Every developer account with CardFlight is provided 2 API keys (one testing, one production) to allow testing your app without processing transactions through the Merchant Account. Every call to our API requires sending a corresponding API Key as an identifier on our servers to determine which environment you are making a call to.
It is strongly recommended that testing is done to ensure that your library is working correctly within your app using the test credentials before sending transactions through live production from your App.
At a minimum, we strongly recommend that the following areas are tested:
- You have correctly setup the relevant API and Account Merchant Tokens.
- Your card values are valid and are getting submitted to the CardFlight servers.
- Check that the transactions for each Merchant Account are getting processed correctly. ie. Charge a card, perform a refund.
- All API Errors are handled correctly. See full api documentation here.
Test Card Numbers
The expected behavior when swiping physical cards and posting transactions with your Test API Key depends on the last digit of the credit card you swiped. Card numbers that end with an even numbers (ie. 0, 2, 4, 6, or 8), will return Approved, whereas cards numbers ending in an odd number (ie 1, 3, 5, 7, or 9) will return Not Approved.
The following table shows an example of some example cards and the expected response when using the Test API Key:
The Test API key will only perform sandbox testing within CardFlight, meaning that no call will be made to your 3rd party merchant account for processing.
To create an end-to-end scenario for testing, connect the Production API key to an external test Merchant Account. When using the Production API Key, CardFlight will send the transaction to your payment processor. The response (Approved or Not Approved) will depend on the criteria in place at your processor and their response to CardFlight for that given transaction.
EMV Testing with Chip Card
CardFlight gateway testing is not currently available for chip cards.
For security reasons, we are unable to decrypt the cryptograms which are generated during an EMV transaction, which restricts the ability to perform end-to-end EMV testing involving third-party payment processors.