Table of contents

Heading 2
Precium API Docs
Precium Server-to-Server API
Test scenarios

Test scenarios

Precium S2S Testing Checklist

This document provides a comprehensive testing checklist to ensure your integration handles all payment scenarios correctly before going live.

Pre-Testing Setup

Before running tests, ensure you have:

  • Sandbox API credentials configured
  • Standard API Key and S2S API Key available
  • Brand ID configured for sandbox
  • Webhook endpoint deployed and accessible
  • Logging enabled for all API calls and responses
  • Test card numbers ready (see Test Cards Reference below)

Test Categories Overview

|Category|Tests|Priority| |---|---|---| |Happy Path|8|Critical| |Pre-Authorization & Capture|6|Critical| |Void/Cancel Operations|4|High| |Refund Scenarios|5|High| |Error Handling|12|Critical| |3DS Scenarios|5|Critical| |Webhook Integration|8|Critical| |Edge Cases|7|Medium| |External Integrations|4|Conditional| |Security & Compliance|6|Critical|

Total: 65 test cases

1. Happy Path Tests

1.1 Standard CIT Payment with Internal 3DS

Test Card: 4000000000001091 (3DS required)

|Step|Action|Expected Result| |---|---|---| |1|Create client|Returns client ID| |2|Create purchase (amount: 10000, force_recurring: true)|Returns purchase ID and direct_post_url| |3|Submit card data with browser fingerprint|Returns 3DS parameters or ready status| |4|Complete 3DS challenge|Redirects to callback URL| |5|POST to callback with MD and PaRes|Returns success| |6|Verify purchase status|Status: "paid"| |7|Check for token|payment_method_details.card.token present| |8|Check for network_transaction_id|Value present for MIT use|

1.2 Standard CIT Payment without 3DS Challenge

Test Card: 4000000000001000 (No 3DS)

|Step|Action|Expected Result| |---|---|---| |1|Create client|Returns client ID| |2|Create purchase|Returns purchase ID| |3|Submit card data|No 3DS parameters returned| |4|Charge purchase|Status: "paid"|

1.3 Zero Authorization (Card Validation)

Test Card: 4000000000001091

|Step|Action|Expected Result| |---|---|---| |1|Create client|Returns client ID| |2|Create purchase with amount: 0|Returns purchase ID| |3|Submit card data|3DS flow initiated| |4|Complete 3DS|Success| |5|Verify no charge|Amount authorized: 0| |6|Verify token generated|Token present (if force_recurring: true)|

1.4 MIT Recurring Charge

Prerequisite: Completed CIT with token stored

|Step|Action|Expected Result| |---|---|---| |1|Create MIT purchase with token reference|Returns purchase ID| |2|Include previous_network_transaction_id|Accepted| |3|Include original_amount_cents|Accepted| |4|Submit with stored token (no CVV)|Ready for charge| |5|Charge purchase|Status: "paid"| |6|Verify no 3DS required|No 3DS challenge|

1.5 Mastercard Payment

Test Card: 5555555555554444

|Step|Action|Expected Result| |---|---|---| |1|Complete standard flow|Success| |2|Verify card brand in response|brand: "mastercard"|

1.6 Multiple Products in Single Purchase

|Step|Action|Expected Result| |---|---|---| |1|Create purchase with multiple products|Total calculated correctly| |2|Complete payment|Full amount charged|

1.7 Payment with Metadata

|Step|Action|Expected Result| |---|---|---| |1|Create purchase with metadata|Accepted| |2|Complete payment|Success| |3|Retrieve purchase|Metadata preserved| |4|Receive webhook|Metadata included|

1.8 Different Currency (if supported)

|Step|Action|Expected Result| |---|---|---| |1|Create purchase with USD currency|Accepted| |2|Complete payment|Charged in USD|

2. Pre-Authorization & Capture Tests

2.1 Pre-Auth with Full Capture

Test Card: 4000000000001091

|Step|Action|Expected Result| |---|---|---| |1|Create purchase (amount: 50000)|Returns purchase ID| |2|Submit card and complete 3DS|Authorization successful| |3|Verify status|Status: "authorized"| |4|Capture full amount|Status: "paid"| |5|Verify captured amount|amount: 50000|

2.2 Pre-Auth with Partial Capture

|Step|Action|Expected Result| |---|---|---| |1|Create and authorize (amount: 50000)|Status: "authorized"| |2|Capture partial amount (35000)|Status: "paid"| |3|Verify captured amount|amount: 35000| |4|Verify remaining released|No hold for remaining 15000|

2.3 Pre-Auth with Multiple Partial Captures

|Step|Action|Expected Result| |---|---|---| |1|Authorize 100000|Status: "authorized"| |2|First capture: 30000|Success, remaining: 70000| |3|Second capture: 40000|Success, remaining: 30000| |4|Third capture: 30000|Success, fully captured| |5|Fourth capture attempt|Error: nothing remaining|

