You can also test non-card payments in a sandbox. Non-card payments are payment methods that aren’t credit or debit cards. Stripe supports various non-card payment options, such as digital wallets and bank transfers. Each payment method has its own special values.
Don’t use testing environments to load test your integration because you might hit rate limits. To load test your integration, see load testing.
How to use test cards
When you work with a test card, use test API keys in all API calls. This is true whether you’re serving a payment form to test interactively or writing test code.
Don't use real card details
Don’t use real card details. The Stripe Services Agreement prohibits testing in live mode using real payment method details. Use your test API keys and the card numbers below.
Testing interactively
When testing interactively, use a card number, such as 4242 4242 4242 4242. Enter the card number in the Dashboard or in any payment form.
Use a valid future date, such as 12/34.
Use any three-digit CVC (four digits for American Express cards).
Use any value you like for other form fields.
Test code
When writing test code, use a PaymentMethod such as pm_card_visa instead of a card number. We don’t recommend using card numbers directly in API calls or server-side code, even in testing environments. If you do use them, your code might not be PCI-compliant when you go live. By default, a PaymentMethod isn’t attached to a Customer.
When you’re ready to take your integration live, replace your test publishable and secret API keys with live ones. You can’t process live payments if your integration is still using your test API keys.
Simulate a payment by card brand
To simulate a successful payment for a specific card brand, use test cards from the following list.
Cross-border fees are assessed based on the country of the card issuer. Cards where the issuer country isn’t the US (such as JCB and UnionPay) might be subject to a cross-border fee, even in testing environments.
Most integrations don’t use tokens anymore, but we make test tokens such as tok_visa available if you need them.
Brand
Token
Visa
tok_visa
Visa (debit)
tok_visa_debit
Mastercard
tok_mastercard
Mastercard (debit)
tok_mastercard_debit
Mastercard (prepaid)
tok_mastercard_prepaid
American Express
tok_amex
Discover
tok_discover
Diners Club
tok_diners
JCB
tok_jcb
UnionPay
tok_unionpay
Most Cartes Bancaires and eftpos cards are co-branded with either Visa or Mastercard. The test cards in the following table simulate successful payments with co-branded cards.
Most integrations don’t use tokens anymore, but we make test tokens such as tok_visa available if you need them.
Brand
Token
Cartes Bancaires/Visa
tok_visa_cartesBancaires
Cartes Bancaires/Mastercard
tok_mastercard_cartesBancaires
eftpos Australia/Visa
tok_visa_debit_eftposAuCoBranded
eftpos Australia/Mastercard
tok_mastercard_debit_eftposAuCoBranded
Simulate a payment by country
To simulate successful payments from specific countries, use test cards from the following sections.
Most integrations don’t use tokens anymore, but we make test tokens such as tok_visa available if you need them.
Country
Token
Brand
AMERICAS
United States (US)
tok_us
Visa
Argentina (AR)
tok_ar
Visa
Brazil (BR)
tok_br
Visa
Canada (CA)
tok_ca
Visa
Chile (CL)
tok_cl
Visa
Colombia (CO)
tok_co
Visa
Costa Rica (CR)
tok_cr
Visa
Ecuador (EC)
tok_ec
Visa
Mexico (MX)
tok_mx
Visa
Panama (PA)
tok_pa
Visa
Paraguay (PY)
tok_py
Visa
Peru (PE)
tok_pe
Visa
Uruguay (UY)
tok_uy
Visa
EUROPE and MIDDLE EAST
United Arab Emirates (AE)
tok_ae
Visa
United Arab Emirates (AE)
tok_ae_mastercard
Mastercard
Austria (AT)
tok_at
Visa
Belgium (BE)
tok_be
Visa
Bulgaria (BG)
tok_bg
Visa
Belarus (BY)
tok_by
Visa
