> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fortepayments.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Testing
> Test cards, sandbox OTP codes, and environment details for Forte Payments.
Use the sandbox environment to test your integration without processing real payments.
## Sandbox Environment
| Resource | Value |
| ------------ | -------------------------------------------------------------- |
| Widget CDN | `https://payments.sandbox.lemmax.com/forte-payments-widget.js` |
| API Base URL | Provided by your Forte account manager |
***
## Test Credit Cards
Do not use these test cards in the production environment.
| Card Number | Network | 3DS | Result |
| ------------------ | ---------- | ------- | -------- |
| `5204247750001471` | Mastercard | Non-3DS | Approved |
| `5200000000001104` | Mastercard | 3DS-1 | Approved |
| `4111111111111111` | Visa | Non-3DS | Approved |
| `4005562231212123` | Visa | 3DS-1 | Declined |
| `4000020000000000` | Visa | 3DS-1 | Approved |
| `5424180000000171` | Mastercard | Non-3DS | Declined |
### Additional Card Fields
| Field | Value |
| -------------------------- | ---------------------------------------------- |
| Name | Any name |
| CVV | Any 3 digits (e.g. `100`) |
| Expiry | Any future date in MM/YY format (e.g. `01/99`) |
| 3DS password (3DS-1 cards) | `1234` |
### About 3D Secure
3D Secure (3DS) is an additional authentication layer for online card payments. It is activated for transactions from most countries outside the United States and Canada, and is mandatory within the EU under Strong Customer Authentication (SCA) regulations.
Forte supports:
* **Visa Secure** (3DS v1 and v2)
* **Mastercard Identity Check** (3DS v1 and v2)
For 3DS-1, users are redirected to a separate browser window to complete a one-time passcode challenge. For 3DS-2, authentication happens silently in the background when supported by the issuing bank.
***
## Email Verification OTP
In sandbox mode, emails are not sent. Use the following code to bypass email verification prompts in the widget:
**OTP code: `947293`**
***
## Payment Status Reference
The `POST /payments/v1/payments/statuses` endpoint returns the following statuses:
| Status | Meaning |
| ---------- | ------------------------------------ |
| `Created` | Payment session initiated |
| `Approved` | Payment completed — deliver the item |
| `Declined` | Payment failed — do not deliver |
| `Expired` | Session timed out — do not deliver |
***
## Common Issues
Verify that the user has completed the 3DS challenge. For 3DS-1 cards, the challenge appears in a browser pop-up. If the user's browser blocks pop-ups, they will not see the prompt and the payment will be declined.
To allow pop-ups:
* **Widget mode** — allow pop-ups for your hosting domain
* **Redirect mode** — allow pop-ups for `payments.forte.io`
Common causes:
* **Insufficient gas** — Users who manually override gas parameters may see delayed or failed transactions. Advise users not to modify wallet-suggested gas values.
* **User exited before approving** — After clicking "Pay", the user has **10 minutes** to approve the transfer in their wallet. Exiting or refreshing the page before approval will fail the transaction.
* **Payment window expired** — The 10-minute window has passed. The user must restart the payment flow.
If your site enforces a Content Security Policy, allowlist the following:
| URL | CSP Directive |
| --------------------- | ---------------------------------------- |
| `*.lemmax.com` | `script-src`, `image-src` |
| `*.forte.io` | `script-src`, `connect-src`, `frame-src` |
| `*.instana.io` | `connect-src` |
| `*.ipify.org` | `connect-src` |
| `*.walletconnect.org` | `connect-src`, `frame-src` |
| `*.web3modal.com` | `connect-src`, `image-src` |
Also allowlist any wallet extension sources (e.g. MetaMask, Coinbase Wallet) for crypto payment flows.