Overview
Thorough testing prevents production issues by validating every payment path before going live. This guide covers test card numbers, payment method matrices, error simulation, and end-to-end checklists for Yuno sandbox integrations.
Test Card Numbers
Use these card numbers in the Yuno sandbox environment. All test cards use any future expiry date and any 3-digit CVV (or 4-digit for Amex).
Successful Payments
| Card Number | Brand | Result | Notes |
|---|
4111 1111 1111 1111 | Visa | Approved | Standard approval |
5500 0000 0000 0004 | Mastercard | Approved | Standard approval |
3400 0000 0000 009 | American Express | Approved | 4-digit CVV required |
6011 0000 0000 0004 | Discover | Approved | Standard approval |
3530 1113 3330 0000 | JCB | Approved | Standard approval |
Declined Payments
| Card Number | Brand | Decline Code | Scenario |
|---|
4000 0000 0000 0002 | Visa | INSUFFICIENT_FUNDS | Soft decline, retriable |
4000 0000 0000 0010 | Visa | DO_NOT_HONOR | Hard decline, do not retry |
4000 0000 0000 0028 | Visa | INVALID_CARD | Hard decline, card invalid |
4000 0000 0000 0036 | Visa | EXPIRED_CARD | Hard decline, card expired |
4000 0000 0000 0044 | Visa | STOLEN_CARD | Hard decline, card reported stolen |
5500 0000 0000 0012 | Mastercard | GENERIC_DECLINE | Soft decline |
Special Scenarios
| Card Number | Brand | Behavior |
|---|
4000 0000 0000 0051 | Visa | Processing timeout (simulates slow provider) |
4000 0000 0000 0069 | Visa | Gateway error (500 from provider) |
4000 0000 0000 0077 | Visa | Pending status (async resolution) |
Test card numbers only work in the sandbox environment. Using them in production will result in an error.
3DS Test Flows
3D Secure adds an authentication step to card payments. Yuno sandbox supports testing both frictionless and challenge flows.
Frictionless Flow (No Customer Interaction)
The issuer authenticates the cardholder silently based on risk signals. No redirect or challenge is presented.
| Card Number | 3DS Version | Result |
|---|
4000 0000 0000 0085 | 3DS2 | Frictionless success |
4000 0000 0000 0093 | 3DS2 | Frictionless failure (authentication denied) |
- Create payment with card token
- Response includes
status: SUCCEEDED directly (no redirect)
payment_method.three_d_secure.status = AUTHENTICATED
Challenge Flow (Customer Interaction Required)
The issuer requires the customer to complete a challenge (SMS code, biometric, etc.).
| Card Number | 3DS Version | Result |
|---|
4000 0000 0000 0101 | 3DS2 | Challenge presented, user completes successfully |
4000 0000 0000 0119 | 3DS2 | Challenge presented, user fails/abandons |
- Create payment with card token
- Response includes
status: PENDING and redirect_url
- Redirect the customer to the
redirect_url
- In sandbox, a simulated challenge page appears
- Customer completes (or fails) the challenge
- Customer is redirected back to your
callback_url
- Final payment status delivered via webhook
Testing 3DS in your integration
const response = await fetch('https://api-sandbox.y.uno/v1/payments', {
method: 'POST',
headers: {
'public-api-key': process.env.YUNO_PUBLIC_KEY,
'private-secret-key': process.env.YUNO_PRIVATE_KEY,
'Content-Type': 'application/json',
},
body: JSON.stringify({
checkout_session: 'session-id',
payment_method: { type: 'CARD', token: 'one-time-token' },
amount: { currency: 'USD', value: 50.00 },
country: 'CO',
customer: { email: 'customer@example.com' },
// 3DS is triggered automatically based on card and provider
}),
});
const payment = await response.json();
if (payment.status === 'PENDING' && payment.redirect_url) {
// Redirect customer to 3DS challenge
console.log('Redirect to:', payment.redirect_url);
} else if (payment.status === 'SUCCEEDED') {
// Frictionless flow, payment complete
console.log('Payment approved:', payment.id);
}
