Judopay Documentation

Testing and Go-Live

All examples within the Judopay documentation use the sandbox environment, so you can process test transactions while developing your app.

For more details on the sandbox, see Sandbox Testing.

Caution

Only sandbox API tokens and test cards will work in the sandbox. Using the wrong tokens and secrets will result in an authorisation failure.

When you are ready to go live:

  • Delete -sandbox from the URL

  • Use your live token and secret

Token and Secret Pair

A token and secret pair is a method to authenticate and enable access to secure data.

Token:

The token is used in conjunction with the secret to authenticate the request.

Secret:

The secret is the ‘password’ that is used to authenticate against the token. It is known as a token and secret pair because a token is associated with its secret (the pair). Together they work to confirm the identity and authentication of a payment.

Each app has a Token and Secret Pair for Sandbox and Live. 

Caution

Only sandbox API tokens and test cards will work in the sandbox.

Using the wrong tokens and secrets will result in an authorisation failure.

You can create more than one set of tokens for a single app, depending on your requirements and app usage. Each token and secret pair will have specific permissions, they are not shared between all your apps. You will have to configure each app separately.

You can set the following permissions:

  • JudoPayTransactionsGet - Retrieve Transactions

  • JudoPayApiTransactionsPaymentPost - Send Payments

  • JudoPayApiTransactionsRefundsPost - Send Refunds

  • JudoPayWebPaymentsGet - Obtain Web Payment Token

  • JudoPayWebPaymentsPost - Send Web Payment

  • JudoPayApiTransactionsPreAuthsPost - Send PreAuth

  • JudoPayApiTransactionsRegisterCardPost - Register Cards  

Note

It is not recommended to have all permissions on the same APIToken/APISecret. For example, refund should be a special token for back office use only.

You can also create additional settings at the APIToken/APISecret level, for example:

  • Enabling Webhooks

  • Enabling WebPayments

  • Enforcing AVS (Address Verification)

  • Enforcing 3DS

  • CV2 (Optional)