Building a reliable payment integration requires thorough testing, and that means working in a safe environment where mistakes have zero financial consequences. The HitPay sandbox gives developers exactly that: a fully functional replica of the live payment environment where you can validate every edge case, error state, and transaction flow before your first real customer pays a single cent.

This guide walks you through everything you need to know about the HitPay sandbox, from initial setup to advanced testing scenarios.

What Is the HitPay Sandbox?

The HitPay sandbox is an isolated test environment that replicates the behaviour of the live HitPay payment gateway. It uses test API credentials and dummy payment data so developers can trigger real API calls, inspect responses, and simulate both successful and failed transactions, all without touching actual funds.

For businesses operating in Singapore, Malaysia, and the Philippines, where payment flows can vary by method (PayNow, GrabPay, FPX, GCash, and more), the sandbox is particularly valuable. It lets your engineering team validate localised payment scenarios specific to your market before deployment.

Why Testing in the HitPay Sandbox Matters

Skipping sandbox testing is one of the most common and costly mistakes development teams make. Here is why using the HitPay test environment should be a non-negotiable step in your integration process:

• Zero financial risk: Test transactions generate no real charges, refunds, or settlements.

• Reproduce failure scenarios: Simulate declined cards, insufficient funds, network timeouts, and webhook failures without needing a real failing payment.

• Validate webhook behaviour: Confirm that your server correctly handles HitPay's event notifications for payment completion, refunds, and disputes before going live.

• Accelerate QA cycles: Your QA team can run automated test suites against the sandbox repeatedly without any operational overhead.

• Catch integration bugs early: Discovering a mismatched API parameter or an unhandled error code in production is far more disruptive than catching it in testing.

How to Access the HitPay Sandbox Environment

The HitPay sandbox is a completely separate environment from your live account. Follow these steps to configure your test setup.

Step 1: Create a Sandbox Account

The sandbox has its own dedicated dashboard, separate from your live HitPay account. Register for a sandbox account at dashboard.sandbox.hit-pay.com. Do not use your live account credentials here — sandbox and production accounts are fully isolated.

Step 2: Generate Your Sandbox API Key

Once logged into your sandbox dashboard, navigate to Settings > Payment Gateway > API Keys to generate your test API key. This key is used in the X-BUSINESS-API-KEY request header for all sandbox API calls. Never use your live API key in a test or staging environment.

Step 3: Point Your Integration to the Sandbox Base URL

The sandbox and production environments use different API base URLs. Configure your application's environment variables to reference the correct endpoint:

• Sandbox: https://api.sandbox.hit-pay.com

• Production: https://api.hit-pay.com

Managing this via environment variables (for example, HITPAY_API_BASE_URL) keeps your codebase environment-agnostic and prevents accidental cross-environment calls.

Step 4: Use Test Payment Credentials

The HitPay developer documentation provides test card numbers, test PayNow references, and other dummy payment method credentials. Use only these test credentials when making calls to the sandbox API.

Step 5: Inspect API Responses and Webhook Payloads

With your sandbox configured, begin making test API calls. Use a tool like Postman or your application's own logging layer to inspect raw request and response payloads. Pay particular attention to the structure of webhook notifications, as these drive most post-payment logic such as order fulfilment, receipts, and inventory updates.

Key HitPay Sandbox Testing Scenarios

A robust testing checklist for the HitPay sandbox should cover the following scenarios:

HitPay Sandbox vs. Live Environment: Key Differences

Payment method availability in the sandbox may not reflect every method available on your live account. Always confirm live method coverage with HitPay support before launch.

Moving from HitPay Sandbox to Production

Once your integration has passed thorough sandbox testing, the go-live process involves three primary steps:

1. Swap API credentials: Replace your test API key with your live API key via environment variables. Do not hardcode credentials in your source code.

2. Update the base URL: Point your integration from https://api.sandbox.hit-pay.com to https://api.hit-pay.com.

3. Update webhook endpoints: Ensure your production server URL is registered in the HitPay live dashboard for webhook delivery.

Conduct a small number of real low-value transactions immediately after going live to confirm end-to-end behaviour in production mirrors what you validated in the HitPay sandbox.

Frequently Asked Questions

Q: What is the HitPay sandbox used for?

The HitPay sandbox is a test environment designed for developers to simulate payment transactions without processing real money. It allows you to validate your API integration, test webhook handling, and reproduce error scenarios safely before deploying to production.

Q: How do I get access to the HitPay sandbox?

Register for a separate sandbox account at dashboard.sandbox.hit-pay.com. This is distinct from your live HitPay account. Once registered, generate a test API key under Settings > Payment Gateway > API Keys. Full documentation is available at docs.hitpayapp.com.

Q: Are HitPay sandbox transactions visible in my live dashboard?

No. Sandbox transactions are completely isolated from your live account. They appear only in the sandbox dashboard and have no impact on your live transaction history, settlements, or reporting.

Q: Can I test all payment methods in the HitPay sandbox?

The sandbox supports a range of payment methods for testing purposes, though availability may be a subset of your live account configuration. Check the HitPay developer documentation for the current list of testable payment methods.

Q: What should I test in the HitPay sandbox before going live?

At a minimum, test successful payments, declined payments, full and partial refunds, webhook signature validation, and any payment methods you plan to offer. Also test your error handling logic for edge cases such as expired payment links and duplicate transaction attempts.

Q: Is the HitPay sandbox free to use?

Yes. The HitPay sandbox environment is available to all registered HitPay merchant partners at no additional cost.

Q: How closely does the HitPay sandbox replicate the live environment?

The HitPay sandbox is designed to closely mirror the live API in terms of request structure, response format, and webhook payloads. However, minor differences can exist, particularly around payment method availability and processing times. Always review the release notes in the developer documentation when HitPay updates its API.

Head to the HitPay API documentation and configure your sandbox environment today →