2.4 Pre-Auth without CVV (Token-based)

Prerequisite: Stored token from previous CIT

|Step|Action|Expected Result| |---|---|---| |1|Create purchase with is_recurring: true|Accepted| |2|Submit with token, CVV: "000"|Accepted| |3|Authorization completes|Status: "authorized"| |4|Capture|Status: "paid"|

2.5 Capture Exceeding Authorization

|Step|Action|Expected Result| |---|---|---| |1|Authorize 50000|Status: "authorized"| |2|Attempt capture of 60000|Error: capture_amount_exceeds_authorization|

2.6 Authorization Expiry Handling

|Step|Action|Expected Result| |---|---|---| |1|Note: May require waiting or test mode|—| |2|Attempt capture on expired auth|Error: authorization_expired| |3|Verify appropriate error handling|User-friendly message|

3. Void/Cancel Tests

3.1 Void Pre-Authorization

|Step|Action|Expected Result| |---|---|---| |1|Create and authorize purchase|Status: "authorized"| |2|Call cancel endpoint|Status: "cancelled"| |3|Verify funds released|No hold on card| |4|Attempt capture after void|Error: already_voided|

3.2 Void Capture (Same Day, Before Settlement)

|Step|Action|Expected Result| |---|---|---| |1|Complete payment|Status: "paid"| |2|Void same day|Status: "cancelled"| |3|Verify immediate reversal|Funds released|

3.3 Void After Settlement (Should Fail)

|Step|Action|Expected Result| |---|---|---| |1|Attempt void on settled transaction|Error: void_not_permitted| |2|Verify error message|Suggests using refund|

3.4 Void Refund (Before Settlement)

|Step|Action|Expected Result| |---|---|---| |1|Process refund|Refund ID returned| |2|Void refund same day|Success| |3|Verify original charge intact|Full amount charged|

4. Refund Scenarios

4.1 Full Refund

|Step|Action|Expected Result| |---|---|---| |1|Complete payment (29900)|Status: "paid"| |2|Request full refund|Status: "refunded"| |3|Verify refund amount|amount: 29900| |4|Receive webhook|Event: purchase.refunded|

4.2 Partial Refund

|Step|Action|Expected Result| |---|---|---| |1|Complete payment (50000)|Status: "paid"| |2|Request partial refund (20000)|Success| |3|Verify remaining|30000 still charged| |4|Verify refund details|Refund ID, amount: 20000|

4.3 Multiple Partial Refunds

|Step|Action|Expected Result| |---|---|---| |1|Complete payment (100000)|Status: "paid"| |2|First refund (25000)|Success, remaining: 75000| |3|Second refund (25000)|Success, remaining: 50000| |4|Third refund (50000)|Success, remaining: 0| |5|Fourth refund attempt|Error: nothing to refund|

4.4 Refund Exceeding Original Amount

|Step|Action|Expected Result| |---|---|---| |1|Complete payment (30000)|Status: "paid"| |2|Request refund (40000)|Error: exceeds original|

4.5 Refund Exceeding Remaining Amount

|Step|Action|Expected Result| |---|---|---| |1|Complete payment (50000)|Status: "paid"| |2|First refund (30000)|Success| |3|Second refund (30000)|Error: exceeds remaining|

5. Error Handling Tests

5.1 Card Declined - Generic

Test Card: 4000000000000002

|Step|Action|Expected Result| |---|---|---| |1|Submit declined card|Error returned| |2|Verify error code|do_not_honour| |3|Verify user-friendly message|Appropriate message|

5.2 Expired Card

Test Card: 4000000000000069

|Step|Action|Expected Result| |---|---|---| |1|Submit expired card|Error: expired_card| |2|Verify message|"Card has expired"|

5.3 Insufficient Funds

|Step|Action|Expected Result| |---|---|---| |1|Submit card with insufficient funds|Error: insufficient_funds| |2|Verify soft decline|Can retry later|

5.4 Invalid CVC

Test Card: 4000000000000127

|Step|Action|Expected Result| |---|---|---| |1|Submit with wrong CVC|Error: cvc_check_failed|

5.5 Invalid Card Number

Test Input: 4111111111111112 (fails Luhn)

|Step|Action|Expected Result| |---|---|---| |1|Submit invalid card number|Error: invalid_card_number| |2|Verify validation message|Clear error message|

5.6 Invalid Expiry Format

|Step|Action|Expected Result| |---|---|---| |1|Submit wrong format|Error: invalid_expires| |2|Test: "2028/12", "1228"|All fail| |3|Correct: "12/28"|Success|

