Testing Guide

Overview

This guide provides comprehensive testing scenarios for KOIN payment integration. All examples use the sandbox environment where no real money is processed.

Sandbox Environment

  • Base URL: https://api.firstoken-staging.co/v1/payments/

  • Environment: Complete simulation of production KOIN processing

  • Test Cards: Any valid card format works in sandbox

  • Real-time Testing: All flows work exactly like production

Test Card Numbers

For KOIN testing, you can use any valid card number format. The payment processing is simulated based on other request parameters.

Test Card Numbers

For KOIN testing, you can use any valid card number format. The system will simulate the payment flow:

Card Brand
Number
CVV
Notes

Visa

4111 1111 1111 1111

Any 3-digit

Standard test

Mastercard

5555 5555 5555 4444

Any 3-digit

Standard test

American Express

3782 8224 6310 005

Any 4-digit

Requires 4-digit CVV

Important Notes:

  • Use any expiration date in the future (MM/YYYY format)

  • Cardholder name can be any valid name format

  • All cards work in sandbox for testing different scenarios

Amount-Based Testing

Control transaction outcomes by using specific amounts in your test requests. KOIN uses transaction amounts to simulate different scenarios:

Amount Range (cents)
Initial Status
Final Status
Description

1 - 5000

Authorized

Collected

Success

5001 - 10000

Authorized

Failed

ChannelRejected

10001 - 15000

Authorized

Failed

InsufficientFunds

15001 - 20000

Authorized

Failed

InvalidCard

20001 - 25000

Authorized

Failed

InvalidData

25001 - 30000

Authorized

Failed

Referred

30001 - 35000

Authorized

Failed

ExpiredCard

35001 - 40000

Authorized

Failed

StolenCard

40001 - 45000

Authorized

Failed

ConnectionRefused

50001 - 55000

Processorerror

Authorized

Undefined

60000 - 65000

Opened

Authorized

Success

65001 - 70000

Unknown

Authorized

Success

+ 150000

Authorized

Collected

Success

Example: To test a successful payment, use amount 1000 . To test antifraud review, use amount 42000 .

Antifraud Testing with Email Patterns

Test different antifraud scenarios using specific email patterns in cardholder_info.email and bill_to.email:

Email Pattern
Antifraud Behavior
Description

{username}+autoaccept@{emailprovider}

Automatically accepted

Transaction will be accepted

{username}+autoreject@{emailprovider}

Automatically rejected

Transaction will be rejected

{username}+prereject@{emailprovider}

Rejected at authorization

Transaction will be rejected at the authorization stage

{username}+preaccept_autoaccept@{emailprovider}

Accepted at all stages

Transaction will be accepted at all stages

{username}+preaccept_autoreject@{emailprovider}

Mixed result

Accepted at authorization, rejected at evaluation

Example Email Patterns

json

// Auto-accept scenario
"email": "john+autoaccept@test.com"

// Auto-reject scenario  
"email": "john+autoreject@test.com"

// Pre-reject scenario
"email": "john+prereject@test.com"

// Pre-accept then auto-accept
"email": "john+preaccept_autoaccept@test.com"

// Pre-accept then auto-reject
"email": "john+preaccept_autoreject@test.com"

Complete Test Scenarios

1. Successful Payment Flow

curl -X POST https://api.firstoken.co/v1/payments/ \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "transaction_info": {
      "type": "payment",
      "reference_code": "ref_{{$guid}}"
    },
    "card": {
      "number": "4111111111111111",
      "expiration_date": "12/2030",
      "security_code": "123",
      "holder": "João Silva"
    },
    "order_info": {
      "amount_details": {
        "total_amount": 1500,
        "currency": "BRL",
        "items_amount": 1500
      },
      "installments": 1,
      "descriptor": "Teste Payment"
    },
    "cardholder_info": {
      "first_name": "João",
      "last_name": "Silva",
      "document": {
        "type": "CPF",
        "number": "12345678901",
        "nationality": "BR"
      },
      "country": "BR",
      "address_1": "Rua Teste, 123",
      "city": "São Paulo",
      "state": "SP",
      "postal_code": "01234-567",
      "email": "joao.silva@test.com",
      "phone_number": "11987654321",
      "phone_type": "Mobile",
      "phone_area_code": "11"
    },
    "bill_to": {
      "id": "customer_test_123",
      "first_name": "João",
      "last_name": "Silva",
      "document": {
        "type": "CPF",
        "number": "12345678901",
        "nationality": "BR"
      },
      "country": "BR",
      "address_1": "Rua Teste, 123",
      "city": "São Paulo",
      "state": "SP",
      "postal_code": "01234-567",
      "email": "joao.silva@test.com",
      "phone_number": "11987654321",
      "phone_type": "Mobile",
      "phone_area_code": "11",
      "profile": "test_customer"
    },
    "line_items": [
    {
      "category": {
        "id": "1",
        "name": "Category 1"
      },
      "discount_amount": 10,
      "id": "1",
      "name": "Item 1",
      "price": 1500,
      "quantity": 1,
      "seller_id": "seller id",
      "service_date": "2025-07-01",
      "type": "Generic"
    }
  ],
    "device_info": {
      "ip_address": "192.168.1.100"
    }
  }'

