Test environment
dpay.pl provides a test mode that lets you test your integration without charging real accounts. Test transactions are visible in the administration dashboard but do not generate real money flows.
Enabling test mode
- Sign in to panel.dpay.pl.
- Go to Payment Points > Services.
- Select the service you want to test.
- Enable the Test mode switch.
Test mode is available immediately after you create a service. You do not need to wait for account verification before starting the integration.
What happens in test mode
- No real charges - no money is collected from customer accounts
- Transactions visible in the dashboard - all test transactions appear in transaction history and are marked as test transactions
- IPN works normally - IPN notifications are sent to your endpoint in the same way as in production
- Full API - all endpoints work in the same way as in production
Testing IPN locally
During development, your server usually runs on localhost, which is not accessible from the internet. Use a tunnelling tool so that dpay.pl can send IPN notifications to your local server.
ngrok
ngrok creates an HTTPS tunnel to your local server:
# Start a tunnel (assuming your server runs on port 3000)
ngrok http 3000
ngrok generates a public address, such as https://abc123.ngrok-free.app. Use it as url_ipn:
{
"url_ipn": "https://abc123.ngrok-free.app/api/ipn"
}
Alternatives
- Cloudflare Tunnel - a free tunnel from Cloudflare
- localtunnel - a simple open-source tool (
npx localtunnel --port 3000)
Remember that the tunnel URL changes after every restart in the free ngrok plan. Update url_ipn in your test requests.
Test values for simulating payments
In test mode, you can use special test values to simulate different payment scenarios without contacting external providers. The system recognises these values automatically and returns the corresponding responses.
Payment cards
For a white-label integration (S2S cards), the test scenario is selected by the card number (PAN) included in the encrypted card data (encryptedCardData) when making the payment call. The service only needs to have test mode enabled:
| Card number | Scenario | Description |
|---|---|---|
4111111111111111 | Success | Visa - payment completed successfully |
5555555555554444 | Success | Mastercard - payment completed successfully |
4012888888881881 | Success with 3DS | Visa - FORM (3DS challenge) → SUCCESS cascade |
4000000000000002 | Decline | Visa - transaction declined by the issuer |
4000000000000069 | Expired card | Visa - card expired |
4000000000000127 | Insufficient funds | Visa - insufficient funds |
4000000000000085 | Timeout | Visa - processing timeout |
5105105105105100 | Decline | Mastercard - transaction declined |
5346930000008110 | DCC offer | Foreign Mastercard - currency conversion offer (EUR→PLN, exchange rate 4.507968, 6% markup, EEA card, valid for 30 minutes). After the decision → SUCCESS |
5346930000008128 | DCC unavailable | Mastercard - card not eligible for DCC. Immediate transparent SUCCESS (the frontend does not see an offer) |
5346930000008136 | Short-lived DCC | Foreign Mastercard - GBP DCC offer (exchange rate 0.85123, 5.5% markup, non-EEA card) with validUntil = +60 seconds. Use it to test DCC_OFFER_EXPIRED |
5346930000008144 | DCC + 3DS after decision | Foreign Mastercard - USD DCC offer (exchange rate 1.05432, 5% markup, non-EEA card), with the DCC_OFFER → FORM (3DS) → SUCCESS cascade |
In production, the 3D Secure form opens the bank's page (the card issuer's ACS). In test mode, dpay provides its own test ACS page with three buttons: Approve, Decline, and Timeout. It is functionally identical to production. You do not need to change anything in your integration; the gateway returns the standard redirectType: "FORM" with auto-submit HTML.
For a complete description of the Dynamic Currency Conversion flow, including the API contract, required UI elements, and business errors, see Dynamic Currency Conversion (DCC).
