# UAT testing

User Acceptance Testing (UAT) is the final validation phase before moving your KwikPaisa integration to production.

UAT helps merchants verify:

* End-to-end transaction workflows
* Payment processing
* Payout execution
* Webhook handling
* Security implementation
* Error handling
* Reconciliation systems

The goal of UAT is to ensure your application behaves correctly under real-world transaction scenarios.

***

## Why UAT Testing is Important

UAT testing helps identify:

* Integration issues
* Incorrect API handling
* Signature validation problems
* Webhook failures
* Duplicate transaction risks
* Reconciliation mismatches
* Retry handling issues

Completing proper UAT testing significantly reduces production risks.

***

## Recommended UAT Scope

Merchants should test:

| Area                       | Required |
| -------------------------- | -------- |
| Payment Gateway            | Yes      |
| Hosted Checkout            | Yes      |
| Payout APIs                | Yes      |
| Webhook Verification       | Yes      |
| Signature Generation       | Yes      |
| Retry Handling             | Yes      |
| Error Handling             | Yes      |
| Transaction Reconciliation | Yes      |

***

## UAT Environment

Use the Sandbox environment for all UAT testing.

### Sandbox Base URL

```http
https://sandbox.kwikpaisa.com
```

## UAT Test Credentials

Example Sandbox credentials:

```
X-API-KEY: pk_test_xxxxxxxxx
SECRET_KEY: sk_test_xxxxxxxxx
```

***

## Recommended UAT Scenarios

### Payment Gateway Testing

Validate:

* Order creation
* Hosted checkout redirects
* Successful payments
* Failed payments
* Expired sessions
* Order status verification

***

### Payout Testing

Validate:

* Wallet balance inquiry
* Successful payouts
* Failed payouts
* Insufficient balance handling
* Payout status verification
* Retry handling

***

### Webhook Testing

Validate:

* Webhook delivery
* Signature verification
* Duplicate webhook handling
* Retry handling
* Webhook logging
* Server-side transaction verification

***

## Signature Validation Testing

Ensure:

* HMAC SHA256 generation works correctly
* Timestamps are validated properly
* Invalid signatures are rejected
* Replay attack protection is functioning

***

## Retry Handling Validation

Test:

* Processing transaction retries
* Delayed payout handling
* Timeout workflows
* Duplicate request prevention
* Idempotent transaction handling

***

## Recommended UAT Checklist

Before production go-live, verify:

* API authentication works correctly
* Payment flow completes successfully
* Payout flow works properly
* Webhook signatures are validated
* Transaction statuses are reconciled
* Retry handling works safely
* Duplicate transactions are prevented
* Logs are stored correctly
* Error handling is implemented properly

***

## Example UAT Workflow

### Payment Flow

1. Create payment order
2. Redirect customer to checkout
3. Complete payment
4. Receive webhook notification
5. Verify payment status using APIs
6. Update internal order status

***

### Payout Flow

1. Check wallet balance
2. Initiate payout
3. Track payout status
4. Verify webhook notification
5. Store UTR/reference number
6. Reconcile payout records

***

## Common UAT Issues

### Invalid Signature

Possible reasons:

* Incorrect secret key
* Modified payload
* Incorrect JSON formatting

***

### Expired Timestamp

Possible reasons:

* System clock mismatch
* Delayed API requests
* Reused timestamps

***

### Webhook Verification Failure

Possible reasons:

* Incorrect webhook secret
* Invalid signature logic
* Modified webhook payload

***

## Logging Recommendations

During UAT, merchants should log:

* API requests
* API responses
* Webhook payloads
* Signature generation logs
* Retry attempts
* Error responses

These logs help identify integration issues quickly.

***

## Security Recommendations

* Use HTTPS only
* Never expose secret keys
* Generate signatures server-side
* Validate all webhook signatures
* Separate Sandbox and production credentials

***

## Best Practices

* Complete full end-to-end testing
* Test all success and failure scenarios
* Validate retry workflows carefully
* Verify transaction reconciliation
* Ensure webhook idempotency
* Perform multiple transaction cycles

***

## Production Readiness Checklist

Before moving live:

* UAT testing completed successfully
* Webhook verification implemented
* Retry handling configured
* Security validation completed
* Transaction reconciliation verified
* Monitoring systems enabled
* Production credentials configured


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developers.kwikpaisa.com/v3-guide/testing-and-sandbox/uat-testing.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.