Sandbox & Testing
Synthetic test credentials, test accounts, and a complete scenario coverage matrix for testing all 14 endpoints in the sandbox environment.
The sandbox mirrors production behavior with synthetic data. No real funds are processed. All PANs, account IDs, and institution IDs on this page are fictional and safe to share.
Test Credentials
# Request credentials from the QwikLive Developer Portal (sandbox tier)
client_id: sandbox-client-<your-id>
client_secret: sandbox-secret-<your-secret>
# Fixed headers for every sandbox request
x-correlation-id: <generate fresh UUID v4 per request>
partnerId: PARTNER-ATM-001
Content-Type: application/json
# URL pattern
POST https://{sandbox-host}/api/ssb/accountservices/v1/{endpoint}
Test Accounts & Cards
| ID / PAN | Type | Balance | Sandbox Scenario |
|---|---|---|---|
543100XXXXXXXXX0781 |
Debit Card PAN | — | Standard card — happy path for all card-present operations |
DDA1234567890 |
DDA Account | $4,821.50 | Primary checking — all transaction types |
SAV9876543210 |
SDA Account | $12,400.00 | Savings account — transfer destination |
DDA0000000000 |
DDA Account | $0.00 | Zero balance — triggers responseCode 110 (Insufficient Funds) |
DDA9999999999 |
DDA Account | $999,999.99 | High-balance account — large amount tests |
000100 |
Institution ID | — | Default test financial institution |
600001 |
Biller ID / BIN | — | Test biller for bill payment scenarios |
Scenario Coverage Matrix
Use the following key values to exercise each endpoint and scenario in the sandbox:
| Endpoint | Scenario | Key Values to Use |
|---|---|---|
GET /api/health |
Connectivity check | No auth required. Expect: "status": "ok" |
POST /preferences/retrieve |
Retrieve stored profile | institution.id=000100, card.pan=543100XXXXXXXXX0781 |
POST /preferences |
Add full profile | profileData.language=ENG, fastCashAmount=020 |
POST /preferences |
Set neverAsk mode | profileData: { "neverAsk": true } |
POST /preferences/delete |
Delete profile (idempotent) | institution.id=000100, card.pan=543100XXXXXXXXX0781 |
POST /accounts |
Account lookup | card.pan=543100XXXXXXXXX0781, institution.id=000100 |
POST /accounts/balance |
Balance inquiry — funded | paymentInstrument.account.id=DDA1234567890 |
POST /accounts/balance |
Balance inquiry — zero balance | paymentInstrument.account.id=DDA0000000000 |
POST /transactions/debits |
Cash withdrawal $200 | account=DDA1234567890, amount=200.00, type=CASHWITHDRAWAL |
POST /transactions/debits/reverse |
Reversal after dispense failure | reverseInfo.reasonCode=UNABLE_TO_DISPENSE, same RRN as original |
POST /transactions/credits |
Cash deposit $500 | type=CASHDEPOSIT, cash.amount=500.00 |
POST /transactions/credits |
Check deposit | type=CHECKDEPOSIT, check.totAmount=250.00 |
POST /transactions/credits/reverse |
Deposit reversal | reverseInfo.reasonCode=DEPOSIT_ERROR |
POST /transactions/transfers |
Transfer DDA → SAV | paymentInstrument=DDA1234567890, beneficiaryInstrument=SAV9876543210 |
POST /transactions/transfers/reverse |
Transfer reversal | reverseInfo.reasonCode=TRANSFER_ERROR |
POST /transactions/billpayments |
Bill payment $150 | biller.institutionId=600001, biller.bin=600001 |
POST /transactions/cardless |
Cardless QR withdrawal | No card.pan — use account.id only. type=CARDLESSWITHDRAWAL |
Testing Tips
Generate Fresh Correlation IDs
Always generate a new UUID v4 for x-correlation-id for every request. Reusing IDs in the sandbox can cause confusion when reviewing logs.
RRN Format
The transaction.rrn must be exactly 12 numeric digits. Use a format that encodes date + sequence for easier debugging, e.g., 250603001001 (YYMMDD + sequence).
Reversal RRNs
Reversals should use a different RRN from the original transaction (they are a new transaction) but reference the original via reverseInfo.authId. If a 504 timeout occurs on the original transaction, retry with the same original RRN.
Do not mix profileData fields and neverAsk: true in the same preference upsert request — this returns a 400 Bad Request. Use one mode or the other.
Bill Payment — biller.bin Required
From EAPI v1.0.5, biller.bin is required on all bill payment requests. Omitting it returns 400 Bad Request. Use 600001 in sandbox.