approve vs. decline; the card only sets the brand and the 3DS behavior.| Card number | Brand | 3DS behavior |
|---|---|---|
5155901222280001 | Mastercard | No 3DS |
4012001037141112 | Visa | No 3DS |
4242424242424242 | Visa | 3DS — challenge required |
5555555555554444 | Mastercard | 3DS — challenge required |
4111110116638870 | Visa | 3DS — frictionless pass |
5555550130659057 | Mastercard | 3DS — frictionless pass |
4111111738973695 | Visa | 3DS — frictionless fail |
5555550487847545 | Mastercard | 3DS — frictionless fail |
The cards marked 3DS run the real 3D Secure flow (see 3D Secure authentication) — challenge cards present a verification step, frictionless cards authenticate silently — while the acquirer outcome still comes from the amount. For wallet payments (Apple Pay / Google Pay) there is no test card — pass the real wallet token and pick the outcome with the amount.
An invalid or malformed card number is declined as
REFUSED with acquirer_response_code 14 (invalid card), regardless of the amount. All the test cards above are valid.Examples
The request is a standard card transaction — only theamount changes to select the outcome. This example uses the Mastercard test card 5155901222280001 (last 4 digits 0001):
cURL
amount to reach each branch:
A
REFUSED result is a clean issuer decline — surface the reason and let the customer retry or use another card. A FAILED result means the payment couldn’t be completed (a provider timeout or error) — treat it as retryable. See Error handling for the full model.Refunds and cancellations
Refunds and cancellations also resolve deterministically under simulation: a cancel succeeds and the refund reachesCOMPLETED, moving the transaction to REFUNDED (full) or PARTIALLY_REFUNDED (partial). The acquirer refund rules still apply — one successful refund per card transaction, and no same-day partial refunds. See Refunding card transactions.
Testing 3D Secure
The Test cards table above includes a card for each 3DS path — challenge (a verification step the cardholder completes), frictionless pass (silent success), and frictionless fail (silent failure). Pick the one matching the path you want to exercise and follow the 3D Secure authentication guide. The card drives the authentication path; the amount still selects the final acquirer outcome. For example,4242424242424242 at amount 1000 runs a challenge and then approves, while the same card at 1051 runs the challenge and then declines with 51.
Next steps
Card transactions
Implement the full credit and debit card flow
3D Secure
Add session-first or transaction-first 3DS
Webhooks
Receive real-time transaction status updates
Error handling
Handle declines, failures, and retries

