Skip to main content

Sandbox vs Production

Orsunpay provides separate environments for testing and live transactions. Understanding the differences between these environments is crucial for proper integration and testing.

Environment Overview

AspectSandboxProduction
PurposeTesting and developmentLive transactions
API Keyssk_test_...sk_live_...
Money MovementNo real moneyReal money processing
Payment ProvidersTest/Mock providersLive providers
Rate Limits1000 requests/minute5000 requests/minute
Data Retention30 daysPermanent

Base URLs

API Endpoints

# Sandbox
https://sandbox-api.orsunpay.com/v1

# Production  
https://api.orsunpay.com/v1

Checkout URLs

# Sandbox
https://sandbox-checkout.orsunpay.com

# Production
https://checkout.orsunpay.com

BackOffice

# Sandbox
https://office-sandbox.orsunpay.com

# Production
https://office.orsunpay.com

API Key Differences

Sandbox Keys

  • Format: sk_test_abc123...
  • Access: Sandbox environment only
  • Security: Less stringent for testing
  • Regeneration: Can be regenerated freely

Production Keys

  • Format: sk_live_abc123...
  • Access: Production environment only
  • Security: High security requirements
  • Regeneration: Requires verification process
Never use production API keys in development environments or commit them to version control.

Transaction Behavior

Sandbox Transactions

{
  "amount": 5000,
  "currency": "USD",
  "paymentMethod": "card",
  "paymentMethodInput": {
    "cardNumber": "4242424242424242",
    "expiryMonth": "12",
    "expiryYear": "2025",
    "cvv": "123"
  }
}
// Result: SUCCESS

Test Cards

Use these test card numbers in sandbox:
Card NumberBrandResultError Code
4242424242424242VisaSuccess-
5555555555554444MastercardSuccess-
4000000000000002VisaDeclinedcard_declined
4000000000009995VisaDeclinedinsufficient_funds
4000000000000069VisaExpiredexpired_card
4000000000000127VisaIncorrect CVCincorrect_cvc
4000000000000119VisaProcessing Errorprocessing_error
You can use any future expiry date and any 3-digit CVC for test cards.

Alternative Payment Methods Testing

PayPal Sandbox

{
  "paymentMethod": "paypal",
  "paymentMethodInput": {
    "email": "[email protected]"
  }
}

Bank Transfer Testing

{
  "paymentMethod": "bank_transfer",
  "paymentMethodInput": {
    "iban": "DE89370400440532013000",
    "accountHolderName": "Test User"
  }
}

Webhook Testing

Sandbox Webhooks

Sandbox webhooks are triggered immediately for testing purposes: 
# Test webhook endpoint
curl -X POST https://your-test-server.com/webhooks/orsunpay \
  -H "Content-Type: application/json" \
  -H "X-Orsunpay-Signature: sha256=test_signature" \
  -d '{
    "event": "transaction.succeeded",
    "data": {
      "id": "tr_test_123",
      "status": "SUCCESS",
      "amount": 5000
    }
  }'

Webhook Development Tools

Use tools like ngrok for local webhook testing: 
# Install ngrok
npm install -g ngrok

# Expose local server
ngrok http 3000

# Use the HTTPS URL for webhook endpoint
# https://abc123.ngrok.io/webhooks/orsunpay

Rate Limits

Sandbox Limits

  • General API: 1,000 requests per minute
  • Burst Limit: 100 requests per second
  • Webhook Retries: 5 attempts over 24 hours

Production Limits

  • General API: 5,000 requests per minute
  • Burst Limit: 500 requests per second
  • Webhook Retries: 10 attempts over 48 hours
Contact support if you need higher rate limits for production use.

