Skip to content
Create account
 or
Sign in
The Stripe Docs logo
/
Create account
Sign in

Testing

Simulate payments to test your integration.

Copy page

To confirm that your integration works correctly, simulate transactions without moving any money using special values while in test mode or Sandboxes.

Test cards function as fake credit cards and let you simulate several scenarios:

Testing non-card payments works similarly. Each payment method has its own special values. Because of rate limits, we don’t recommend that you use testing environments to load-test your integration. Instead, see load testing.

How to use test cards

Any time you work with a test card, use test API keys in all API calls. This is true whether you’re serving a payment form to test interactively or writing test code.

Common mistake

Don’t use real card details. The Stripe Services Agreement prohibits testing in live mode using real payment method details. Use your test API keys and the card numbers below.

Testing interactively

When testing interactively, use a card number, such as 4242 4242 4242 4242. Enter the card number in the Dashboard or in any payment form.

  • Use a valid future date, such as 12/34.
  • Use any three-digit CVC (four digits for American Express cards).
  • Use any value you like for other form fields.
An example payment form showing how to enter a test card number. The card number is "4242 4242 4242 4242", the expiration date is "12/34", and the CVC is "567". Other fields have arbitrary values. For instance, the email address is "test@example.com"

Testing a form interactively with the test card number 4242 4242 4242 4242

Test code

When writing test code, use a PaymentMethod such as pm_card_visa instead of a card number. We don’t recommend using card numbers directly in API calls or server-side code, even in testing environments. If you do use them, your code might not be PCI-compliant when you go live. By default, a PaymentMethod isn’t attached to a Customer.

Command Line
curl https://api.stripe.com/v1/payment_intents \
  -u "
sk_test_BQokikJOvBiI2HlWgH4olfQ2
:" \
  -d amount=500 \
  -d currency=gbp \
  -d payment_method=pm_card_visa \
  -d "payment_method_types[]"=card

Most integrations don’t use Tokens anymore, but we make test Tokens such as tok_visa available if you need them.

When you’re ready to take your integration live, replace your test publishable and secret API keys with live ones. You can’t process live payments if your integration is still using your test API keys.

Cards by brand

To simulate a successful payment for a specific card brand, use test cards from the following list.

Caution

Cross-border fees are assessed based on the country of the card issuer. Cards where the issuer country isn’t the US (such as JCB and UnionPay) might be subject to a cross-border fee, even in testing environments.

BrandNumberCVCDate
Visa Any 3 digitsAny future date
Visa (debit)Any 3 digitsAny future date
MastercardAny 3 digitsAny future date
Mastercard (2-series)Any 3 digitsAny future date
Mastercard (debit)Any 3 digitsAny future date
Mastercard (prepaid)Any 3 digitsAny future date
American ExpressAny 4 digitsAny future date
American ExpressAny 4 digitsAny future date
DiscoverAny 3 digitsAny future date
DiscoverAny 3 digitsAny future date
Discover (debit)Any 3 digitsAny future date
Diners ClubAny 3 digitsAny future date
Diners Club (14-digit card)Any 3 digitsAny future date
BCcard and DinaCardAny 3 digitsAny future date
JCBAny 3 digitsAny future date
UnionPayAny 3 digitsAny future date
UnionPay (debit)Any 3 digitsAny future date
UnionPay (19-digit card)Any 3 digitsAny future date

Most Cartes Bancaires and eftpos cards are co-branded with either Visa or Mastercard. The test cards in the following table simulate successful payments with co-branded cards.

Brand/Co-brandNumberCVCDate
Cartes Bancaires/VisaAny 3 digitsAny future date
Cartes Bancaires/MastercardAny 3 digitsAny future date
eftpos Australia/VisaAny 3 digitsAny future date
eftpos Australia/MastercardAny 3 digitsAny future date

Cards by country

To simulate successful payments from specific countries, use test cards from the following sections.

CountryNumberBrand
AMERICAS
United States (US)Visa
Argentina (AR)Visa
Brazil (BR)Visa
Canada (CA)Visa
Chile (CL)Visa
Colombia (CO)Visa
Costa Rica (CR)Visa
Ecuador (EC)Visa
Mexico (MX)Visa
Mexico (MX)Carnet
Panama (PA)Visa
Paraguay (PY)Visa
Peru (PE)Visa
Uruguay (UY)Visa
EUROPE and MIDDLE EAST

Security tip

Strong Customer Authentication regulations require 3D Secure authentication for online payments within the European Economic Area. The test cards in this section simulate a payment that succeeds without authentication. We recommend also testing scenarios that involve authentication, using 3D Secure test cards.

