Test Cards & Phone Numbers
Card numbers and mobile-money phone numbers for testing approvals and declines in test mode.
Test Card Numbers (Relworx — Visa / Mastercard)
Use these with a test_ API key. No real card is charged. These are the
Relworx sandbox test cards.
| Brand | Number | Outcome |
|---|---|---|
| Visa | 4111 1111 1111 1111 | ✅ Approved |
| Visa | 4000 0000 0000 0002 | ❌ Declined |
| Mastercard | 5500 0000 0000 0004 | ✅ Approved |
| Mastercard | 5200 8282 8210 0001 | ❌ Declined |
For all test cards use:
- Expiry: any future date in
MM/YYformat (e.g.,10/26) - CVV: any 3 digits (e.g.,
123) - Name: any value
Test cards only work with test_ keys. Never use test card numbers with a live_ key.
Test Mobile Money Numbers (Iotec)
Use these with a test_ API key for mobile-money collections (mtn, airtel,
etc.). These are Iotec's sandbox numbers — the last digit selects the outcome.
You can send them either in Iotec's short form (0111...) or with the
256 country prefix (256111...); RohoPay accepts both in test mode.
| Phone (short form) | Phone (256 prefix) | Outcome |
|---|---|---|
011177777(0-9) | 25611177777(0-9) | ✅ Success |
011177799(0-9) | 25611177799(0-9) | ❌ Failed |
011177778(0-9) | 25611177778(0-9) | ⏳ Pending |
011177779(0-9) | 25611177779(0-9) | 🔄 SentToVendor |
Examples: 0111777771 (success) or 256111777771 (same number, success);
0111777995 (failed).
The public hosted checkout requires a 256/254/255/250 country prefix
even in test mode — send 256111777771, not 0111777771, there. Direct API
calls to /api/v1/collect accept the short form too.
Mobile-money test numbers only work with test_ keys. Never use sandbox phone
numbers with a live_ key.
Testing an Approval
curl -X POST https://api.rohopay.com/api/v1/checkout \
-H "Content-Type: application/json" \
-d '{
"api_key": "test_YOUR_KEY",
"amount": 10000,
"currency": "UGX",
"customer_name": "Test User",
"customer_email": "test@example.com",
"return_url": "https://your-site.com/checkout/return",
"card_number": "4111111111111111",
"card_expiry": "10/26",
"card_cvv": "123"
}'
You'll get a payment_url back. In test mode the 3DS step is simulated.
Testing a Decline
-d '{ ..., "card_number": "4000000000000002" }'
The payment_url redirect leads to a declined result, and the webhook fires with withdraw.failed.
Testing Expired Card Validation
RohoPay validates expiry server-side before hitting any provider. Submit a past date to test:
-d '{ ..., "card_expiry": "01/23" }'
# Response: 400 VALIDATION_ERROR — card has expired
Pre-Launch Checklist
Test the success path
Use a Visa/MC success card number and confirm your return URL and webhook both fire correctly.
Test the decline path
Use a decline card and confirm your error UI handles it gracefully.
Test expired card validation
Submit a past expiry date and confirm your frontend shows an appropriate error.
Verify webhook signature
Confirm your webhook handler verifies x-rohopay-signature before processing.
Switch to live_ key
Replace your test_ key with live_ in production environment variables.
