Testing and Go-Live
All examples within the Judopay documentation use the sandbox environment, so you can process test transactions while developing your app.
For more details on the sandbox, see Sandbox Testing.
Caution
Only sandbox API tokens and test cards will work in the sandbox. Using the wrong tokens and secrets will result in an authorisation failure.
For more details on accessing your tokens from the Judopay Portal, see Tokens and Secret Pair.
For more details on the test cards, see Test Cards.
For more details on testing your 3D Secure 2 integration, see Verify your 3D Secure 2 Integration.
When you are ready to go live:
Delete
-sandboxfrom the URLUse your live token and secret
Token and Secret Pair
A token and secret pair is a method to authenticate and enable access to secure data.
Token:
The token is used in conjunction with the secret to authenticate the request.
Secret:
The secret is the ‘password’ that is used to authenticate against the token. It is known as a token and secret pair because a token is associated with its secret (the pair). Together they work to confirm the identity and authentication of a payment.
Each app has a Token and Secret Pair for Sandbox and Live.
Caution
Only sandbox API tokens and test cards will work in the sandbox.
Using the wrong tokens and secrets will result in an authorisation failure.
You can create more than one set of tokens for a single app, depending on your requirements and app usage. Each token and secret pair will have specific permissions, they are not shared between all your apps. You will have to configure each app separately.
You can set the following permissions:
JudoPayTransactionsGet - Retrieve Transactions
JudoPayApiTransactionsPaymentPost - Send Payments
JudoPayApiTransactionsRefundsPost - Send Refunds
JudoPayWebPaymentsGet - Obtain Web Payment Token
JudoPayWebPaymentsPost - Send Web Payment
JudoPayApiTransactionsPreAuthsPost - Send PreAuth
JudoPayApiTransactionsRegisterCardPost - Register Cards
Note
It is not recommended to have all permissions on the same APIToken/APISecret. For example, refund should be a special token for back office use only.
You can also create additional settings at the APIToken/APISecret level, for example:
Enabling Webhooks
Enabling WebPayments
Enforcing AVS (Address Verification)
Enforcing 3DS
CV2 (Optional)