United Arab Emirates (AE)Visa
United Arab Emirates (AE)Mastercard
Austria (AT)Visa
Belgium (BE)Visa
Bulgaria (BG)Visa
Belarus (BY)Visa
Croatia (HR)Visa
Cyprus (CY)Visa
Czech Republic (CZ)Visa
Denmark (DK)Visa
Estonia (EE)Visa
Finland (FI)Visa
France (FR)Visa
Germany (DE)Visa
Gibraltar (GI)Visa
Greece (GR)Visa
Hungary (HU)Visa
Ireland (IE)Visa
Italy (IT)Visa
Latvia (LV)Visa
Liechtenstein (LI)Visa
Lithuania (LT)Visa
Luxembourg (LU)Visa
Malta (MT)Visa
Netherlands (NL)Visa
Norway (NO)Visa
Poland (PL)Visa
Portugal (PT)Visa
Romania (RO)Visa
Saudi Arabia (SA)Visa
Slovenia (SI)Visa
Slovakia (SK)Visa
Spain (ES)Visa
Sweden (SE)Visa
Switzerland (CH)Visa
United Kingdom (GB)Visa
United Kingdom (GB)Visa (debit)
United Kingdom (GB)Mastercard
ASIA PACIFIC

Regional considerations
India

To test subscriptions that require mandates and pre-debit notifications, see India recurring payments.

Australia (AU)Visa
China (CN)Visa
Hong Kong (HK)Visa
India (IN)Visa
Japan (JP)Visa
Japan (JP)JCB
Malaysia (MY)Visa
New Zealand (NZ)Visa
Singapore (SG)Visa
Taiwan (TW)Visa
Thailand (TH)Visa (credit)
Thailand (TH)Visa (debit)

Declined payments

To test your integration’s error-handling logic by simulating payments that the issuer declines for various reasons, use test cards from this section. Using one of these cards results in a card error with the given error code and decline code.

Common mistake

To simulate an incorrect CVC, you must provide one using any three-digit number. If you don’t provide a CVC, Stripe doesn’t perform the CVC check, so the check can’t fail.

DescriptionNumberError codeDecline code
Generic declinecard_declinedgeneric_decline
Insufficient funds declinecard_declinedinsufficient_funds
Lost card declinecard_declinedlost_card
Stolen card declinecard_declinedstolen_card
Expired card declineexpired_cardn/a
Incorrect CVC declineincorrect_cvcn/a
Processing error declineprocessing_errorn/a
Incorrect number declineincorrect_numbern/a
Exceeding velocity limit declinecard_declinedcard_velocity_exceeded

The cards in the previous table can’t be attached to a Customer object. To simulate a declined payment with a successfully attached card, use the next one.

DescriptionNumberDetails
Decline after attachingAttaching this card to a Customer object succeeds, but attempts to charge the customer fail.

Fraud prevention

Stripe’s fraud prevention system, Radar, can block payments when they have a high risk level or fail verification checks. You can use the cards in this section to test your Radar settings. You can also use them to test how your integration responds to blocked payments.

Each card simulates specific risk factors. Your Radar settings determine which risk factors cause it to block a payment. Blocked payments result in card errors with an error code of fraud.

Common mistake

To simulate a failed CVC check, you must provide a CVC using any three-digit number. To simulate a failed postal code check, you must provide any valid postal code. If you don’t provide those values, Radar doesn’t perform the corresponding checks, so the checks can’t fail.

DescriptionNumberDetails

Always blocked

The charge has a risk level of “highest”

Radar always blocks it.

Highest risk

The charge has a risk level of “highest”

Radar might block it depending on your settings.

Elevated risk

The charge has a risk level of “elevated”

If you use Radar for Fraud Teams, Radar might queue it for review.

CVC check fails

If you provide a CVC number, the CVC check fails.

Radar might block it depending on your settings.

Postal code check fails

If you provide a postal code, the postal code check fails.

Radar might block it depending on your settings.

