Quick Start: Test Your Payment Integration in 5 Minutes

Team June 3, 2026 2 min read 33 views

Test your integration in 5 minutes

Use our public Sandbox API Playground with shared test credentials. No real money is charged — orders never reach live payment providers.

Step 1: Get sandbox credentials

Open /sandbox. Copy App ID, API Key (for signing), and Query Key (for order lookup).

Step 2: Create a test order

Use the Playground form or send a signed POST to /api/createorder:

curl -X POST "https://your-domain.com/api/createorder" \
  -H "Content-Type: application/json" \
  -d '{
    "appid": "YOUR_SANDBOX_APPID",
    "action": "createorder",
    "clientip": "127.0.0.1",
    "amount": "9.99",
    "currency": "USD",
    "paymentMethod": "alipay",
    "description": "Test order",
    "notify_url": "https://your-domain.com/api/sandbox/webhook-receiver",
    "sign_type": "MD5",
    "sign": "CALCULATED_MD5_SIGN"
  }'

The Playground calculates the MD5 signature for you. See API docs — Signature for the algorithm.

Step 3: Simulate payment

Open the redirectUrl from the create-order response (or use Simulate pay in the Playground). Click Simulate Success. The gateway queues a webhook to your notify_url.

Step 4: Verify webhook signature

Callbacks are sent as GET with query parameters including sign and sign_type=MD5. Verify using the same algorithm as create-order, with your API Key.

// Node.js example (conceptual)
const crypto = require('crypto');
function verifyCallback(params, apiKey) {
  const copy = { ...params };
  delete copy.sign;
  delete copy.sign_type;
  const keys = Object.keys(copy).filter(k => copy[k] != null).sort();
  const str = keys.map(k => k + '=' + copy[k]).join('&') + apiKey;
  const expected = crypto.createHash('md5').update(str).digest('hex');
  return expected === params.sign;
}

Your server must respond with plain text success (case-insensitive).

Step 5: Query order status

GET /api/order?action=order&appid=APPID&key=QUERY_KEY&paymentId=ORDER_ID

Or poll the public endpoint: GET /api/order/status/:orderId

Going to production

Register a merchant account and use your production appid, apikey, and key.
Set your real notify_url in account settings or per order.
Never expose API Key in client-side code.
Always verify webhook signatures server-side.

Full reference: API Documentation · Live testing: Sandbox Playground

Tags: api, sandbox, integration, webhook

← All posts