2. Authorization + Capture Flow

Step 1: Authorization

curl -X POST https://api.firstoken.co/v1/payments/ \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "transaction_info": {
      "type": "authorization",
      "reference_code": "test_auth_ref_{{$guid}}"
    },
    "card": {
      "number": "5555555555554444",
      "expiration_date": "12/2030",
      "security_code": "123",
      "holder": "Maria Santos"
    },
    "order_info": {
      "amount_details": {
        "total_amount": 5000,
        "currency": "BRL",
        "items_amount": 5000
      },
      "installments": 1,
      "descriptor": "Teste Authorization"
    },
    "cardholder_info": {
      "first_name": "Maria",
      "last_name": "Santos",
      "document": {
        "type": "CPF",
        "number": "54672396002",
        "nationality": "BR"
      },
      "country": "BR",
      "address_1": "Avenida Teste, 456",
      "city": "Rio de Janeiro",
      "state": "RJ",
      "postal_code": "20000-000",
      "email": "maria.santos@test.com",
      "phone_number": "21987654321",
      "phone_type": "Mobile",
      "phone_area_code": "21"
    },
    "bill_to": {
      "id": "customer_maria_456",
      "first_name": "Maria",
      "last_name": "Santos",
      "document": {
        "type": "CPF",
        "number": "54672396002",
        "nationality": "BR"
      },
      "country": "BR",
      "address_1": "Avenida Teste, 456",
      "city": "Rio de Janeiro",
      "state": "RJ",
      "postal_code": "20000-000",
      "email": "maria.santos@test.com",
      "phone_number": "21987654321",
      "phone_type": "Mobile",
      "phone_area_code": "21",
      "profile": "premium_customer"
    },
    "line_items": [
    {
      "category": {
        "id": "1",
        "name": "Category 1"
      },
      "discount_amount": 10,
      "id": "1",
      "name": "Item 1",
      "price": 1500,
      "quantity": 1,
      "seller_id": "seller id",
      "service_date": "2025-07-01",
      "type": "Generic"
    }
  ],
    "device_info": {
      "fingerprint_session_id": "test_auth_session_' $(date +%s) '",
      "ip_address": "203.0.113.50"
    }
  }'

Step 2: Capture (use transaction_id from step 1)

curl -X POST https://api.firstoken.co/v1/payments/{TRANSACTION_ID_FROM_STEP_1}/capture \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "transaction_info": {
      "type": "capture",
      "reference_code": "test_capture_{{$guid}}"
    },
    "capture_info": {
      "amount_details": {
        "total_amount": 5000,
        "currency": "BRL"
      },
      "installments": 1
    },
    "device_info": {
      "ip_address": "203.0.113.50"
    }
  }'

3. Authorization + Void Flow

Step 1: Authorization (same as above)

Step 2: Void (use transaction_id from step 1)

curl -X POST https://api.firstoken.co/v1/payments/{TRANSACTION_ID_FROM_STEP_1}/void \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "transaction_info": {
      "type": "authorization_void",
      "reference_code": "test_void_{{$guid}}"
    },
    "device_info": {
      "ip_address": "203.0.113.50"
    }
  }'

4. Payment + Refund Flow

Step 1: Payment (use payment example above)

Step 2: Void (use transaction_id from step 1)

curl -X POST https://api.firstoken.co/v1/payments/{TRANSACTION_ID_FROM_STEP_1}/void \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "transaction_info": {
      "type": "payment_refund",
      "reference_code": "test_refund_{{$guid}}"
    },
    "refund_info": {
        "amount_details": {
            "total_amount": 1000,
            "currency": "BRL"
        },
        "installments": 1
    },
    "device_info": {
      "ip_address": "192.168.1.100"
    }
  }'

Error Testing Scenarios

1. Missing Required Fields

# Test missing CPF
curl -X POST https://api.firstoken.co/v1/payments/ \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "transaction_info": {
      "type": "payment",
      "reference_code": "test_error_ref"
    },
    "card": {
      "number": "4111111111111111",
      "expiration_date": "12/2030",
      "security_code": "123",
      "holder": "Test User"
    },
    "order_info": {
      "amount_details": {
        "total_amount": 1000,
        "currency": "BRL",
        "items_amount": 1000
      },
      "installments": 1,
      "descriptor": "Test Error"
    },
    "cardholder_info": {
      "first_name": "Test",
      "last_name": "User",
      "country": "BR",
      "email": "test@example.com"
      // Missing document field - should cause error
    }
  }'

2. Invalid CPF Format

# Test invalid CPF
curl -X POST https://api.firstoken.co/v1/payments/ \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "transaction_info": {
      "type": "payment",
      "reference_code": "test_invalid_cpf_ref"
    },
    "cardholder_info": {
      "first_name": "Test",
      "last_name": "User",
      "document": {
        "type": "CPF",
        "number": "00000000000",
        "nationality": "BR"
      },
      "country": "BR",
      "email": "test@example.com"
    }
    // ... rest of required fields
  }'

Best Practices for Testing

  1. Use Unique IDs: Always generate unique transaction IDs

  2. Test All Flows: Test complete workflows, not just individual endpoints

  3. Error Handling: Test both success and failure scenarios

  4. Documentation: Document test cases and expected results

  5. Environment Separation: Keep test data clearly separated from production

Last updated

Was this helpful?