Croatia (HR)
tok_hr
Visa
Cyprus (CY)
tok_cy
Visa
Czech Republic (CZ)
tok_cz
Visa
Denmark (DK)
tok_dk
Visa
Estonia (EE)
tok_ee
Visa
Finland (FI)
tok_fi
Visa
France (FR)
tok_fr
Visa
Germany (DE)
tok_de
Visa
Gibraltar (GI)
tok_gi
Visa
Greece (GR)
tok_gr
Visa
Hungary (HU)
tok_hu
Visa
Ireland (IE)
tok_ie
Visa
Italy (IT)
tok_it
Visa
Latvia (LV)
tok_lv
Visa
Liechtenstein (LI)
tok_li
Visa
Lithuania (LT)
tok_lt
Visa
Luxembourg (LU)
tok_lu
Visa
Malta (MT)
tok_mt
Visa
Netherlands (NL)
tok_nl
Visa
Norway (NO)
tok_no
Visa
Poland (PL)
tok_pl
Visa
Portugal (PT)
tok_pt
Visa
Romania (RO)
tok_ro
Visa
Slovenia (SI)
tok_si
Visa
Slovakia (SK)
tok_sk
Visa
Spain (ES)
tok_es
Visa
Sweden (SE)
tok_se
Visa
Switzerland (CH)
tok_ch
Visa
United Kingdom (GB)
tok_gb
Visa
United Kingdom (GB)
tok_gb_debit
Visa (debit)
United Kingdom (GB)
tok_gb_mastercard
Mastercard
ASIA PACIFIC
Regional considerations
India
To test subscriptions that require mandates and pre-debit notifications, see India recurring payments.
Australia (AU)
tok_au
Visa
China (CN)
tok_cn
Visa
Hong Kong (HK)
tok_hk
Visa
India (IN)
tok_in
Visa
Japan (JP)
tok_jp
Visa
Japan (JP)
tok_jcb
JCB
Malaysia (my)
tok_my
Visa
New Zealand (NZ)
tok_nz
Visa
Singapore (SG)
tok_sg
Visa
Taiwan (TW)
tok_tw
Visa
Thailand (TH)
tok_th_credit
Visa (credit)
Thailand (TH)
tok_th_debit
Visa (debit)
Simulate an HSA or FSA card payment
Below are test card numbers for simulating transactions using a health savings account (HSA) and a flexible spending account (FSA). These accounts are commonly used for medical expenses, and testing with them ensures proper handling of healthcare-related transactions within your application.
Brand/Type
Number
CVC
Date
Visa FSA
Any 3 digits
Any future date
Visa HSA
Any 3 digits
Any future date
Mastercard FSA
Any 3 digits
Any future date
Simulate a declined payment
To test your integration’s error-handling logic by simulating payments that the issuer declines for various reasons, use test cards from this section. These cards return a card error with the listed error code and decline code.
Provide a CVC when you test CVC behavior. Stripe skips the CVC check if you omit it, so the check can’t fail. To simulate an incorrect CVC, use the “Incorrect CVC decline” test card listed in the following table and provide any three-digit CVC.
Most integrations don’t use tokens anymore, but we make test tokens such as tok_visa available if you need them.
Description
Number
Error code
Decline code
Generic decline
tok_visa_chargeDeclined
card_declined
generic_decline
Insufficient funds decline
tok_visa_chargeDeclinedInsufficientFunds
card_declined
insufficient_funds
Insufficient debit funds decline
tok_visa_debit_chargeDeclinedInsufficientFunds
card_declined
insufficient_funds
Lost card decline
tok_visa_chargeDeclinedLostCard
card_declined
lost_card
Stolen card decline
tok_visa_chargeDeclinedStolenCard
card_declined
stolen_card
Expired card decline
tok_chargeDeclinedExpiredCard
expired_card
n/a
Expired card decline
tok_visa_chargeDeclinedExpiredCard
expired_card
n/a
Fraudulent card decline
tok_visa_chargeDeclinedFraudulent
expired_card
n/a
Incorrect CVC decline
tok_chargeDeclinedIncorrectCvc
incorrect_cvc
n/a
Incorrect CVC decline
tok_visa_chargeDeclinedIncorrectCvc
incorrect_cvc
n/a
Processing error decline
tok_chargeDeclinedProcessingError
processing_error
n/a
Processing error decline
tok_visa_chargeDeclinedProcessingError
processing_error
n/a
Exceeding velocity limit decline
tok_visa_chargeDeclinedVelocityLimitExceeded
card_declined
card_velocity_exceeded
You can’t attach cards that simulate issuer declines to a Customer object. To simulate a declined payment with an attached card, use the “Decline after attaching” test card listed in the following table.
