Skip to main content
Use the sandbox environment to test your integration without processing real payments.

​
Sandbox Environment

ResourceValue
Widget CDNhttps://payments.sandbox.lemmax.com/forte-payments-widget.js
API Base URLProvided by your Forte account manager

​
Test Credit Cards

Do not use these test cards in the production environment.
Card NumberNetwork3DSResult
5204247750001471MastercardNon-3DSApproved
5200000000001104Mastercard3DS-1Approved
4111111111111111VisaNon-3DSApproved
4005562231212123Visa3DS-1Declined
4000020000000000Visa3DS-1Approved
5424180000000171MastercardNon-3DSDeclined

​
Additional Card Fields

FieldValue
NameAny name
CVVAny 3 digits (e.g. 100)
ExpiryAny future date in MM/YY format (e.g. 01/99)
3DS password (3DS-1 cards)1234

​
About 3D Secure

3D Secure (3DS) is an additional authentication layer for online card payments. It is activated for transactions from most countries outside the United States and Canada, and is mandatory within the EU under Strong Customer Authentication (SCA) regulations. Forte supports:
  • Visa Secure (3DS v1 and v2)
  • Mastercard Identity Check (3DS v1 and v2)
For 3DS-1, users are redirected to a separate browser window to complete a one-time passcode challenge. For 3DS-2, authentication happens silently in the background when supported by the issuing bank.

​
Email Verification OTP

In sandbox mode, emails are not sent. Use the following code to bypass email verification prompts in the widget: OTP code: 947293

​
Payment Status Reference

The POST /payments/v1/payments/statuses endpoint returns the following statuses:
StatusMeaning
CreatedPayment session initiated
ApprovedPayment completed β€” deliver the item
DeclinedPayment failed β€” do not deliver
ExpiredSession timed out β€” do not deliver

​
Common Issues

Verify that the user has completed the 3DS challenge. For 3DS-1 cards, the challenge appears in a browser pop-up. If the user’s browser blocks pop-ups, they will not see the prompt and the payment will be declined.To allow pop-ups:
  • Widget mode β€” allow pop-ups for your hosting domain
  • Redirect mode β€” allow pop-ups for payments.forte.io
Common causes:
  • Insufficient gas β€” Users who manually override gas parameters may see delayed or failed transactions. Advise users not to modify wallet-suggested gas values.
  • User exited before approving β€” After clicking β€œPay”, the user has 10 minutes to approve the transfer in their wallet. Exiting or refreshing the page before approval will fail the transaction.
  • Payment window expired β€” The 10-minute window has passed. The user must restart the payment flow.
If your site enforces a Content Security Policy, allowlist the following:
URLCSP Directive
*.lemmax.comscript-src, image-src
*.forte.ioscript-src, connect-src, frame-src
*.instana.ioconnect-src
*.ipify.orgconnect-src
*.walletconnect.orgconnect-src, frame-src
*.web3modal.comconnect-src, image-src
Also allowlist any wallet extension sources (e.g. MetaMask, Coinbase Wallet) for crypto payment flows.