Skip to main content
Orchestra uses the same API for both testing and production. The environment is determined by your credentials, not the API endpoint.

Sandbox vs Production

EnvironmentUse CaseBehavior
SandboxDevelopment, testing, CI/CDTransactions simulated via provider test modes
ProductionLive customer transactionsReal money moves
The API base URL is the same for both environments: https://api.orchestrasolutions.com

How Environments Work

Orchestra doesn’t have a global “test mode” switch. Instead, the environment is determined by:
  1. Your Payment Gateway Account credentials - Test credentials (e.g., Stripe’s sk_test_...) route to sandbox; live credentials route to production
  2. The mode parameter (Payments Library only) - Set to TEST or LIVE when creating sessions
This means you can run both environments simultaneously by using different Payment Gateway Account names in your API calls.

Setting Up for Testing

Quick Start with Mock PSPs

For immediate testing without external provider accounts, use Orchestra’s built-in mock payment gateways:
  1. In the Portal, go to Payment Gateway Account > Create
  2. Select NULLSuccess or NULLFailure as the gateway
  3. Give it a name (e.g., “test-success”)
  4. Leave credentials empty
  5. Use the account name in your API calls
Mock PSPs simulate basic success/failure scenarios instantly, with no external dependencies. See Mock PSPs for complete details and limitations.

1. Create Test Payment Gateway Accounts

For comprehensive testing with real provider features, use your provider’s test/sandbox credentials: 
Name: stripe-test
Gateway: Stripe
Credentials: sk_test_...

2. Use Test API Keys

Create separate API keys for development. Label them clearly (e.g., “Development”, “CI/CD”).
Never use production API keys in development environments or commit them to version control.

3. Use Test Card Numbers

Each payment provider has test card numbers that simulate various scenarios:
ProviderTest CardNotes
Stripe4111111111111111Successful charge
Stripe4000000000000002Card declined
Adyen4111111111111111Successful charge
Check your payment provider’s documentation for their full list of test cards and scenario simulations (3DS challenges, insufficient funds, etc.).

Payments Library Mode

When using the Payments Library, set the mode parameter in your session request: 
{
  "operation": "CHARGE",
  "mode": "TEST",
  "amount": 25.00,
  "currencyCode": "USD",
  "paymentGatewayAccountId": "stripe-test"
}
ModeBehavior
TESTSandbox transactions
LIVEProduction transactions

Going Live Checklist

When you’re ready to accept real payments:
1

Create Production Payment Gateway Accounts

Add your payment providers with live/production credentials:
Name: stripe-production
Gateway: Stripe
Credentials: sk_live_...
2

Generate Production API Keys

Create new API keys specifically for production. Use environment variables or a secrets manager.
3

Update Your Application

Change your code to reference production account names:
// Development
paymentGatewayAccountName: 'stripe-test'

// Production
paymentGatewayAccountName: 'stripe-production'
For the Payments Library, change mode from TEST to LIVE.
4

Test with Small Amounts

Before full launch, process a few small real transactions to verify everything works end-to-end.

Running Both Environments

You can maintain both sandbox and production in the same Orchestra account: 
// Use environment variables to switch
const accountName = process.env.NODE_ENV === 'production'
  ? 'stripe-production'
  : 'stripe-test';

const response = await fetch('https://api.orchestrasolutions.com/PaymentGateway/charge', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-Api-Key': process.env.ORCHESTRA_API_KEY
  },
  body: JSON.stringify({
    amount: 25.00,
    currency: 'USD',
    paymentGatewayAccountName: accountName,
    card: { ... }
  })
});

Best Practices

Separate Everything

Use distinct API keys, Payment Gateway Accounts, and environment variables for each environment.

Never Mix Credentials

Don’t use test credentials in production or vice versa. Label accounts clearly.

Automate Safely

CI/CD pipelines should only have access to test credentials. Production deploys should pull from secure secrets.

Monitor After Launch

Watch your first production transactions closely. Verify amounts, success rates, and provider responses.

Create Account

Sign up for Orchestra

Add Payment Provider

Connect your gateways

Generate API Key

Create API credentials

API Reference

Authentication and endpoints