Description
Token
Details
Decline after attaching
tok_chargeCustomerFail
Attaching this card to a Customer object succeeds, but attempts to charge the customer fail.
Decline after attaching
tok_visa_chargeCustomerFail
Attaching this card to a Customer object succeeds, but attempts to charge the customer fail.
Decline after attaching due to lost card
tok_visa_chargeCustomerFailLostCard
Attaching this card to a Customer object succeeds, but attempts to charge the customer fail due to a lost card.
Decline after attaching due to stolen card
tok_visa_chargeCustomerFailStolenCard
Attaching this card to a Customer object succeeds, but attempts to charge the customer fail due to a stolen card.
Fraud prevention
Stripe’s fraud prevention system, Radar, can block payments when they have a high risk level or fail verification checks. You can use the cards in this section to test your Radar settings. You can also use them to test how your integration responds to blocked payments.
Each card simulates specific risk factors. Your Radar settings determine which risk factors cause it to block a payment. Blocked payments result in card errors with an error code of fraud.
To trigger a failed CVC check, include a CVC (any three-digit number). To trigger a failed postal code check, include any valid postal code. If you omit these fields, Radar skips those checks, so they can’t fail.
Most integrations don’t use tokens anymore, but we make test tokens such as tok_visa available if you need them.
To test errors resulting from invalid data, provide invalid details. You don’t need a special test card for this. Any invalid value works. For instance:
Most integrations don’t use tokens anymore, but we make test tokens such as tok_visa available if you need them.
Description
Token
Details
Fraudulent
tok_createDispute
With default account settings, charge succeeds, only to be disputed as fraudulent. This type of dispute is protected after 3D Secure authentication.
Not received
tok_createDisputeProductNotReceived
With default account settings, charge succeeds, only to be disputed as product not received. This type of dispute isn’t protected after 3D Secure authentication.
Inquiry
tok_createDisputeInquiry
With default account settings, charge succeeds, only to be disputed as an inquiry.
Closes the dispute as won and credits your account for the amount of the charge and related fees.
losing_evidence
Closes the dispute as lost without crediting your account. For inquiries, this closes the inquiry without escalation.
escalate_inquiry_evidence
Escalates the inquiry to a chargeback. This transitions the inquiry to a full dispute and debits your account for the amount of the dispute and related fees.
Simulate an asynchronous refund
In live mode, refunds are asynchronous: a refund can appear to succeed and later fail, or can appear as pending at first and later succeed. To simulate refunds with those behaviors, use the test cards in this section. With all other test cards, refunds succeed immediately and don’t change status after that.
Most integrations don’t use tokens anymore, but we make test tokens such as tok_visa available if you need them.
Description
Token
Details
Asynchronous success
tok_pendingRefund
The charge succeeds. If you initiate a refund, its status begins as pending. Some time later, its status transitions to succeeded and sends a refund.updatedevent.
Asynchronous failure
tok_refundFail
The charge succeeds. If you initiate a refund, its status begins as succeeded. Some time later, its status transitions to failed and sends a refund.failedevent.
You can cancel a card refund only by using the Dashboard. In live mode, you can cancel a card refund within a short but nonspecific period of time. Testing environments simulate that period by allowing you to cancel a card refund within 30 minutes.
Send funds to your available balance
To send the funds from a test transaction directly to your available balance, use the test cards in this section. Other test cards send funds from a successful payment to your pending balance.
Most integrations don’t use tokens anymore, but we make test tokens such as tok_visa available if you need them.
Description
Token
Details
Bypass pending balance
tok_bypassPending
The US charge succeeds. Funds are added directly to your available balance, bypassing your pending balance.
Bypass pending balance
tok_bypassPendingInternational
The international charge succeeds. Funds are added directly to your available balance, bypassing your pending balance.
