# Test credentials

KwikPaisa provides a Sandbox environment for safely testing payment and payout integrations before moving to production.

The Sandbox environment allows merchants to:

* Test API integrations
* Validate signature generation
* Simulate payment flows
* Test payout processing
* Verify webhook handling
* Build and debug applications safely

No real money movement occurs in the Sandbox environment.

***

## Sandbox Base URL

```http
https://sandbox.kwikpaisa.com
```

## Test Credentials

Sandbox credentials are provided during merchant onboarding.

Example test credentials:

```
X-API-KEY: pk_test_xxxxxxxxxSECRET_KEY: sk_test_xxxxxxxxx
```

## Required Headers

```http
Content-Type: application/json
Accept: application/json
X-API-KEY: pk_test_xxxxxxxxx
X-SIGNATURE: GENERATED_SIGNATURE
X-TIMESTAMP: GENERATED_TIMESTAMP
```

## Sandbox Features

The Sandbox environment supports:

* Payment Gateway APIs
* Hosted Checkout Testing
* Payout API Testing
* Webhook Testing
* Signature Validation
* Transaction Status Verification
* Error Response Testing

## Supported Testing Areas

### Payment Testing

You can test:

* Order creation
* Hosted checkout flow
* Payment status verification
* Failed payment handling
* Expired transactions

### Payout Testing

You can test:

* Wallet balance inquiry
* Payout initiation
* Payout status verification
* Failed payouts
* Retry handling

### Webhook Testing

You can test:

* Payment webhooks
* Payout webhooks
* Signature verification
* Duplicate event handling
* Retry workflows

#### Example Sandbox API Request

```bash
curl --request POST \
--url https://sandbox.kwikpaisa.com/api/v3/pg/order/create \
--header "Content-Type: application/json" \
--header "Accept: application/json" \
--header "X-API-KEY: pk_test_xxxxxxxxx" \
--header "X-SIGNATURE: GENERATED_SIGNATURE" \
--header "X-TIMESTAMP: GENERATED_TIMESTAMP" \
--data '{
  "order_id": "TEST_ORDER_1001",
  "order_amount": "10.00",
  "order_currency": "INR"
}'
```

## Sandbox Testing Recommendations

Before moving to production, test:

* Signature generation
* Timestamp validation
* Payment success flow
* Payment failure flow
* Payout success flow
* Payout failure flow
* Webhook verification
* Retry handling
* Duplicate request protection

## Important Notes

* Sandbox transactions are simulated only
* No real settlements occur
* Sandbox UTR numbers are test references
* Test credentials work only in Sandbox
* Production credentials will not work in Sandbox

## Environment Separation

| Environment | Base URL                        |
| ----------- | ------------------------------- |
| Sandbox     | `https://sandbox.kwikpaisa.com` |
| Production  | `https://api.kwikpaisa.com`     |

## Common Sandbox Errors

### 401 Unauthorized

Possible reasons:

* Invalid test API key
* Incorrect signature
* Expired timestamp

***

### 403 Invalid Wallet ID

Possible reasons:

* Using production wallet in Sandbox
* Invalid test wallet ID

***

### Invalid Signature

Possible reasons:

* Incorrect secret key
* Modified payload
* Wrong signature logic

***

## Security Recommendations

* Never use production credentials in development environments
* Store test credentials securely
* Regenerate signatures for every request
* Validate webhook signatures even in Sandbox

***

## Best Practices

* Complete full end-to-end testing
* Test both success and failure flows
* Verify retry handling
* Validate API responses carefully
* Test webhook security thoroughly

***

## Moving to Production

Before going live:

* Replace Sandbox credentials
* Update API base URLs
* Configure production webhooks
* Enable production IP whitelisting
* Verify live payout configurations
* Complete security validation


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developers.kwikpaisa.com/v3-guide/testing-and-sandbox/test-credentials.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.