5.7 Processing Error

Test Card: 4000000000000119

|Step|Action|Expected Result| |---|---|---| |1|Trigger processing error|Error returned| |2|Verify retry logic|Exponential backoff|

5.8 Missing Required Fields

|Step|Action|Expected Result| |---|---|---| |1|Submit without client_id|Validation error| |2|Submit without brand_id|Validation error| |3|Submit without currency|Validation error| |4|Submit without products|Validation error|

5.9 Invalid API Key

|Step|Action|Expected Result| |---|---|---| |1|Use invalid API key|HTTP 401| |2|Use wrong key type|Error returned| |3|Use expired key|HTTP 401|

5.10 Network Timeout Handling

|Step|Action|Expected Result| |---|---|---| |1|Simulate network timeout|Error caught| |2|Verify retry logic|Retries with backoff| |3|Verify idempotency|No duplicate charges|

5.11 Duplicate Charge Prevention

|Step|Action|Expected Result| |---|---|---| |1|Submit charge request|Success| |2|Resubmit same request|Idempotent response| |3|Verify only one charge|Single transaction|

5.12 Expired Direct Post URL

|Step|Action|Expected Result| |---|---|---| |1|Create purchase|Get direct_post_url| |2|Use URL once|Success| |3|Reuse URL|Error: expired|

6. 3DS Scenarios

6.1 3DS Challenge Flow (Internal)

Test Card: 4000000000001091

|Step|Action|Expected Result| |---|---|---| |1|Submit card requiring 3DS|3DS parameters returned| |2|Verify 3DS fields|MD, PaReq, URL, callback_url| |3|Redirect to 3DS URL|Bank page loads| |4|Complete challenge|Redirects to callback| |5|Submit callback|Payment completes|

6.2 3DS Authentication Failed

|Step|Action|Expected Result| |---|---|---| |1|Initiate 3DS|Challenge presented| |2|Fail authentication|Error: 3ds_authentication_failed| |3|Verify retry available|Can retry|

6.3 3DS Timeout

|Step|Action|Expected Result| |---|---|---| |1|Initiate 3DS|Challenge presented| |2|Allow timeout|Error: timeout| |3|Verify graceful handling|User-friendly message|

6.4 Frictionless 3DS

Test Card: 4000000000001000

|Step|Action|Expected Result| |---|---|---| |1|Submit low-risk transaction|No challenge| |2|Verify frictionless|Success without redirect|

6.5 3DS Data in Response

|Step|Action|Expected Result| |---|---|---| |1|Complete 3DS transaction|Success| |2|Verify ECI value|Present| |3|Verify CAVV|Present|

7. Webhook Tests

7.1 Receive purchase.paid Event

|Step|Action|Expected Result| |---|---|---| |1|Complete payment|Webhook received| |2|Verify event type|purchase.paid| |3|Verify payload|All fields present| |4|Verify purchase_id|Matches transaction|

7.2 Receive purchase.payment_failure Event

|Step|Action|Expected Result| |---|---|---| |1|Submit declined card|Payment fails| |2|Receive webhook|purchase.payment_failure| |3|Verify error details|Error code included|

7.3 Receive purchase.refunded Event

|Step|Action|Expected Result| |---|---|---| |1|Process refund|Completes| |2|Receive webhook|purchase.refunded| |3|Verify details|Amount, refund_id|

7.4 Receive purchase.authorized Event

|Step|Action|Expected Result| |---|---|---| |1|Complete pre-auth|Holds funds| |2|Receive webhook|purchase.authorized| |3|Verify details|Amount, expiry|

7.5 Signature Verification - Valid

|Step|Action|Expected Result| |---|---|---| |1|Receive webhook|Headers present| |2|Verify signature|Matches computed| |3|Verify timestamp|Within 5 minutes| |4|Process webhook|Success|

7.6 Signature Verification - Invalid

|Step|Action|Expected Result| |---|---|---| |1|Receive tampered webhook|—| |2|Verify signature|Mismatch detected| |3|Reject webhook|HTTP 401| |4|No processing|No action taken|

7.7 Duplicate Webhook Handling

|Step|Action|Expected Result| |---|---|---| |1|Receive webhook|Process| |2|Receive same again|Detect duplicate| |3|Return HTTP 200|Acknowledge| |4|Do not reprocess|Idempotent|

7.8 Webhook Timeout Recovery

|Step|Action|Expected Result| |---|---|---| |1|Simulate timeout|Precium retries| |2|Fix endpoint|Next retry succeeds| |3|Verify no data loss|Event processed|

8. Edge Cases

8.1 Very Small Amount

|Step|Action|Expected Result| |---|---|---| |1|Create purchase (amount: 1)|Accepted| |2|Complete payment|Success|

8.2 Very Large Amount

|Step|Action|Expected Result| |---|---|---| |1|Create large purchase|Accepted or limit error| |2|Verify handling|Appropriate response|

