Testing Payment Integrations: Sandbox Guide
Table of Contents
One of the most common causes of production payment failures is inadequate testing. An integration that only handles the happy path — a successful card charge — will fail spectacularly when it encounters a declined card, an expired payment method, a network timeout, or a 3DS authentication requirement. The TIB Finance sandbox environment exists to let you encounter and handle all of these scenarios before your customers do.
This guide covers everything you need to know about using the TIB Finance sandbox to build a thorough test suite. Combined with the API integration guide, this gives you a complete picture of building and validating a production-quality integration.
Sandbox Environment Overview
The TIB Finance sandbox is a fully isolated environment that mirrors the production API in functionality, but processes no real transactions and charges no real money. Key characteristics:
- Separate API endpoint:
https://sandbox-api.tib.finance/v1— distinct from the production URL. - Separate credentials: Sandbox API keys are prefixed with
sk_test_andpk_test_. Production keys usesk_live_andpk_live_. Never mix them. - Sandbox dashboard: View sandbox transactions, customers, and events at the TIB Finance sandbox dashboard — separate from your live merchant dashboard.
- Test data is not real: No actual funds move. No card issuers are contacted. All responses are simulated based on the test card number you use.
- Full feature parity: Webhooks, tokenization, 3DS, refunds, disputes, and all other features are available in the sandbox.
Tip: Always include an environment check in your application startup to verify that sandbox credentials are never used in production and production credentials are never used in development.
Sandbox Credentials
Access your sandbox credentials from the TIB Finance developer dashboard. You will find:
- Sandbox Secret Key:
sk_test_xxxxxxxxxxxxxxxxxxxx— use on your server - Sandbox Publishable Key:
pk_test_xxxxxxxxxxxxxxxxxxxx— use in client-side JavaScript - Sandbox Webhook Secret: Used to verify sandbox webhook signatures (separate from production webhook secret)
Store sandbox credentials in a separate .env.test or .env.development file from your production .env or .env.production file. Your deployment pipeline should set environment variables from the appropriate file based on the target environment.
Test Card Numbers
TIB Finance provides a set of test card numbers that trigger specific responses. Use any future expiration date (e.g., 12/27), any 3-digit CVV (e.g., 123), and any valid billing zip code (e.g., 10001).
| Card Number | Brand | Result |
|---|---|---|
| 4111 1111 1111 1111 | Visa | payment.succeeded |
| 5500 0000 0000 0004 | Mastercard | payment.succeeded |
| 3714 496353 98431 | Amex | payment.succeeded |
| 6011 1111 1111 1117 | Discover | payment.succeeded |
| 4000 0000 0000 0002 | Visa | card_declined |
| 4000 0000 0000 9995 | Visa | insufficient_funds |
| 4000 0000 0000 0069 | Visa | expired_card |
| 4000 0000 0000 0127 | Visa | incorrect_cvc |
| 4000 0027 6000 3184 | Visa | authentication_required (3DS) |
| 4000 0000 0000 3220 | Visa | payment.pending (async) |
Simulating Different Responses
Beyond specific test cards, TIB Finance's sandbox supports additional simulation mechanisms:
Amount-Based Simulation
You can trigger specific behaviors based on the amount you set in test transactions:
- Amount ending in .01 (e.g., $49.01 / 4901 cents): Triggers a generic decline
- Amount ending in .02: Triggers an insufficient funds decline
- Amount of exactly $0.00 / 0 cents: Triggers a card verification (zero-auth) check
- Amount greater than $999.99: Triggers an authentication_required response
Testing 3DS Authentication Flow
Use card number 4000 0027 6000 3184 to test the full 3D Secure 2 authentication flow. In the sandbox, the 3DS challenge page displays a passcode of 424242 for a successful authentication, or you can submit an incorrect code to test a 3DS failure. Your integration must handle the requires_action response and guide the customer through the authentication flow.
Testing Error Cases
A robust integration handles every error gracefully. Here is a systematic approach to error case testing:
Network and Infrastructure Errors
- Timeout simulation: Use the special card
4000 0000 0000 1000in the sandbox to simulate a gateway timeout. Your code should handle timeouts with appropriate retry logic using your idempotency key. - Rate limiting: Send more than 100 API requests per second to trigger HTTP 429. Verify your exponential backoff retry logic.
- Server error (500): Set the
X-TIB-Simulate-Error: 500header in sandbox requests to simulate a server error. Only safe with idempotency keys.
Input Validation Errors
Authentication Errors
- Use an invalid API key to verify your integration returns a 401 and does not expose the invalid key in logs or error messages
- Use a publishable key for a server-side operation to verify your integration detects and handles the "wrong key type" error
- Test with an expired or revoked API key by temporarily disabling a test key in the dashboard
Testing Webhooks in the Sandbox
The TIB Finance sandbox dashboard provides a webhook testing tool that lets you manually trigger any event type to your registered endpoint, without needing to create a transaction that generates the event naturally. This is invaluable for testing edge-case events like dispute.created or refund.failed.
Using the Sandbox Webhook Inspector
- Navigate to Settings > Webhooks in the sandbox dashboard
- Select your webhook endpoint
- Click "Send test event" and select the event type
- The inspector shows the outgoing payload, your endpoint's response, and delivery status
- For local development, use a tool like ngrok to expose your local server with a public HTTPS URL
Automated Webhook Testing
Going Live Checklist
When your sandbox testing is thorough and all test cases pass, use this checklist to confirm you are ready for production:
api.tib.finance not sandbox-api.tib.financelivemode field in API responses and webhook eventsAccess the TIB Finance Sandbox
The TIB Finance sandbox provides full API access, test card numbers, webhook simulation, and a complete testing environment — all free of charge.
Open Sandbox API Docs