CardInfo SDK · Sandbox

The sandbox lets you integrate the CardInfo SDK without touching production. Same payload schema, same flow — but the card data is fake and no credentials are validated against a real backend.

⚠ This is a test environment. Cards returned here are demo PANs (e.g. 4111 1111 1111 1111). Never use real customer data in your requests.

Endpoints

Method	URL	Purpose
`POST`	`https://sandbox-cardapi.codegotech.com/getCardInfo`	Request a viewer token for a test card
`GET`	`https://sandbox-cardview.codegotech.com/v/<token>`	Open the iframe viewer (embed in your UI)
`GET`	`https://sandbox-cardapi.codegotech.com/signup`	Get a free sandbox API key

Get a sandbox key

Sandbox is free and self-service. Sign up here with your email — you'll receive your sk_sbx_… key instantly. No credit card, no signup approval queue.

Authentication (identical to production)

The sandbox accepts the exact same payload shape as cardapi.codegotech.com. Authentication uses two fields:

Field	What it is	Sandbox value
`authkey`	Tenant API key (gate string)	Any non-empty string (e.g. `"anything"`)
`authekey`	Basic credentials, base64-encoded `username:password`	`base64("sandbox:<your sk_sbx_… key>")`

Build authekey from your sandbox key with any base64 helper. Example with the key sk_sbx_abc123…:

# bash
printf 'sandbox:sk_sbx_abc123def456...' | base64
# → c2FuZGJveDpzal9zYnhfYWJjMTIzZGVmNDU2Li4u

// node
Buffer.from('sandbox:sk_sbx_abc123def456...').toString('base64');

// python
import base64; base64.b64encode(b'sandbox:sk_sbx_abc123def456...').decode()

When you go to production, the same field carries your real bank_bassapikey credentials (base64(username:password) from the Codego admin panel). Your code doesn't change.

Test cards

Send cid in the request body to pick which test card is returned.

cid	Brand	PAN	CVV	Expiry	Result
`1`	VISA	4111 1111 1111 1111	123	12/29	✅ approved
`2`	Mastercard	5555 5555 5555 4444	456	12/29	✅ approved
`3`	Amex	3782 822463 10005	7890	12/29	✅ approved
`4`	VISA	4000 0000 0000 0002	000	12/29	❌ declined (API returns `status:false`)

Example: request a token

curl -X POST https://sandbox-cardapi.codegotech.com/getCardInfo \
  -H "Content-Type: application/json" \
  -d '{
    "authkey": "anything",
    "authekey": "<base64(any:sk_sbx_xxx)>",
    "whitelabel_id": "demo-wl",
    "user_id": "user_42",
    "web_token": "any-token",
    "cid": "1"
  }'

Response (success)

{
  "status": true,
  "token": "f5b3...c801",
  "image_url": "https://sandbox-cardview.codegotech.com/v/f5b3...c801",
  "card_brand": "VISA",
  "expires_in": 300,
  "sandbox": true
}

Response (declined / cid=4)

{
  "status": false,
  "message": "Card declined (sandbox)",
  "code": "CARD_DECLINED",
  "sandbox": true
}

Embed the viewer

Once you have a token, drop the image_url into an iframe:

<iframe src="https://sandbox-cardview.codegotech.com/v/f5b3...c801"
        width="350" height="220"
        frameborder="0"
        sandbox="allow-same-origin allow-scripts"></iframe>

The viewer auto-clears after 60 seconds. Tokens are one-time use and expire after 5 minutes.

Going to production

When you're ready to integrate the live API:

Contact us at [email protected] with your IPs and origins
You'll receive a production authkey + tenant whitelabel_id
Switch base URL from sandbox-cardapi.codegotech.com → cardapi.codegotech.com
Same payload schema — your sandbox code works in prod with zero changes

Get sandbox key →