Trustly provides a Sandbox environment for development and testing. The Sandbox environment supports all features and functionality of the production environment, but payment operations do not result in any funds activity.

The primary method for simulating scenarios is through Demo Banks accessible within the Trustly UI, using specific passwords to trigger desired outcomes.

Environment URLs

When deploying your application or libraries, ensure you use the correct base URL and authentication credentials for each environment.

Component	Production URL	Sandbox URL
API Base URL	`https://trustly.one/api/v1`	`https://sandbox.trustly.one/api/v1`
JavaScript Library	`https://trustly.one/start/scripts/trustly.js`	`https://sandbox.trustly.one/start/scripts/trustly.js`
Native SDKs	Set the `env` property to `production`	Set the `env` property to `sandbox` (for example, `establishData["env"] = "sandbox"`)
Deprecated Base URL	`https://paywithmybank.com`	`https://sandbox.paywithmybank.com`

Sandbox usage and best practices

To access a Demo Bank, integrate the Trustly UI (Lightbox or Widget) into your application and use the search bar to select the desired Demo Bank.

General guidelines

Default Behavior (Happy Path): By default, any unique string used as a username and three or more alphanumeric characters used as a password will simulate a successful transaction, allowing the selection of a standard checking or savings account.
Use Unique Usernames: Avoid using generic usernames (for example, test, demo). Use unique, descriptive names for each test scenario (for example, happy_path_test_01, ineligible_user) to ensure the fastest and most reliable sandbox response.
Simulating Delays: To simulate a delay, enter Sleep as the username and the number of seconds (for example, 30) as the password.

Extended Decline Code Testing

To simulate specific fraud or velocity check declines (which map to extended reason codes), use the special password pattern in the Demo Bank.

Create an authorization using a Demo Bank. Use the following credentials:

Username: <"anyusername">
Password: Use extendedreasoncode_ followed by the code you wish to trigger (for example, extendedreasoncode_10000).

Create a capture referring to the previously created authorization.

The transaction is expected to be denied by the Response Codes associated with the extended reason code provided in the password.

The decline or fail notification should present the following attributes, among others:

paymentProviderTransaction.status: SW054
paymentProviderTransaction.reasonCode: 1
paymentProviderTransaction.extendedReason.code: 10000

Simulation keyphrases

To manipulate the outcome of the bank authorization or the associated data, enter the corresponding keyword or phrase into the password field when logging into the Demo Bank.

User interaction and error scenarios

Password Keyphrase	Simulated Use Case
`NoEligibleAccounts`	No eligible accounts found for the user.
`LoginError`	Wrong username or password entered.
`Unavailable`	Bank site cannot be reached.
`AccountLocked`	User's bank account is locked.
`2FA`	Simulates a bank requesting a Multi-Factor Authentication (MFA) challenge (answer with 'error' to simulate a wrong credential).
`WrongCredentials`	Simulates a general login retry scenario.
`SessionTimeout`	Simulates the user taking too long to provide requested information, resulting in an expired bank session.
`NotSupported`	Simulates a user with no supported accounts (for example, Credit Cards only).

Conditional data and API responses

Password Keyphrase	Simulated Effect
`Balance{xxx}`	Configures the account to have a balance of `{xxx}` (for example, `Balance1000`).
`NotEnoughFunds`	Connector returns a single account with zero balance.
`TimeoutError`	Connector sleeps for at least one minute before responding, simulating a system timeout.
`ExpiredSplitToken`	Authorization succeeds, but subsequent Refresh API calls fail due to an expired split token.
`AccFromUsername`	Returns the account number from the pattern `{prefix}_{accountnumber}` found in the username.
`AccNumberNull`	Simulates the account number returning a null value.
`Virtual`	Returns a valid Virtual Account Number (VAN).

Manual entry and verification data

This data should be used when testing manual entry fields for micro-challenge deposits or manual account verification requests.

United States manual entry test data

The following are samples of Account Number and Routing Number pairs that simulate various risk scores (all routing numbers are 124003116):

Account Number	Routing Number	Score	Third-party Score	Verified	Error Code	HTTP Status Code	Score Type
`1000000000`	`124003116`	0		false		200	Non Telecheck
`1000000001`	`124003116`	1		false		200	Non Telecheck
`1000000002`	`124003116`	2		false		200	Non Telecheck
`1000000003`	`124003116`	3		false		200	Non Telecheck
`1000000004`	`124003116`	4		false		200	Non Telecheck
`1000000005`	`124003116`	5		false		200	Non Telecheck
`1000000006`	`124003116`	6		true		200	Non Telecheck
`1000000007`	`124003116`	7		true		200	Non Telecheck
`1000000008`	`124003116`	8		true		200	Non Telecheck
`1000000009`	`124003116`	9		true		200	Non Telecheck
`1000000010`	`124003116`	10		true		200	Non Telecheck
`1000001000`	`124003116`	0	0	false		200	FCRA
`1000001100`	`124003116`	1	100	false		200	FCRA
`1000001200`	`124003116`	2	200	false		200	FCRA
`1000001300`	`124003116`	3	300	false		200	FCRA
`1000001400`	`124003116`	4	400	false		200	FCRA
`1000001500`	`124003116`	5	500	false		200	FCRA
`1000001600`	`124003116`	6	600	true		200	FCRA
`1000001700`	`124003116`	7	700	true		200	FCRA
`1000001800`	`124003116`	8	800	true		200	FCRA
`1000001900`	`124003116`	9	900	true		200	FCRA
`1000001999`	`124003116`	10	999	true		200	FCRA
`1000001000`	`124003116`	0	0	false		200	Non-FCRA
`1000001015`	`124003116`	1	15	false		200	Non-FCRA
`1000001020`	`124003116`	5	20	false		200	Non-FCRA
`1000001025`	`124003116`	4	25	false		200	Non-FCRA
`1000001035`	`124003116`	7	35	true		200	Non-FCRA
`1000001045`	`124003116`	9	45	true		200	Non-FCRA
`1002000000`	`124003116`				200	400
`1003000000`	`124003116`				300	401
`1003250000`	`124003116`				325	401
`1003750000`	`124003116`				375	401
`1001000000`	`124003116`				100	500

International manual entry test data

Country	Example Input (Sort Code or Account No. / IBAN)
United Kingdom	`GB33BUKB20201555555555`
France	`FR7630006000011234567890189`
Germany	`DE75512108001245126199`
Netherlands	`NL02ABNA0123456789`

Mobile OAuth testing

To test deep linking and user experience for native mobile apps, use the specialized OAuth Demo Bank.

Access the OAuth Demo Bank via the Trustly UI search bar in your application.
Download the Companion App:
- iOS: Use the iOS TestFlight download.
- Android: Email amer.developer.experience@trustly.com with the subject "Android Demo Bank App" to request access for the email addresses that need to be invited.
Testing Flow: When selecting the OAuth Demo Bank, the system will trigger a redirect that opens the companion app on the device or simulator, allowing you to proceed with the authenticated login flow.