Skip to main content
Test the full verification path before using production data. Your test should cover API authentication, verification creation, webhook delivery, terminal status handling, and checks before payment.

Test in this order

1

Confirm the API key

Call Get the current organization with the key for the environment you are testing.
2

Create a verification

Create a verification with test bank details. Use the generated Create a verification reference for exact fields.
3

Receive webhook events

Point webhook subscriptions at a tunnel or shared staging endpoint. Verify signature checking, idempotency, and terminal status updates.
4

Run a check

Run a check against a successful verification so your payment-control path is tested before production.
5

Test the unhappy paths

Use test BSBs to simulate missing accounts, closed accounts, mismatches, close matches, confirmation errors, and exact matches.

Test BSBs

Use Test bank accounts for deterministic outcomes in sandbox.

Webhooks locally

Use a tunnel such as ngrok, Cloudflare Tunnel, or a staging endpoint that can receive HTTPS traffic. Your handler should:
  • verify the signature
  • store processed event IDs
  • return quickly
  • update local verification state from terminal events

Keep environments separate

Treat API keys, webhook subscriptions, and webhook secrets as environment-specific. Do not point production webhooks at local tooling, and do not use production keys in sandbox scripts.