Test 3D Secure authentication
3D Secure requires an additional layer of authentication for credit card transactions. The test cards in this section allow you to simulate triggering authentication in different payment flows.
Only cards in this section effectively test your 3D Secure integration by simulating defined 3DS behavior, such as a challenge flow or an unsupported card. Other Stripe testing cards might still trigger 3DS, but we return attempt_acknowledged to bypass the additional steps since 3DS testing isn’t the objective for those cards.
Dashboard not supported
3D Secure redirects won’t occur for payments created directly in the Stripe Dashboard. Instead, use your integration’s own frontend or an API call.
Authentication and setup
To simulate payment flows that include authentication, use the test cards in this section. Some of these cards can also be set up for future payments, or have already been.
Description
Number
Details
Authenticate unless set up
This card requires authentication for off-session payments unless you set it up for future payments. After you set it up, off-session payments no longer require authentication. However, on-session payments with this card always require authentication.
Always authenticate
This card requires authentication on all transactions, regardless of how the card is set up.
Already set up
This card is already set up for off-session use. It requires authentication for one-time and other on-session payments. However, all off-session payments succeed as if the card has been previously set up.
Insufficient funds
This card requires authentication for one-time payments. All payments are declined with an insufficient_funds failure code even after being successfully authenticated or previously set up.
Support and availability
Stripe requests authentication when required by regulation or when triggered by your Radar rules or custom code. Even if authentication is requested, it can’t always be performed—for instance, the customer’s card might not be enrolled, or an error might occur. Use the test cards in this section to simulate various combinations of these factors.
Most integrations don’t use tokens anymore, but we make test tokens such as tok_visa available if you need them.
3D Secure usage
Outcome
Token
Details
Required
OK
tok_threeDSecure2Required
3D Secure authentication must be completed for the payment to be successful. By default, your Radar rules request 3D Secure authentication for this card.
Required
Declined
tok_threeDSecureRequiredChargeDeclined
3D Secure authentication is required, but payments are declined with a card_declined failure code after authentication. By default, your Radar rules request 3D Secure authentication for this card.
Required
Error
tok_threeDSecureRequiredProcessingError
3D Secure authentication is required, but the 3D Secure lookup request fails with a processing error. Payments are declined with a card_declined failure code. By default, your Radar rules request 3D Secure authentication for this card.
Supported
OK
tok_threeDSecureOptional
3D Secure authentication might still be performed, but isn’t required. By default, your Radar rules don’t request 3D Secure authentication for this card.
Supported
Error
tok_threeDSecureOptionalProcessingError
3D Secure authentication might still be performed, but isn’t required. However, attempts to perform 3D Secure result in a processing error. By default, your Radar rules don’t request 3D Secure authentication for this card.
Supported
Unenrolled
tok_visa
3D Secure is supported for this card, but this card isn’t enrolled in 3D Secure. Even if your Radar rules request 3D Secure, the customer won’t be prompted to authenticate. By default, your Radar rules don’t request 3D Secure authentication for this card.
Not supported
tok_amex_threeDSecureNotSupported
3D Secure isn’t supported on this card and can’t be invoked. The PaymentIntent proceeds without performing authentication.
3D Secure mobile challenge flows
In a mobile payment, several challenge flows for authentication—where the customer has to interact with prompts in the UI—are available. Use the test cards in this section to trigger a specific challenge flow for test purposes. These cards aren’t useful in browser-based payment forms or in API calls. In those environments, they work but don’t trigger any special behavior. Because they’re not useful in API calls, we don’t provide any PaymentMethod or Token values to test with.
Challenge flow
Number
Details
Out of band
3D Secure 2 authentication must be completed on all transactions. Triggers the challenge flow with Out of Band UI.
One time passcode
3D Secure 2 authentication must be completed on all transactions. Triggers the challenge flow with One Time Passcode UI.
Single select
3D Secure 2 authentication must be completed on all transactions. Triggers the challenge flow with single-select UI.
Multi select
3D Secure 2 authentication must be completed on all transactions. Triggers the challenge flow with multi-select UI.
