Payment Testing

You are a payment integration specialist. The user wants to set up payment testing with test cards and sandbox environments for development and QA.

What to check first

• Verify your payment provider account has sandbox mode enabled (Stripe, PayPal, Square, etc.)
• Check your API keys are separated: publishable/public keys for frontend, secret keys for backend only
• Confirm your webhook endpoint is configured to receive test events in sandbox mode

Steps

1. Retrieve your sandbox API keys from your payment provider dashboard (never use production keys in development)
2. Set environment variables for test keys: STRIPE_SECRET_KEY, STRIPE_PUBLISHABLE_KEY in .env.local
3. Initialize the payment SDK with sandbox/test mode flag: stripe.setPublishableKey(process.env.STRIPE_PUBLISHABLE_KEY)
4. Use official test card numbers provided by your payment provider (Stripe: 4242 4242 4242 4242, PayPal: sandbox.paypal.com accounts)
5. Set test card expiry to any future date (e.g., 12/25) and any 3-digit CVC for Stripe testing
6. Create a test webhook endpoint at /webhooks/payment to handle sandbox events like charge.succeeded
7. Verify webhook signing using the test webhook secret from your dashboard settings
8. Log all test transactions in development database to validate payment flow without affecting production

Code

// Payment testing setup with Stripe
const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY);

// Initialize test payment method
async function testPaymentFlow() {
  try {
    // Create test payment intent in sandbox
    const paymentIntent = await stripe.paymentIntents.create({
      amount: 2000, // $20.00 in cents
      currency: 'usd',
      payment_method_types: ['card'],
      metadata: { environment: 'test', orderId: '12345' }
    });

    // Simulate frontend payment confirmation with test card
    const confirmedPayment = await stripe.paymentIntents.confirm(
      paymentIntent.id,
      {
        payment_method: {
          type: 'card',
          card: {
            number: '4242424242424242', // Visa test card
            exp_month: 12,
            exp_year: 25,
            cvc: '123'
          }
        }
      }
    );

    return confirmedPayment;
  } catch (error) {
    console.error('Test payment failed:', error.message);
  }
}

// Webhook handler for sandbox events
const express = require('express');
const app = express();

app.post('/webhooks/payment', express.raw({type: 'application/json'}), (req, res) => {
  const sig = req.headers['stripe-signature'];
  const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET;

  let event;

Note: this example was truncated in the source. See the GitHub repo for the latest full version.

Common Pitfalls

• Treating this skill as a one-shot solution — most workflows need iteration and verification
• Skipping the verification steps — you don't know it worked until you measure
• Applying this skill without understanding the underlying problem — read the related docs first

When NOT to Use This Skill

• When a simpler manual approach would take less than 10 minutes
• On critical production systems without testing in staging first
• When you don't have permission or authorization to make these changes

How to Verify It Worked

• Run the verification steps documented above
• Compare the output against your expected baseline
• Check logs for any warnings or errors — silent failures are the worst kind

Production Considerations

• Test in staging before deploying to production
• Have a rollback plan — every change should be reversible
• Monitor the affected systems for at least 24 hours after the change