CVC check fails with elevated risk

If you provide a CVC number, the CVC check fails with a risk level of “elevated”

Radar might block it depending on your settings.

Postal code check fails with elevated risk

If you provide a postal code, the postal code check fails with a risk level of “elevated”

Radar might block it depending on your settings.

Line1 check fails

The address line 1 check fails.

The payment succeeds unless you block it with a custom Radar rule.

Address checks fail

The address postal code check and address line 1 check both fail.

Radar might block it depending on your settings.

Address unavailable

The address postal code check and address line 1 check are both unavailable.

The payment succeeds unless you block it with a custom Radar rule.

Invalid data

To test errors resulting from invalid data, provide invalid details. You don’t need a special test card for this. Any invalid value works. For instance:

Disputes

To simulate a disputed transaction, use the test cards in this section. Then, to simulate winning or losing the dispute, provide winning or losing evidence.

DescriptionNumberDetails
FraudulentWith default account settings, charge succeeds, only to be disputed as fraudulent. This type of dispute is protected after 3D Secure authentication.
Not receivedWith default account settings, charge succeeds, only to be disputed as product not received. This type of dispute isn’t protected after 3D Secure authentication.
InquiryWith default account settings, charge succeeds, only to be disputed as an inquiry.
WarningWith default account settings, charge succeeds, only to receive an early fraud warning.
Multiple disputesWith default account settings, charge succeeds, only to be disputed multiple times.
Visa Compelling Evidence 3.0With default account settings, charge succeeds, only to be disputed as a Visa Compelling Evidence 3.0 eligible dispute.
Visa complianceWith default account settings, charge succeeds, only to be disputed as a Visa compliance dispute.

Evidence

To simulate winning or losing the dispute, respond with one of the evidence values from the table below.

EvidenceDescription
winning_evidenceThe dispute is closed and marked as won. Your account is credited the amount of the charge and related fees.
losing_evidenceThe dispute is closed and marked as lost. Your account isn’t credited.

Refunds

In live mode, refunds are asynchronous: a refund can appear to succeed and later fail, or can appear as pending at first and later succeed. To simulate refunds with those behaviors, use the test cards in this section. (With all other test cards, refunds succeed immediately and don’t change status after that.)

DescriptionNumberDetails
Asynchronous successThe charge succeeds. If you initiate a refund, its status begins as pending. Some time later, its status transitions to succeeded and sends a refund.updated event.
Asynchronous failureThe charge succeeds. If you initiate a refund, its status begins as succeeded. Some time later, its status transitions to failed and sends a refund.failed event.

You can cancel a card refund only by using the Dashboard. In live mode, you can cancel a card refund within a short but nonspecific period of time. Testing environments simulate that period by allowing you to cancel a card refund within 30 minutes.

Available balance

To send the funds from a test transaction directly to your available balance, use the test cards in this section. Other test cards send funds from a successful payment to your pending balance.

DescriptionNumberDetails
Bypass pending balanceThe US charge succeeds. Funds are added directly to your available balance, bypassing your pending balance.
Bypass pending balanceThe international charge succeeds. Funds are added directly to your available balance, bypassing your pending balance.

3D Secure authentication

3D Secure requires an additional layer of authentication for credit card transactions. The test cards in this section allow you to simulate triggering authentication in different payment flows.

Only cards in this section effectively test your 3D Secure integration by simulating defined 3DS behavior, such as a challenge flow or an unsupported card. Other Stripe testing cards might still trigger 3DS, but we return attempt_acknowledged to bypass the additional steps since 3DS testing isn’t the objective for those cards.

Dashboard not supported

3D Secure redirects won’t occur for payments created directly in the Stripe Dashboard. Instead, use your integration’s own frontend or an API call.

Authentication and setup

To simulate payment flows that include authentication, use the test cards in this section. Some of these cards can also be set up for future payments, or have already been.

Description NumberDetails
Authenticate unless set upThis card requires authentication for off-session payments unless you set it up for future payments. After you set it up, off-session payments no longer require authentication. However, on-session payments with this card always require authentication.
Always authenticateThis card requires authentication on all transactions, regardless of how the card is set up.
Already set upThis card is already set up for off-session use. It requires authentication for one-time and other on-session payments. However, all off-session payments succeed as if the card has been previously set up.
Insufficient fundsThis card requires authentication for one-time payments. All payments are declined with an insufficient_funds failure code even after being successfully authenticated or previously set up.

