<!-- canonical: https://docs.costplus.io/docs/getting-started/testing -->

> Set up your test environment and use test credentials
Before going live, use a Cost+ sandbox website to verify your integration works correctly. There is no separate sandbox URL — you use the same production API endpoint (`https://api.costplus.online/v1`) with an API key from a sandbox website.

## Getting Your Test API Key

1. Log in to the [Merchant Portal](https://dashboard.costplus.io/)
2. Navigate to **Websites**
3. Create a new website and select **Sandbox** as the type, or select an existing sandbox website
4. Click on **Integration** to find your API key
5. Use this API key in your integration — all transactions will be simulated

> [!NOTE]
> Sandbox vs production mode is determined entirely by the website type in the Merchant Portal, not by the API URL. A sandbox website's API key processes simulated transactions; a production website's API key processes real payments. Both use the same API endpoint.

## Test Card Numbers

Use the card numbers below to simulate different payment scenarios. **Do not use real card numbers in test mode.**

| Card Number | CVV | Brand | Result |
|---|---|---|---|
| `4111111111111111` | any | Visa | Success |
| `5544330000000037` | any | Mastercard | Success |
| `4462030000000000` | any | Visa | Success |
| `4111111111111105` | any | Visa | Do Not Honor |
| `4111111111111143` | any | Visa | Stolen Card |
| `4111111111111151` | any | Visa | Insufficient Funds |

Use any future expiry date and any 3-digit CVC.

> [!WARNING]
> Test card numbers only work in sandbox mode. Submitting them to a production website's API key will result in a declined transaction.

## Error Codes

When a transaction fails, the API returns one of the following error codes in the transaction's `reason` field:

| Error Code | Description |
|---|---|
| `ERROR_CARD_AUTHENTICATION_FAILURE` | 3DS authentication not completed in time; payment cancelled |
| `ERROR_CARD_CVV_NOT_VALID` | CVV correctly formatted but not valid |
| `ERROR_CARD_INFORMATION_NOT_VALID` | Card info correctly formatted but not valid |
| `ERROR_CARD_NOT_SUPPORTED_FOR_ECOMMERCE` | Transaction not supported for eCommerce |
| `ERROR_CARD_NOT_VALID` | Card ID is not valid |
| `ERROR_CARD_TYPE_DISABLED` | Card type is disabled |
| `ERROR_TRANSACTION_FAILED` | Card transaction failed |
| `ERROR_TRANSACTION_REJECTED_BY_CARD_PROCESSOR` | Rejected by processor (includes Visa/MC industry numeric code) |
| `ERROR_TRANSACTION_TYPE_NOT_ALLOWED_BY_SELLER` | Transaction type not allowed by seller |
| `ERROR_TRANSACTION_TYPE_NOT_SUPPORTED` | Not supported by card network |
| `INVALID_CARD_CVV` | CVV not recognized |
| `INVALID_CARD_NUMBER` | Card number not recognized |

## Common API Validation Errors

These errors are returned as `400 Bad Request` when the API request itself is invalid:

| Error | Description |
|---|---|
| Unknown payment method | You supplied an incorrect payment method name |
| No permissions for payment method | Your API key (project) doesn't have permissions for the specified payment method |
| Payment method not enabled | The payment method has not been enabled for your API key (project) |
| Payment method not supported | Your API key (project) does not have the correct status to use the specified payment method |

> [!TIP]
> If you receive "Payment method not enabled" or "No permissions", check the payment method configuration in the [Merchant Portal](https://dashboard.costplus.io/) under your website settings.