Sandbox

End-to-End Test Flow

The recommended sandbox rehearsal — create a test deposit, simulate the transfer, and receive a deposit.success webhook

Goal: rehearse receiving the deposit.success webhook end-to-end, using a matching payer and the exact amount.

Diagram coming soon — sequence diagram: merchant → POST /v1/deposits (test) → POST /v1/test/simulate-transfer → matcher (async) → webhook deposit.success → merchant system

Recommended flow

Create a test deposit

POST /v1/deposits with a unk_test_... key, specifying the payer (bank/name/account) and the amount → you get a deposit_id in status PENDING.

Simulate an exact-amount transfer

POST /v1/test/simulate-transfer sending the same deposit_id + sender_* matching the payer, and without amount (so the exact expected amount is used) → you get 202 with status: "injected".

Wait for the `deposit.success` webhook

The real matcher runs asynchronously; on a match → it credits the test balance → the system fires the deposit.success webhook to your endpoint (you must be subscribed to this event).

You can test failure cases too: a wrong sender_bank → payer mismatch (not credited); a non-matching amount override → amount mismatch, so it never matches.

See the real deposit.success payload and how to verify the signature in Webhook Events and Signature Verification, and subscribe to this event in Portal Preparation.

curl examples

The X-Signature values below are placeholders — compute them from your ownsecret over the canonical string above (do not use the example values verbatim).

curl -X POST https://api.unkpay.co/v1/deposits \
  -H "X-Api-Key: unk_test_xxxxxxxxxxxxxxxx" \
  -H "X-Timestamp: 1718790000" \
  -H "X-Signature: <hex hmac of base string>" \
  -H "Idempotency-Key: dep-test-0001" \
  -H "Content-Type: application/json" \
  -d '{"amount":"500.37"}'   # <-- add field/payer per your /v1/deposits spec

curl -X POST https://api.unkpay.co/v1/test/simulate-transfer \
  -H "X-Api-Key: unk_test_xxxxxxxxxxxxxxxx" \
  -H "X-Timestamp: 1718790000" \
  -H "X-Signature: <hex hmac>" \
  -H "Idempotency-Key: sim-0001" \
  -H "Content-Type: application/json" \
  -d '{
    "deposit_id": "11111111-1111-4111-8111-111111111111",
    "sender_bank": "KBANK",
    "sender_name": "Payer Name",
    "sender_account": "1234567890"
  }'

curl -X POST https://api.unkpay.co/v1/test/top-up \
  -H "X-Api-Key: unk_test_xxxxxxxxxxxxxxxx" \
  -H "X-Timestamp: 1718790000" \
  -H "X-Signature: <hex hmac>" \
  -H "Idempotency-Key: topup-0001" \
  -H "Content-Type: application/json" \
  -d '{"amount":"1000.00","currency":"THB"}'

curl -X POST https://api.unkpay.co/v1/test/reset \
  -H "X-Api-Key: unk_test_xxxxxxxxxxxxxxxx" \
  -H "X-Timestamp: 1718790000" \
  -H "X-Signature: <hex hmac>" \
  -H "Idempotency-Key: reset-0001"

curl -X POST https://api.unkpay.co/v1/test/top-up \
  -H "X-Api-Key: unk_live_xxxxxxxxxxxxxxxx" \
  -H "X-Timestamp: 1718790000" \
  -H "X-Signature: <hex hmac>" \
  -H "Idempotency-Key: topup-live-0001" \
  -H "Content-Type: application/json" \
  -d '{"amount":"1000.00"}'
# => HTTP 404 (the test endpoint is deliberately hidden from live keys)

Pending confirmation — the real body of POST /v1/deposits (required payer fields) to match the deposit-creation section

The simulate-transfer step returns 202:

{
  "bank_txn_id": "test_8f1c2e9a-...",
  "amount": "500.37",
  "currency": "THB",
  "status": "injected"
}

The top-up step returns:

{ "amount": "1000.00", "currency": "THB", "status": "credited" }

The reset step returns:

{ "status": "reset" }

Top-up & Reset

Credit your test balance and wipe your own test data — two sandbox-only triggers

Go-live Checklist