Data Differences

Sandbox Data

  • Retention: 30 days rolling
  • Reset: Data can be cleared upon request
  • Privacy: Lower privacy requirements
  • Compliance: Testing compliance flows

Production Data

  • Retention: Permanent (per regulatory requirements)
  • Backup: Multiple geographic backups
  • Privacy: Full PCI DSS and GDPR compliance
  • Compliance: Live compliance monitoring

Feature Availability

Feature Parity

Most features are available in both environments: Available in Both
  • Transaction creation and processing
  • Webhook notifications
  • Customer management
  • Payment method routing
  • Error handling and retries
⚠️ Sandbox Limitations
  • Limited payment provider sandbox availability
  • Simplified 3DS flows
  • Mock risk scoring
  • Test-only payment methods
🔴 Production Only
  • Real money processing
  • Full compliance monitoring
  • Advanced fraud detection
  • Priority support channels

Testing Strategies

Unit Testing

Test your integration logic with mocked responses: 
// Mock successful transaction response
const mockTransaction = {
  id: 'tr_test_123',
  status: 'SUCCESS',
  amount: 5000,
  currency: 'USD'
};

// Test your business logic
function handleTransactionSuccess(transaction) {
  expect(transaction.status).toBe('SUCCESS');
  // Your success logic here
}

Integration Testing

Use sandbox environment for end-to-end testing: 
describe('Payment Integration', () => {
  it('should create transaction successfully', async () => {
    const response = await orsunpay.transactions.create({
      amount: 5000,
      currency: 'USD',
      // ... other fields
    });
    
    expect(response.status).toBe('CREATED');
    expect(response.amount).toBe(5000);
  });
});

Load Testing

Test your integration under load in sandbox: 
# Using Apache Bench
ab -n 1000 -c 10 -H "Authorization: Bearer sk_test_your_key" \
   -H "Content-Type: application/json" \
   -p transaction.json \
   https://sandbox-api.orsunpay.com/v1/transactions

Migration Checklist

Before moving to production:

Code Review

  • Remove all test API keys
  • Update base URLs to production
  • Verify webhook endpoint security
  • Test error handling thoroughly

Configuration

  • Set production API keys in environment variables
  • Update webhook URLs to production endpoints
  • Configure proper logging and monitoring
  • Set up alerting for failures

Testing

  • Complete end-to-end testing in sandbox
  • Test webhook signature verification
  • Verify error scenarios handle gracefully
  • Load test your webhook endpoints

Security

  • Audit API key storage and rotation
  • Verify HTTPS enforcement
  • Check webhook signature validation
  • Review access logs and monitoring

Monitoring and Debugging

Sandbox Tools

  • Transaction logs: Detailed debugging information
  • Webhook inspector: Real-time webhook monitoring
  • API explorer: Interactive API testing
  • Event timeline: Step-by-step transaction flow

Production Monitoring

  • Dashboard metrics: Real-time performance monitoring
  • Alert notifications: Automated failure detection
  • Audit logs: Comprehensive activity tracking
  • Health checks: Proactive system monitoring

Best Practices

Development Workflow

  1. Develop against sandbox environment
  2. Test thoroughly with various scenarios
  3. Deploy to staging with production-like data
  4. Migrate to production with proper configuration

Environment Separation

// Good: Environment-based configuration
const config = {
  apiKey: process.env.NODE_ENV === 'production' 
    ? process.env.ORSUNPAY_LIVE_KEY 
    : process.env.ORSUNPAY_TEST_KEY,
  baseURL: process.env.NODE_ENV === 'production'
    ? 'https://api.orsunpay.com/v1'
    : 'https://sandbox-api.orsunpay.com/v1'
};

Error Handling

// Handle environment-specific behavior
try {
  const transaction = await createTransaction(data);
} catch (error) {
  if (process.env.NODE_ENV === 'production') {
    // Log securely, alert monitoring
    logger.error('Transaction failed', { 
      transactionId: data.orderId,
      error: error.code 
    });
  } else {
    // More verbose logging for debugging
    console.error('Transaction failed:', error);
  }
}

Support and Resources

Sandbox Support

  • Documentation: This comprehensive guide
  • Community: Developer Discord channel
  • Email: [email protected]

Production Support

Production support includes proactive monitoring and faster response times for business-critical issues.