Testing your Spreedly Sandbox SCA Provider

The Spreedly sandbox SCA provider used for testing will be deprecated after December 31st, 2021. All new integrations should use the data listed in this guide for testing.

Sandbox Test Scenarios

Credit Cards

Card Number CVV Expiration Type
5555555555554444 123 10/2029 3D Secure Enrolled Card

Note: Flow scenarios are available for any test MasterCard starting with 555555, but using the same card over and over will automatically switch your request to the challenge flow. To mitigate this, you can change the card number by changing the last two numbers and verifying it with a Luhn calculator.

Test Scenarios

Setting the amount of the transaction to a certain value will simulate certain authentication results.

For these test amounts, currency_code should be set to EUR.

Note: Currently in beta, not all potential flows can be tested. We are working to support testing of a broader variety of situations.

Amount in cents Response Status Flow Description
4 Y Frictionless Authentication/account verified
9996 A Frictionless ACS could not be reached, but Authentication/account verification performed by issuing bank
9997 U Denied Authentication/account verification could not be performed, transaction fails
9998 N Denied Not authenticated/account not verified, transaction fails
9999 R Denied Authentication/account verification rejected, transaction fails
100000 C Challenge Authentication requires Challenge by issuing bank, handled by Lifecycle

Challenge Values

When presented with a challenge, entering the code 123456 will result in a successful authentication.

Note: Our 3DS2 solution partners are based in Spain, so the example ACS challenge page may be in Spanish. This will only occur in the sandbox; for real 3DS2 authentications, the acquiring bank’s page will be displayed instead.

Using the Merchant Management Endpoint

All fields shown below are required to create a Spreedly SCA Provider, with the exception of each card brand’s merchant_password field.

The values given for a sandbox Spreedly API provider must have the correct formatting (i.e., a valid country code and merchant category code) but are not used in the authentication, so fake values are acceptable. Please see the values given in our Integration Guide to use as examples of working values.

curl https://core.spreedly.com/v1/sca/providers.json \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/json' \
  -d '{
        "sca_provider": {
          "merchant_profile_key": "4pJUW6X81w6OtOLi0dI3W6DD9sY",
          "type": "test",
          "sandbox": true,
          "mastercard": {
              "acquirer_bin": "4444444444",
              "merchant_url": "https://spreedly.com",
              "merchant_password": "optional"
          },
          "visa": {
              "acquirer_bin": "4444444444",
              "merchant_url": "https://spreedly.com",
              "merchant_password": "optional",
              "merchant_brand_id": "optional"
          },
          "amex": {
              "acquirer_bin": "4444444444",
              "merchant_url": "https://spreedly.com",
              "merchant_password": "optional"
          },
          "discover": {
              "acquirer_bin": "4444444444",
              "merchant_url": "https://spreedly.com",
              "merchant_password": "optional"
          }
        }
      }'
curl https://core.spreedly.com/v1/sca/providers.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<sca_provider>
        <merchant_profile_key>4pJUW6X81w6OtOLi0dI3W6DD9sY</merchant_profile_key>
        <type>spreedly</type>
        <sandbox>true</sandbox>
        <mastercard>
            <acquirer_bin>4444444444</acquirer_bin>
            <merchant_url>https://spreedly.com</merchant_url>
            <merchant_password>optional</merchant_password>
        </mastercard>
        <visa>
            <acquirer_bin>4444444444</acquirer_bin>
            <merchant_url>https://spreedly.com</merchant_url>
            <merchant_password>optional</merchant_password>
            <merchant_brand_id>optional</merchant_brand_id>
        </visa>
        <amex>
            <acquirer_bin>4444444444</acquirer_bin>
            <merchant_url>https://spreedly.com</merchant_url>
            <merchant_password>optional</merchant_password>
        </amex>
        <discover>
            <acquirer_bin>4444444444</acquirer_bin>
            <merchant_url>https://spreedly.com</merchant_url>
            <merchant_password>optional</merchant_password>
        </discover>
    </sca_provider>'

Note: this creates a sandbox (i.e., test-only) SCA provider, which is useful for integration tests. For Production, create a new SCA Provider without using this flag.

When creating a production Spreedly SCA Provider, there may be up to a one hour delay for the 3DS server to register merchant credentials with all of the card brands. While the SCA Provider key returned here will work immediately in our API, it may result in failures with our 3DS Server. Spreedly advises merchants to wait an hour after creating a production Spreedly SCA Provider before using it on gateway transactions.

FAQs

See a list of all 3DS frequently asked questions in the Help Center.