Payment Method Test Matrix by Country
Brazil (BR / BRL)
| Payment Method | Test Identifier | Expected Status | Notes |
|---|
| CARD (Visa) | 4111 1111 1111 1111 | SUCCEEDED | Standard card flow |
| PIX | CPF: 12345678901 | PENDING | Returns QR code; auto-completes in sandbox after 30s |
| Boleto | CPF: 12345678901 | PENDING | Returns boleto PDF URL; use Dashboard to simulate payment |
Mexico (MX / MXN)
| Payment Method | Test Identifier | Expected Status | Notes |
|---|
| CARD (Visa) | 4111 1111 1111 1111 | SUCCEEDED | Standard card flow |
| OXXO | Email required | PENDING | Returns voucher reference; simulate payment in Dashboard |
Colombia (CO / COP)
| Payment Method | Test Identifier | Expected Status | Notes |
|---|
| CARD (Visa) | 4111 1111 1111 1111 | SUCCEEDED | Standard card flow |
| BANK_TRANSFER | CC: 1234567890 | PENDING | Returns redirect URL to simulated bank |
| PSE | CC: 1234567890 | PENDING | Bank selection + redirect flow |
Chile (CL / CLP)
| Payment Method | Test Identifier | Expected Status | Notes |
|---|
| CARD (Visa) | 4111 1111 1111 1111 | SUCCEEDED | Standard card flow |
| BANK_TRANSFER | RUT: 111111111 | PENDING | Redirect to simulated bank |
Argentina (AR / ARS)
| Payment Method | Test Identifier | Expected Status | Notes |
|---|
| CARD (Visa) | 4111 1111 1111 1111 | SUCCEEDED | Standard card flow |
| BANK_TRANSFER | DNI: 12345678 | PENDING | Redirect flow |
Error Simulation
HTTP error codes
Simulate API-level errors by using specific values in your test requests:
| Scenario | How to Trigger | Expected Response |
|---|
| Missing required field | Omit customer.document for PIX | 400 VALIDATION_ERROR (Yuno level) or PROVIDER_MISSING_PARAMETERS (provider level) |
| Invalid currency | Use currency: "XXX" | 400 PROVIDER_CURRENCY_NOT_ALLOWED |
| Invalid country method combo | PIX with country: "MX" | 400 PROVIDER_UNAVAILABLE_PAYMENT_METHOD |
| Invalid auth | Use wrong private-secret-key | 401 UNAUTHORIZED |
| Method not enabled | Use a method not enabled in Dashboard | 403 FORBIDDEN |
| Rate limit (per IP at edge) | Sustained burst of requests | 429 TOO_MANY_REQUESTS |
Provider-level errors
Provider declines are simulated using specific test card numbers (see Test Card Numbers above). These simulate real-world decline scenarios:
- Soft declines (retriable): insufficient funds, issuer timeout, generic decline
- Hard declines (do not retry): invalid card, expired card, stolen card
- Gateway errors: provider unavailable, processing timeout
Timeout simulation
To test your timeout handling:
- Use card number
4000 0000 0000 0051 (processing timeout)
- Your request will hang for 30 seconds, then return a timeout error
- Verify your client handles the timeout gracefully
- Check that your webhook handler processes the async status update
Non-Card Payment Method Testing
PIX (Brazil)
- Create a payment with
payment_method.type: "PIX"
- Response returns
PENDING status with qr_code and qr_code_url
- In sandbox, PIX payments auto-complete after approximately 30 seconds
- Verify your webhook handler receives
payment.succeeded
- Check that your UI updates from the pending state
OXXO (Mexico)
- Create a payment with
payment_method.type: "OXXO"
- Response returns
PENDING status with voucher reference number
- In sandbox, simulate payment via Dashboard > Payments > [payment] > Simulate Payment
- Verify webhook delivery for
payment.succeeded
Bank Transfer / PSE
- Create a payment with
payment_method.type: "BANK_TRANSFER" or "PSE"
- Response returns
PENDING status with redirect_url
- Redirect to the URL to see the simulated bank page
- Complete the simulated flow
- Verify redirect back to your
callback_url and webhook delivery
End-to-End Test Checklist
Payment creation
3DS flows
Two-step flows
Refunds
Webhooks
Error handling
SDK integration (if applicable)
