Testing
Test cards, test mobile numbers, and sandbox environment details for development and integration testing.
Use the Sandbox environment and test data to develop and validate your integration before moving to UAT and Production.
Environments
| Environment | Base URL | Purpose |
|---|---|---|
| Sandbox | https://sandbox-api.m2p.com | Development and functional testing |
| UAT | https://uat-api.m2p.com | Pre-production end-to-end validation |
| Production | https://api.m2p.com | Live transactions |
Sandbox and UAT environments use simulated bank responses. No real money is moved and no real cards are issued.
Test Cards
Use these test card numbers in the Sandbox environment:
| Card Number | Type | Network | Behavior |
|---|---|---|---|
4567000000001234 | Virtual | Visa | Approve all transactions |
4567000000005678 | Virtual | Visa | Decline — insufficient funds |
5200000000001111 | Physical | Mastercard | Approve all transactions |
6521000000009999 | Virtual | RuPay | Approve all transactions |
Test Mobile Numbers
| Mobile Number | Behavior |
|---|---|
9876543210 | Standard registration — all flows work normally |
9876543211 | OTP always returns 123456 for testing OTP flows |
9876543299 | Triggers duplicate detection (dedup) for testing error handling |
Testing Checklist
Use this checklist to validate your integration before requesting UAT access:
| Category | Test Case | Expected Result |
|---|---|---|
| Auth | Login with valid credentials | JWT token returned |
| Auth | Login with invalid credentials | 401 error with AUTH_001 |
| Auth | API call with expired token | 401 error with AUTH_002 |
| Registration | Register new customer | Kit number + card details returned |
| Registration | Register duplicate customer | 409 error with REG_010 |
| Balance | Fetch balance for valid kit | Balance object returned |
| Credit | Load wallet with valid amount | Transaction ID + updated balance |
| Credit | Load wallet exceeding daily limit | 400 error with TXN_004 |
| Debit | Debit with insufficient balance | 400 error with TXN_003 |
| Card | Lock card | Card status changes to LOCKED |
| Card | Unlock card | Card status changes to ALLOCATED |
| Card | Block card | Card status changes to BLOCKED |
| Idempotency | Duplicate externalTransactionId | Original response returned (no duplicate transaction) |
| Webhook | Trigger transaction | Webhook received at your endpoint |
Idempotency & Rate Limits
Prevent duplicate transactions with idempotency keys and handle rate limiting gracefully.
Authenticate and obtain JWT token POST
Obtain a JWT access token for API access. This is the entry point for all API interactions. The token must be included in the Authorization header of all subsequent API calls as a Bearer token. Rate limited to 10 requests per minute per IP address. This endpoint does not require prior authentication.