8.3 Special Characters in Fields

|Step|Action|Expected Result| |---|---|---| |1|Name with accents|Handled| |2|Special characters|Handled| |3|Verify encoding|UTF-8 preserved|

8.4 Token Expiry

|Step|Action|Expected Result| |---|---|---| |1|Use expired token|Error: token_expired| |2|Verify handling|Prompts re-tokenization|

8.5 Concurrent Requests

|Step|Action|Expected Result| |---|---|---| |1|Send multiple simultaneous|All handled| |2|Verify no race conditions|No duplicates| |3|Verify data integrity|All correct|

8.6 Client Reuse

|Step|Action|Expected Result| |---|---|---| |1|Create client once|ID stored| |2|Use for multiple purchases|All succeed| |3|Verify consistency|Data unchanged|

8.7 Browser Fingerprint Variations

|Step|Action|Expected Result| |---|---|---| |1|Minimal fingerprint|Accepted| |2|Full fingerprint|Accepted| |3|Missing optional fields|Handled|

9. External Integration Tests

Complete if using external 3DS or network tokens

9.1 External 3DS (MPI) Flow

|Step|Action|Expected Result| |---|---|---| |1|Complete 3DS with MPI|Auth data obtained| |2|Create purchase (is_external_3DS: true)|Accepted| |3|Include CAVV, ECI, transaction ID|Validated| |4|Complete payment|Success|

9.2 External 3DS - Invalid Data

|Step|Action|Expected Result| |---|---|---| |1|Submit invalid CAVV|Error| |2|Submit missing fields|Error| |3|Submit wrong ECI format|Error|

9.3 Network Token Provisioning

|Step|Action|Expected Result| |---|---|---| |1|Submit network token|Accepted| |2|Include cryptogram|Validated| |3|Complete payment|Success|

9.4 Network Token - Expired Cryptogram

|Step|Action|Expected Result| |---|---|---| |1|Submit expired cryptogram|Error| |2|Verify handling|Prompts refresh|

10. Security & Compliance Tests

10.1 API Key Security

|Step|Action|Expected Result| |---|---|---| |1|Check client-side code|Keys not exposed| |2|Check logs|Keys masked| |3|Verify HTTPS only|No HTTP|

10.2 Card Data Handling

|Step|Action|Expected Result| |---|---|---| |1|Check logs|Card numbers masked| |2|Check storage|CVV not stored| |3|Check URLs|Card data in POST only|

10.3 Token Storage Security

|Step|Action|Expected Result| |---|---|---| |1|Verify encryption|Encrypted at rest| |2|Verify access control|Auth required| |3|Verify UI|Tokens masked|

10.4 Webhook Endpoint Security

|Step|Action|Expected Result| |---|---|---| |1|Verify HTTPS|HTTP rejected| |2|Verify signature|Invalid rejected| |3|Verify timestamp|Old rejected|

10.5 Error Message Security

|Step|Action|Expected Result| |---|---|---| |1|Check errors|No sensitive data| |2|Check responses|No internal details| |3|Check customer messages|Generic/friendly|

10.6 Rate Limiting Handling

|Step|Action|Expected Result| |---|---|---| |1|Exceed rate limits|HTTP 429| |2|Verify backoff|Implements retry| |3|Verify recovery|Resumes normally|

Test Cards Reference

Success Cards

|Card Number|Brand|3DS|Behavior| |---|---|---|---| |`4000000000001091`|Visa|Yes|Success with 3DS| |`4000000000001000`|Visa|No|Success without 3DS| |`5555555555554444`|Mastercard|Yes|Success|

Decline Cards

|Card Number|Error Code|Description| |---|---|---| |`4000000000000002`|do_not_honour|Generic decline| |`4000000000000069`|expired_card|Expired card| |`4000000000000127`|cvc_check_failed|Invalid CVC| |`4000000000000119`|processing_error|Processing error|

Test CVCs

|CVC|Behavior| |---|---| |`123`|Success| |`000`|Bypass (recurring)|

Test Expiry

Use any future date in MM/YY format. Recommended: 12/28

Go-Live Checklist

Before going live, ensure:

  • All critical tests passed
  • All high-priority tests passed
  • Known issues documented and accepted
  • Production credentials obtained
  • Production webhook URL configured
  • Monitoring and alerting configured
  • Support contact information documented
Subscribe
Join our newsletter to stay up to date on features and releases.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.
Solutions
Payment processingPayment recovery
Use Case
E-commerce
Financial Services
International
Resources
MagazinePayment Glossary
Company
About UsCareers
© current-year Precium. All rights reserved.
Privacy PolicyTerms of ServicePAIA ManualCookie PolicyCookie Preferences
/precium
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept