Sandbox Setup

Set up your sandbox environment and make your first test API call

Sandbox vs. Production

2C2P provides a sandbox environment that mirrors production behavior without processing real payments. Use it throughout development and testing.

Authentication

2C2P API requests and responses use JSON Web Tokens (JWT) signed with HMAC SHA-256 using your Secret Key.

Every API call follows this pattern:

1. Build a JSON payload with your request data
2. Sign it as a JWT using your Secret Key
3. Send the signed token in the payload field of your POST request
4. Decode the JWT in the response using the same Secret Key

For full details on generating and decoding JWT tokens, refer to JSON Web Tokens (JWT).

Make Your First API Call

Request a Payment Token to verify your sandbox setup is working. Payment Token API is the first step in every payment flow.

1. Prepare the request payload

{
    "merchantID": "JT01",
    "invoiceNo": "1523953661",
    "description": "item 1",
    "amount": 1000.00,
    "currencyCode": "SGD"
}

2. Sign the payload as a JWT

Sign the JSON above using HMAC SHA-256 with the secret Key . This produces a JWT string. Refer to Generate JWT Token for code examples in multiple languages.

3. Send the request

curl --location --request POST 'https://sandbox-pgw.2c2p.com/payment/4.3/paymentToken' \
--header 'Content-Type: application/json' \
--data-raw '{
    "payload": "<your-signed-jwt-token>"
}'

4. Verify the response

Decode the JWT in the response using the same Secret Key. A successful response looks like this:

{
    "webPaymentUrl": "https://sandbox-pgw-ui.2c2p.com/payment/4.3/#/token/...",
    "paymentToken": "kSAops9Zwhos8hSTSeLTUcCr...",
    "respCode": "0000",
    "respDesc": "Success"
}

• respCode 0000 confirms your sandbox setup is working correctly.
• webPaymentUrl is the hosted payment page URL — open it in a browser to see the checkout UI.
• paymentToken is used for Direct API integration to submit payment details programmatically.

🚧

If respCode is not 0000, the request failed. Refer to Payment Response Codes for error details.

Test Cards

Use these test card numbers when completing payments on the sandbox. For any card, use a future expiry date and the CVV listed.

For country-specific test cards including installment payment plan (IPP) cards, refer to:

Go Live Checklist

When sandbox testing is complete, follow these steps to switch to production:

1. Get production credentials - Contact 2C2P to receive your production Merchant ID and Secret Key.
2. Update the base URL - Replace https://sandbox-pgw.2c2p.com with https://pgw.2c2p.com in all API calls.
3. Replace credentials - Swap the sandbox Merchant ID and Secret Key for your production credentials.
4. Configure webhook endpoints Optional - Ensure your backend return URL points to your production server to receive payment notifications.
5. Run a live test - Make a small real transaction to confirm end-to-end connectivity.

Next Steps

Choose your integration method and build your first payment flow: