API - sandbox & testing

We have prepared a sandbox environment where you can do all the tests you deem necessary. To carry out your tests use the following credentials:

					shopId: partnershop
X-Auth-Token: partnerkey

These credentials can only be used in the sandbox. When you have finished your tests, contact our dedicated partner support at partner@soisy.it to request your production credentials.

The sandbox API host is as follows:



In the course of your tests, you will occasionally create test orders for dummy users. In our platform, each user is identified by an email address and / or a tax code. Therefore, you will need to use test email addresses or social security numbers.

As an email address use any address with a valid form, for example:


The address can be absolutely generic: our sandbox platform does not send any real messages to the addresses entered.

A small note: in our platform it is not possible to register two users with the same email address and also Sandbox is configured the same way, to allow you to experience exactly the experience and validations that you will have in production. Therefore, with each new attempt, you will need to use a new email address.

The advice we can give you is to add an incremental number to the address: authoritative sources assure us that in this way you can make infinite attempts;)


The same rule applies to tax codes: there cannot be two users with the same tax code, so you will have to change the tax code for each test you do. In your tests you can use a social security number with a similar form:


In the Sandbox environment we do not use the approval engine which is used in production instead. In Sandbox the approval engine simply looks at the amount of the request to decide whether to approve it or not. If the amount is strictly greater than € 10,000, the request will be rejected, while requests for amounts equal to or less than € 10,000 will be approved.

As already mentioned, in the sandbox no emails are sent to customers or SMS containing OTP codes (one time password).

For example, if during your tests you find that a user is redirected to the login page with a message indicating to click on the link just received by email, do not go to your mailbox waiting for the message because it means that, as already mentioned in the paragraph of the social security numbers, the user has already associated an installment payment with him. By carrying out a new test with a different tax code it will be possible to continue with your tests.

If during the signature flow, or elsewhere, you are asked for an OTP code that should arrive via SMS, do not wait for it: instead always enter the code0000000 to continue.

This page explains in detail what our callbacks are and how they can be used to automate the status updates of your orders in your e-commerce.

During the development and testing period, you can test callbacks in two ways:

  1. Using a command to update their states on their own
  2. Request help from Soisy customer support

The command to use to test your callbacks is as follows:

-d "eventId=EVENT_ID&eventMessage=EVENT_MESSAGE&eventDate=EVENT_DATE&orderToken=ORDER_TOKEN&orderReference=ORDER_REFERENCE"

Obviously it is necessary to replace the various placeholders with the following logic

  • YOUR_CALLBACK_URL : The URL to the correct endpoint that manages the callacks (Ex.https://example.com )
  • EVENT_ID : Choose the correct string based on the event you want to test. The list of event IDs is available here (Ex.LoanWasApproved ).
  • EVENT_MESSAGE : Choose the correct string based on the event you want to test. The list of messages is available here . (Replace any “space” characters with the following encoded string%20 . Ex.loan approved inloan%20approved )
  • EVENT_DATE : Send the date in the following format YYYY-MM-DDTHH:mm:ss
  • ORDER_TOKEN : 40-character token that uniquely identifies the order within Soisy, obtained from the positive outcome of the order creation API call . (Ex.abcdefghij1234567890ABCDEFGHIJ1234567890 )
  • ORDER_REFERENCE : The ID that uniquely identifies the order within the e-commerce. (Ex.123456 )

Complete example without placeholders:

					curl -XPOST 'https://example.com' \
-d "eventId=LoanWasApproved&eventMessage=loan%20approved&eventDate=2020-01-01T12:30:00&orderToken=abcdefghij1234567890ABCDEFGHIJ1234567890&orderReference=123456"

Le prove in produzione in Soisy sono un tema delicato 🙂 Il motivo è che la richiesta di rateizzazione, con relativo codice fiscale, viene inviata ai sistemi di informazione creditizia (S.I.C., i credit bureau come CRIF per intenderci).

È per questo motivo che l’ambiente di Sandbox che forniamo utilizza lo stesso codice sorgente del nostro ambiente di produzione. Ragione per cui se l’integrazione funziona in sandbox funzionerà anche in produzione.

Comprendiamo però l’esigenza di provare il funzionamento di Soisy anche in produzione, ti chiediamo solo di metterti d’accordo con i nostri Business Dev prima di farlo e di definire in anticipo la lista delle persone che vorrai testare.

E’ obbligatorio da parte tua utilizzare indirizzi email con suffisso @example.com. Ogni prova in produzione con un suffisso differente sarà cancellata senza preavviso.
A partire da quando vai in produzione, hai un massimo di 2 giorni per effettuare prove in produzione.

Inoltre, ci raccomandiamo caldamente di arrivare allo step di firma escluso, senza quindi firmare digitalmente il contratto finale, in quanto questo sarebbe un contratto vincolante con Soisy.


Siamo on line dal lunedì al venerdì dalle 9.30 alle 12.30 e dalle 14.30 alle 17.30

Scrivici in questi orari, grazie!