Support and availability

Stripe requests authentication when required by regulation or when triggered by your Radar rules or custom code. Even if authentication is requested, it can’t always be performed—for instance, the customer’s card might not be enrolled, or an error might occur. Use the test cards in this section to simulate various combinations of these factors.

Note

All 3DS references indicate 3D Secure 2.

3D Secure usageOutcomeNumberDetails
3DS RequiredOK3D Secure authentication must be completed for the payment to be successful. By default, your Radar rules request 3D Secure authentication for this card.
3DS RequiredDeclined3D Secure authentication is required, but payments are declined with a card_declined failure code after authentication. By default, your Radar rules request 3D Secure authentication for this card.
3DS RequiredError3D Secure authentication is required, but the 3D Secure lookup request fails with a processing error. Payments are declined with a card_declined failure code. By default, your Radar rules request 3D Secure authentication for this card.
3DS SupportedOK3D Secure authentication might still be performed, but isn’t required. By default, your Radar rules don’t request 3D Secure authentication for this card.
3DS SupportedError3D Secure authentication might still be performed, but isn’t required. However, attempts to perform 3D Secure result in a processing error. By default, your Radar rules don’t request 3D Secure authentication for this card.
3DS SupportedUnenrolled3D Secure is supported for this card, but this card isn’t enrolled in 3D Secure. Even if your Radar rules request 3D Secure, the customer won’t be prompted to authenticate. By default, your Radar rules don’t request 3D Secure authentication for this card.
3DS Not supported 3D Secure isn’t supported on this card and can’t be invoked. The PaymentIntent or SetupIntent proceeds without performing authentication.

3D Secure mobile challenge flows

In a mobile payment, several challenge flows for authentication—where the customer has to interact with prompts in the UI—are available. Use the test cards in this section to trigger a specific challenge flow for test purposes. These cards aren’t useful in browser-based payment forms or in API calls. In those environments, they work but don’t trigger any special behavior. Because they’re not useful in API calls, we don’t provide any PaymentMethod or Token values to test with.

Challenge flowNumberDetails
Out of band3D Secure 2 authentication must be completed on all transactions. Triggers the challenge flow with Out of Band UI.
One time passcode3D Secure 2 authentication must be completed on all transactions. Triggers the challenge flow with One Time Passcode UI.
Single select3D Secure 2 authentication must be completed on all transactions. Triggers the challenge flow with single-select UI.
Multi select3D Secure 2 authentication must be completed on all transactions. Triggers the challenge flow with multi-select UI.

Captcha challenge

To prevent fraud, Stripe might display a captcha challenge to the user on the payment page. Use the test cards below to simulate this flow.

DescriptionNumberDetails
Captcha challengeThe charge succeeds if the user correctly answers the captcha challenge.
Captcha challengeThe charge succeeds if the user correctly answers the captcha challenge.

Payments with PINs

Use the test cards in this section to simulate successful in-person payments where a PIN is involved. There are many other options for testing in-person payments, including a simulated reader and physical test cards. See Test Stripe Terminal for more information.

DescriptionNumberDetails
Offline PINThis card simulates a payment where the cardholder is prompted for and enters an offline PIN. The resulting charge has cardholder_verification_method set to offline_pin.
Offline PIN retrySimulates an SCA-triggered retry flow where a cardholder’s initial contactless charge fails and the reader then prompts the user to insert their card and enter their offline PIN. The resulting charge has cardholder_verification_method set to offline_pin.
Online PINThis card simulates a payment where the cardholder is prompted for and enters an online PIN. The resulting charge has cardholder_verification_method set to online_pin.
Online PIN retrySimulates an SCA-triggered retry flow where a cardholder’s initial contactless charge fails and the reader then prompts the user to insert their card and enter their online PIN. The resulting charge has cardholder_verification_method set to online_pin.

Event destinations

To test your webhook endpoint or event destination, choose one of these two options:

  1. Perform actions in a sandbox that send legitimate events to your event destination. For example, to trigger the charge.succeeded event, you can use a test card that produces a successful charge.
  2. Trigger events using the Stripe CLI or using Stripe for Visual Studio Code.