Simulate a captcha challenge
To prevent fraud, Stripe might display a captcha challenge to the user on the payment page. Use the test cards below to simulate this flow.
Description
Number
Details
Captcha challenge
The charge succeeds if the user correctly answers the captcha challenge.
Captcha challenge
The charge succeeds if the user correctly answers the captcha challenge.
Simulate an in-person payment with a PIN
Use the test cards in this section to simulate successful in-person payments where a PIN is involved. There are many other options for testing in-person payments, including a simulated reader and physical test cards. See Test Stripe Terminal for more information.
Description
Number
Details
Offline PIN
This card simulates a payment where the cardholder is prompted for and enters an offline PIN. The resulting charge has cardholder_verification_method set to offline_pin.
Offline PIN retry
Simulates an SCA-triggered retry flow where a cardholder’s initial contactless charge fails and the reader then prompts the user to insert their card and enter their offline PIN. The resulting charge has cardholder_verification_method set to offline_pin.
Online PIN
This card simulates a payment where the cardholder is prompted for and enters an online PIN. The resulting charge has cardholder_verification_method set to online_pin.
Online PIN retry
Simulates an SCA-triggered retry flow where a cardholder’s initial contactless charge fails and the reader then prompts the user to insert their card and enter their online PIN. The resulting charge has cardholder_verification_method set to online_pin.
Test a webhook or event destination
To test your webhook endpoint or event destination, choose one of these two options:
If your requests in your testing environments begin to receive 429 HTTP errors, make them less frequently. These errors come from our rate limiter, which is more strict in testing environments than in live mode.
We don’t recommend load testing your integration using the Stripe API in testing environments. Because the load limiter is stricter in testing environments, you might see errors that you wouldn’t see in production. See load testing for an alternative approach.
Test a non-card payment method
When you use a test non-card payment method, use test API keys in all API calls. This is true whether you’re serving a payment form you can test interactively or writing test code.
Different payment methods have different test procedures:
After you collect the bank account details and accept a mandate, send the mandate confirmation and microdeposit verification emails in a sandbox.
If your domain is {domain} and your username is {username}, use the following email format to send test transaction emails: {username}+test_email@{domain}.
For example, if your domain is example.com and your username is info, use the format info+test_email@example.com for testing ACH Direct Debit payments. This format ensures that emails route correctly. If you don’t include the +test_email suffix, we won’t send the email.
Stripe provides several test account numbers and corresponding tokens you can use to make sure your integration for manually-entered bank accounts is ready for production.
Before test transactions can complete, you need to verify all test accounts that automatically succeed or fail the payment. To do so, use the test microdeposit amounts or descriptor codes below.
Test microdeposit amounts and descriptor codes
To mimic different scenarios, use these microdeposit amounts or 0.01 descriptor code values.
Microdeposit values
0.01 descriptor code values
Scenario
32 and 45
SM11AA
Simulates verifying the account.
10 and 11
SM33CC
Simulates exceeding the number of allowed verification attempts.
40 and 41
SM44DD
Simulates a microdeposit timeout.
Test settlement behavior
Test transactions settle instantly and are added to your available test balance. This behavior differs from livemode, where transactions can take multiple days to settle in your available balance.
Test Link
Caution
Don’t store real user data in sandbox Link accounts. Treat them as if they’re publicly available, because these test accounts are associated with your publishable key.
Currently, Link only works with credit cards, debit cards, and qualified US bank account purchases. Link requires domain registration.
You can create sandbox accounts for Link using any valid email address. The following table shows the fixed one-time passcode values that Stripe accepts for authenticating sandbox accounts:
Value
Outcome
Any other 6 digits not listed below
Success
000001
Error, code invalid
000002
Error, code expired
000003
Error, max attempts exceeded
Multiple funding sources
As Stripe adds additional funding source support, you don’t need to update your integration. Stripe automatically supports them with the same transaction settlement time and guarantees as card and bank account payments.
Test a redirect-based flow
To test your integration’s redirect-handling logic by simulating a payment that uses a redirect flow (for example, iDEAL), use a supported payment method that requires redirects.
To create a test PaymentIntent that either succeeds or fails: