Payment API testing

How to perform Payment testing using API ? Please suggest any ideas.

1 Like

Hi Anurag

It depends on the nature of the payment gateway.

The payment gateways are difficult to test because they embed the payment form into an i-frame. Depending on the sandbox settings of the i-frame, you can’t usually interact with them. This is an intended security mechanism to prevent payment details (card number etc.) from being stolen.

If your intention is to test the payment form itself, then you would be best off using selenium or other UI testing tools.

If your intention is to test the actual API (to test if your particular configuration is working), keeping in mind the payment gateway provider has probably already tested their API, you will have to obtain a test/development account and further refer to the gateway API to see how to implement it.

There is no rule here because they all differ between themselves.

If you could provide more context (e.g test cases, gateway provider…) about your question, I may be able to help further.

I hope this helps though.



Hi Anarug, you are welcome.

I am wondering why we want to test the API here. I know it’s the top of the testing triangle, do you mean testing it as a customer or as a seller? Just so we get the use-case right. I am assuming the latter.

Is the api a web service, in which case, that’s your first point of interest. But to be fair, it’s all jsut code, and by definition will be dev-tested for the obvious things anyway. What exactly are your criteria? What are the kinds of business risks you are mitigating?


We have a very basic payment API that isn’t used too much, but is included in regression testing - via Stripe. We trust that the API is being tested by their devs, but they also provided us with a sandbox test account with specific credentials that we use on staging. Do you have something similar? If not, it would be easiest to try and get them to set it up for you. For ours, they gave us a test credit card number to use so when Stripe sees a payment being made with that credit card number, it validates the purchase and notes in their system it’s an internal test so is deleted. Once you have the sandbox, any automated tool can be used for this as long as you use the right credentials they provide.