For developers integrating PayPal into their applications, thorough testing is paramount. PayPal provides a robust sandbox environment to simulate various payment scenarios, and a crucial aspect of this testing involves card testing. This guide delves into the intricacies of PayPal's card testing capabilities within the sandbox, empowering you to build resilient and reliable payment integrations.
Testing your PayPal integration with simulated card transactions offers several key advantages:
Before you begin, ensure you have a PayPal developer account. The sandbox is a separate environment that mirrors the live PayPal system but uses test data instead of real money. You can access the sandbox through the PayPal Developer Dashboard.
A fundamental test case involves simulating successful card payments. Follow these steps within the sandbox environment:
api-m.sandbox.paypal.com endpoint.Test Card Number Examples:
You can also leverage the credit card generator to create new test cards with specific countries or regions. This is especially handy when testing localized payment scenarios.
Testing card error scenarios is equally important. The PayPal sandbox provides a mechanism to simulate various rejection scenarios using "rejection triggers."
Here's a table of common rejection triggers and their corresponding outcomes:
| Test Name | Trigger | Processor Response Code | Code Description |
|---|---|---|---|
| Card refused | CCREJECT-REFUSED | 0500 | DO_NOT_HONOR |
| Fraudulent card | CCREJECT-SF | 9500 | SUSPECTED_FRAUD |
| Card expired | CCREJECT-EC | 5400 | EXPIRED_CARD |
| Insufficient funds | CCREJECT-IF | 5120 | INSUFFICIENT_FUNDS |
| Card lost, stolen | CCREJECT-LS | 9520 | LOST_OR_STOLEN |
| Card not valid | CCREJECT-IA | 1330 | INVALID_ACCOUNT |
| Card is declined | CCREJECT-BANK_ERROR | 5100 | GENERIC_DECLINE |
| CVC check fails | CCREJECT-CVV_F | 00N7 | CVV2_FAILURE_POSSIBLE_RETRY_WITH_CVV |
Examining the Orders v2 processor response object in the API response will expose the true reason for a declined payment by viewing the avs_code, cvv_code, and response_code. For example:
{
"processor_response": {
"avs_code": "G",
"cvv_code": "P",
"response_code": "5400"
}
}
In this case, response_code=5400 indicates that the card is expired. Refer to the card decline errors documentation for more detailed information.
To test 3D Secure flows, use 3D Secure test cards to simulate various authentication scenarios. This allows you to verify that your integration correctly handles the additional verification step required by some card issuers.
PayPal recommends testing specific use cases for your Expanded Checkout integration before deploying to the live environment. This includes:
payment_source object with a valid card number in your create order call. Then utilize the capture authorized payment call to finalize the payment.By diligently utilizing the PayPal sandbox and its card testing features, developers can build robust, reliable, and secure payment integrations. Comprehensive testing reduces the risk of errors and ensures a seamless payment experience for users. Remember to consult the official PayPal Developer Documentation for the most up-to-date information and best practices.