Rate limits

If your requests in your testing environments begin to receive 429 HTTP errors, make them less frequently. These errors come from our rate limiter, which is stricter in test mode than in live mode.

We don’t recommend load testing your integration using the Stripe API in testing environments. Because the load limiter is stricter in testing environments, you might see errors that you wouldn’t see in production. See load testing for an alternative approach.

Non-card payments

Any time you use a test non-card payment method, use test API keys in all API calls. This is true whether you’re serving a payment form you can test interactively or writing test code.

Different payment methods have different test procedures:

Learn how to test scenarios with instant verifications using Financial Connections.

Send transaction emails in a sandbox

After you collect the bank account details and accept a mandate, send the mandate confirmation and microdeposit verification emails in a sandbox. To do this, provide an email in the payment_method_data.billing_details[email] field in the form of {any-prefix}+test_email@{any_domain} when you collect the payment method details.

Common mistake

You need to activate your Stripe account before you can trigger these emails while testing.

Test account numbers

Stripe provides several test account numbers and corresponding tokens you can use to make sure your integration for manually-entered bank accounts is ready for production.

Account numberTokenRouting numberBehavior
000123456789pm_usBankAccount_success110000000The payment succeeds.
000111111113pm_usBankAccount_accountClosed110000000The payment fails because the account is closed.
000111111116pm_usBankAccount_noAccount110000000The payment fails because no account is found.
000222222227pm_usBankAccount_insufficientFunds110000000The payment fails due to insufficient funds.
000333333335pm_usBankAccount_debitNotAuthorized110000000The payment fails because debits aren’t authorized.
000444444440pm_usBankAccount_invalidCurrency110000000The payment fails due to invalid currency.
000666666661pm_usBankAccount_failMicrodeposits110000000The payment fails to send microdeposits.
000555555559pm_usBankAccount_dispute110000000The payment triggers a dispute.
000000000009pm_usBankAccount_processing110000000The payment stays in processing indefinitely. Useful for testing PaymentIntent cancellation.
000777777771pm_usBankAccount_weeklyLimitExceeded110000000The payment fails due to payment amount causing the account to exceed its weekly payment volume limit.

Before test transactions can complete, you need to verify all test accounts that automatically succeed or fail the payment. To do so, use the test microdeposit amounts or descriptor codes below.

Test microdeposit amounts and descriptor codes

To mimic different scenarios, use these microdeposit amounts or 0.01 descriptor code values.

Microdeposit values0.01 descriptor code valuesScenario
32 and 45SM11AASimulates verifying the account.
10 and 11SM33CCSimulates exceeding the number of allowed verification attempts.
40 and 41SM44DDSimulates a microdeposit timeout.

Test settlement behavior

Test transactions settle instantly and are added to your available test balance. This behavior differs from livemode, where transactions can take multiple days to settle in your available balance.

Link

Caution

Don’t store real user data in sandbox Link accounts. Treat them as if they’re publicly available, because these test accounts are associated with your publishable key.

Currently, Link only works with credit cards, debit cards, and qualified US bank account purchases. Link requires domain registration.

You can create sandbox accounts for Link using any valid email address. The following table shows the fixed one-time passcode values that Stripe accepts for authenticating sandbox accounts:

ValueOutcome
Any other 6 digits not listed belowSuccess
000001Error, code invalid
000002Error, code expired
000003Error, max attempts exceeded

Multiple funding sources

As Stripe adds additional funding source support, you don’t need to update your integration. Stripe automatically supports them with the same transaction settlement time and guarantees as card and bank account payments.

Redirects

To test your integration’s redirect-handling logic by simulating a payment that uses a redirect flow (for example, iDEAL), use a supported payment method that requires redirects.

To create a test PaymentIntent that either succeeds or fails:

  1. Navigate to the payment methods settings in the Dashboard and enable a supported payment method by clicking Turn on in your testing environment.
  2. Collect payment details.
  3. Submit the payment to Stripe.
  4. Authorize or fail the test payment.

Make sure that the page (corresponding to return_url) on your website provides the status of the payment.

See also

Was this page helpful?
YesNo
Need help? Contact Support.
Join our early access program.
Check out our changelog.
Questions? Contact Sales.
LLM? Read llms.txt.
Powered by Markdoc
Related Guides
Testing use cases
API keys