The Sandbox environment is a dedicated environment for integration purposes. It is located at https://sandbox.payware.eu/. Its API endpoint is located at https://sandbox.payware.eu/api/.
When a partner registers through the Portal he is automatically given Sandbox API credentials. All of them are accessible in the Settings section of the portal.
As described in the Authentication sections, in order to make requests against the payware engine you need two things:
- your Partner ID
- an asymmetric RSA key pair, exchanged with payware
¶ Sandbox Partner ID
The Sandbox API Gateway recognizes the same Partner ID which is provided to you during registration and is used for production operations.
You can find it in the Settings section of the portal.
¶ RSA Key Pair
payware generates an RSA key pair for usage with the Sandbox API Gateway.
You are not expected to generate one yourself and provide the public key - instead, you should take the private key from the Portal and sign your requests against the Sandbox API Gateway with it.
Note: it is highly discouraged to use the same private key to sign requests against the Production API Gateway. See security considerations below.
¶ Sensitive Information And Sandbox Security
The Sandbox environment should be considered inherently unsafe. It does not have the same strong security guarantees the production gateway has. Its data might be deleted and should not be relied on.
payware does not keep any sensitive information regarding it’s partners on the Sandbox API Gateway and partners are encouraged to obfuscate any data they send towards it.
Sandbox transactions’ data is reset at every month beginning.
¶ Merchant Sandbox Settings
Merchants only have the RSA Key Pair generated by payware in their sandbox settings.
This is everything needed to start the integration process.
Description of fields on Settings->Sandbox->Your Data:
| Field | Description | Usage |
|---|---|---|
| Private Key | The private key of the merchant | Sign JWT tokens for operational API communication |
| payware Public Key | The payware public key | Verify JWT signature of incoming callback requests |
In production you are limited to the merchant endpoint only.
¶ ISV Sandbox Settings
ISVs have the same private and public key on Settings->Sandbox->Your Data.
In addition to that, the sandbox settings contain the information of two test merchants.
ISVs can use any of those merchants as authorizers for making requests against the Sandbox API Gateway, as well as implementing the authorization OAuth2 flow.
Description of fields on Settings->Sandbox->Merchant's Data:
| Field | Description | Usage |
|---|---|---|
| Partner ID | The partner ID of the given merchant | 1. clientId for OAuth2 requests2. aud JWT claim for operational API communication |
| Partner Secret | The secret of the given merchant | clientSecret for OAuth2 requests |
| Authorization Token | A generated authorization access token (as would have been generated by the OAuth2 API) | sub JWT claim for operational API communication |
| Authorization Granted (toggle) | Toggle the state of the token between GRANTED and REVOKED |
Test authorization token flows UX (see diagrams on Authorization page) |
In production you are limited to the merchant endpoint only.
¶ Payment Institution Sandbox Settings
Payment Institutions have the same private and public key on Settings->Sandbox->Your Data.
They also have access to two test merchants, in order to test their API integration from all sides. Payment institutions can use those merchants as the other side of the P2B integration.
Description of fields on Settings->Sandbox->Merchant's Data:
| Field | Description | Usage |
|---|---|---|
| Partner ID | The partner ID of the given merchant | iss JWT claim for operational API communication |
| Private Key | The private key of the given merchant | Sign JWT tokens for operational API communication |
Your sandbox partner IDs (two for merchants and two for a payment institutions, so you can test integration from either side) are located in the Sandbox area of the settings section of payware portal. The user interface enables you to provide a public key for your sandbox environment as well as obtain the payware public key of the sandbox.
The sandbox API is fully functional and you are allowed to use both the merchant and the payment institution endpoints for testing purposes. You must provide the appropriate partner ID when invoking the APIs.
In production you are limited to the payment institution endpoint only.
¶ Test toolkit
payware provides a set of integration tools. Their use is not required for a successful integration. The same functionality is available through payware APIs and partners are free to use them as testing mean.
¶ Mobile banking / E-wallet Application
Merchants can verify the generated qr/barcodes with the payware PI toolkit. Install the application from 
.
The Android application scans qr/barcodes generated in the Sandbox environment. It allows creation of parametrized transactions. Sharing those via clickable deep links, enables p2p payments across payment institutions.
It has the options to Confirm, Decline or Fail a test transaction (with a reason).
¶ Sandbox webPOS app
Payment institutions can verify mobile banking and e-wallet applications integrations by scanning and processing orders on webPOS app. Using webPOS, payment apps integrators can test payments initiation and processing over:
- NFC (unidirectional: webPOS as reader on Android Chrome)
- Link (unidirectional: webPOS as link provider)
- QR and barcode (bidirectional)
- Text (bidirectional)
Use 111111 or 222222 as webPOS IDs for testing purposes.
¶ POS Shop emulator page
Payment institutions can verify mobile banking and e-wallet applications integrations by scanning and processing orders on POS Demo Store page. The orders have fixed payee, amount, currency and TTL. However, those could be customized through additional parameters in the address bar. See the instructions on the page.
They transaction identifiers are available in QR code, barcode and deep link formats.
¶ Scanner Application
Payment institutions can download an Android app which simulates a scan of the payment institution customer account by the payware Demo Store cashier qr/barcode reader. Within that app you can specify the payment institution id and the account id to be pushed back to your servers. Install the application from