Testing Credentials

🧪 Sandbox Merchant Panel

Username	Password	Merchant Panel URL
test	Test@1234	https://merchant.hesbstaging.com/merchant

🧾 Sandbox Merchant Credentials

Parameter	Value
Merchant Code	842217
Access Code	c333729b-d060-4b74-a49d-7686a8353481
Secret Key	PkW64zMe5NVdrlPVNnjo2Jy9nOb7v1Xg
IV Key	5NVdrlPVNnjo2Jy9
Payment URL	https://sandbox.hesabe.com

💳 Test Card Details

KNET

Card Number	Expiry Date	CVV	Result Code
8888880000000001	09/25	1234	✅ Captured (Approved)
8888880000000001	Any Expiry	1234	❌ Not Captured (Decline)

Visa (MPGS)

Card Number	Expiry Date	CVV	Result Code
4012001037141112	12/25	207	✅ Captured (Approved)
4012001037141112	Any Expiry	207	❌ Not Captured (Decline)

MasterCard (MPGS)

Card Number	Expiry Date	CVV	Result Code
5453010000095539	12/25	300	✅ Captured (Approved)
5555 5555 5555 4444	09/25	123	✅ Captured (Approved)
5555 5555 5555 4444	Any Expiry	123	❌ Not Captured (Decline)

MPGS Expiry dates and responses

Expiry Dates	Response
05 / 39	✅ APPROVED
05 / 39	❌ DECLINED
04 / 27	❌ EXPIRED_CARD
08 / 28	❌ TIMED_OUT
01 / 37	❌ ACQUIRER_SYSTEM_ERROR
02 / 37	❌ UNSPECIFIED_FAILURE
05 / 37	❌ UNKNOWN CVV

info

For more details below check the below documentation

MPGS Test cards information

American Express (AMEX)

Card Number	Expiry Date	CVV	Result Code
345678901234564	09/25	1234	✅ Captured (Approved)
345678901234564	Any Expiry	1234	❌ Not Captured (Decline)

Visa (Cybersource)

Card Number	Expiry Date	CVV	Result Code
4000000000000002	09/25	1234	✅ Captured (Approved)
4000000000000002	Any Expiry	1234	❌ Not Captured (Decline)

AMEX (Cybersource)

Card Number	Expiry Date	CVV	Result Code
340000000002708	09/25	1234	✅ Captured (Approved)
340000000002708	Any Expiry	1234	❌ Not Captured (Decline)

Common REST API Status Codes

This table includes widely used HTTP status codes that are relevant to REST API operations. These codes represent standard responses from the server regarding the outcome of HTTP requests, such as authentication results, validation errors, or server issues.

Status Code	Description
200	OK – The request has succeeded. Used for successful GET or POST responses.
201	Created – The request has succeeded, and a new resource has been created. Common in POST requests that create data.
204	No Content – The server successfully processed the request, but there is no content to send in response.
400	Bad Request – The server could not understand the request due to an invalid syntax. Often used when required fields are missing.
401	Unauthorized – Authentication is required and has failed or has not yet been provided.
403	Forbidden – The server understands the request but refuses to authorize it.
404	Not Found – The requested resource could not be found on the server.
405	Method Not Allowed – The request method is known by the server but has been disabled for the requested resource.
408	Request Timeout – The server timed out waiting for the request.
409	Conflict – The request conflicts with the current state of the resource.
415	Unsupported Media Type – The media format of the requested data is not supported by the server.
429	Too Many Requests – The user has sent too many requests in a given amount of time (rate limiting).
500	Internal Server Error – A generic error message, given when an unexpected condition is encountered.
502	Bad Gateway – The server was acting as a gateway or proxy and received an invalid response from the upstream server.
503	Service Unavailable – The server is not ready to handle the request, often due to maintenance or overload.

Custom Application Error Codes

Description:

This table lists application-specific error codes used to identify and describe issues related to merchant transactions, authentication, authorization, and payment processing. Each code corresponds to a unique system error or validation failure, allowing clients and developers to handle errors in a structured way.

Error Code	Description
422	The input data provided is either invalid or incomplete.
501	The specified merchant is not recognized or registered.
503	The merchant does not have access to the requested service.
504	Incorrect login credentials provided by the merchant.
505	The payment token is invalid or has expired.
506	The request contains data that is not formatted or structured correctly.
507	A generic error occurred during the transaction process.
508	The transaction amount exceeds the allowed limit.
509	The number of transactions for the day exceeds the permitted limit.
510	The total transaction amount for the day has been exceeded.
511	The number of transactions for the month exceeds the permitted limit.
512	A threshold has been reached, but the transaction can still proceed.
513	The session has expired due to inactivity.
514	The amount captured is less than what was originally authorized.
515	The captured amount exceeds the authorized amount.
516	The captured amount is more than the available authorized balance.
517	The authorization has expired and is no longer valid.
518	Authorization must be enabled before proceeding with this transaction.
519	The currency used in the transaction is not supported or invalid.
520	The transaction was cancelled by the user or system.
521	This transaction has already been captured and cannot be captured again.
522	Terminal ID is missing from the request or is invalid.
523	The account details provided are incorrect or incomplete.
524	The KNET card used is not valid or unsupported.
525	The commission structure provided is invalid or does not match the expected format.

🧪 Sandbox Merchant Panel​

🧾 Sandbox Merchant Credentials​

💳 Test Card Details​

KNET​

Visa (MPGS)​

MasterCard (MPGS)​

MPGS Expiry dates and responses​

American Express (AMEX)​

Visa (Cybersource)​

AMEX (Cybersource)​

Common REST API Status Codes​

Custom Application Error Codes​