Testing

Testing your integration

Test in layers: smoke-test the public ring, build against the sandbox, simulate webhooks and errors, then gate your release on all three. The rings make each layer cheap.

2 min read

Public smokeNo token
SandboxBuild tier
SimulateWebhooks + errors

Layer 1: public smoke test

Before anything else, confirm the ring is reachable and your assumptions about shapes hold — three unauthenticated calls (healthz, products, quote). This catches connectivity and CORS problems in seconds, with no credentials.

Layer 2: the sandbox project

Build partner flows against the sandbox project — its own credentials and its own bucket, fixed at the build tier — so a test run never touches live data or quotas. Verify auth, application submission, decision reads and payment provisioning end to end here.

Layer 3: failure paths

Test the unhappy paths deliberately: force a 429 to check your back-off, send an out-of-range quote to exercise your 422 handling, and replay a webhook to prove your consumer is idempotent. Gate your release on all three layers passing.

Frequently asked questions

Can I load-test against the sandbox?

Not meaningfully — sandbox is fixed at the build tier (10 req/s) for correctness, not throughput. Test logic there; test scale against live within your tier's ceiling and during a low-traffic window.

How do I test my webhook handler?

Replay a delivery (or send a duplicate) and assert your handler verifies the signature, de-duplicates on the event ID, and is a no-op on the replay. Also feed it a bad signature and assert it rejects with a 400.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.