BLIK
Use the following special six-digit BLIK codes in the blik_code field:
| BLIK code | Scenario | Description |
|---|---|---|
777200 | Success | Payment completed successfully |
777201 | Success (delayed) | Success after a longer wait for confirmation |
777400 | Declined | The user declined the transaction in the application |
777401 | Timeout | The user did not confirm within the required time |
777402 | Insufficient funds | Insufficient funds in the account |
777500 | System error | Simulated system-side error |
MB WAY
Use the following special Portuguese numbers in the phone_number field:
| Phone number | Scenario | Description |
|---|---|---|
+351900000001 | Success | Payment completed successfully |
+351900000002 | Success (delayed) | Success after a longer wait |
+351900000400 | Declined | The user declined the payment in the MB WAY application |
+351900000401 | Timeout | No confirmation within the required time |
+351900000402 | Number not registered | The phone number is not linked to MB WAY |
+351900000500 | System error | Simulated system error |
Apple Pay and Google Pay
Apple Pay and Google Pay use wallet tokens instead of card numbers. In test mode, submit a special test value in the xPayToken field instead of a real token:
| Token | Scenario | Description |
|---|---|---|
TEST_SUCCESS | Success | Payment completed successfully |
TEST_SUCCESS_DELAYED | Success (delayed) | Success after a longer wait |
TEST_DECLINE | Decline | Transaction declined |
TEST_INSUFFICIENT | Insufficient funds | Insufficient funds |
TEST_TIMEOUT | Timeout | Confirmation timed out |
TEST_ERROR | System error | Simulated system error |
In test mode, you do not need to open a real Apple Pay or Google Pay sheet. Send a request with a test token directly to the /pay/apple-pay or /pay/google-pay endpoint.
- For success scenarios, the transaction immediately receives the
processingstatus and automatically changes topaidafter a few seconds. An IPN is sent to your endpoint. - For error scenarios, the API returns an error response and the transaction is cancelled.
- If you use a value that is not in the test list, the system simulates a successful payment by default.
Test values work only when the service has Test mode enabled. In production, they are treated as ordinary payment data.
Testing scenarios
Successful payment
- Register a transaction through the API with valid data, or use a test value for the success scenario.
- The customer is redirected to the payment gateway, or for a white-label integration the API response confirms registration.
- After payment approval, an IPN reaches your endpoint with the
paidstatus. - The customer is redirected to
url_success.
Cancelled payment
- Register a transaction through the API, or use a test value for a decline or timeout.
- The customer selects the cancellation option in the gateway.
- The customer is redirected to
url_fail.
IPN unavailable (retry)
- Temporarily disable your IPN endpoint, for example by stopping the server.
- Register and pay a test transaction.
- dpay.pl retries IPN delivery, up to 10 attempts with exponential backoff.
- Start the server again. The IPN is delivered during the next attempt.
- Check the IPN delivery history for the transaction in the dashboard.
Testing refunds
- Complete a successful test transaction, for example BLIK with code
777200. - Call the refund endpoint with the paid transaction's
transaction_id. - Check the API response and the transaction status in the dashboard.
Verifying API responses
In test mode, API responses have the same format as in production. Make sure your application handles the following correctly:
| Scenario | What to check |
|---|---|
| Successful registration | error: false, a transactionId, and a URL in msg |
| Checksum error | For registration, a 400 response with Invalid checksum |
| IPN | signature verification, idempotency, and a 200 OK response |
| Refund | success status in the response and an updated refunded_amount |
When the refund checksum is invalid, the refund endpoint returns 401 with the Unauthorized request message, not 400. Account for this in your error handling.
Checklist before going live
Before disabling test mode, make sure that:
- Checksum - generated correctly for every request type (registration and refund)
- IPN - the endpoint works, verifies the
signature, and responds with200 OK - Idempotency - each transaction's IPN is processed only once
- Amount verification - the IPN amount is compared with the order amount in your database
- Error handling - the application handles API errors correctly (400, 401, 500)
- HTTPS - every URL (
url_success,url_fail, andurl_ipn) uses HTTPS - Secret Hash - stored securely in environment variables, not in source code
- Refunds - if you use refunds, both full and partial refunds have been tested
- Logging - incoming IPN notifications and API responses are logged for diagnostics
After completing the checklist, disable test mode in the dashboard. Your service is ready for production.