Test Your Integration
Reevit’s sandbox includes a payment simulator: a built-in provider that produces any payment outcome on demand. Nothing about it is mocked — simulated payments run through the real router, the real failover logic, and the real webhook pipeline, so the events your app receives in test mode match production schemas by construction. There are two ways to drive it:- Magic test values — create payment intents with special amounts (or phone-number suffixes) that force a specific outcome.
- The Reevit CLI —
reevit triggerfires outcomes by name, andreevit listenstreams the resulting events to your local endpoint with production-valid signatures.
The simulator only works with test-mode keys (
pfk_test_...). Live-mode
requests to the simulator provider are rejected.Magic test values
Create a payment intent with one of these amounts and the simulator produces the corresponding outcome. Failure outcomes can also be forced with a customer phone number ending in the listed suffix, whatever the amount.| Amount | Phone suffix | Outcome | Failover |
|---|---|---|---|
4000 | — | Succeeds immediately | — |
4001 | ...0001 | Declined (card_declined) | No — hard declines never fail over |
4002 | ...0002 | Declined (insufficient_funds) | No |
4003 | ...0003 | Timeout (transient error) | Yes — the router retries on your next connection |
4004 | ...0004 | Provider down (unavailable) | Yes |
The Reevit CLI
The CLI wraps the simulator in astripe listen-style local workflow.
payments:read, payments:write, connections:read,
connections:write, and optionally webhooks:read):
Trigger outcomes by name
reevit trigger creates a real test-mode payment using the magic amount for
the outcome you name — the simulator connection is created automatically the
first time.
Forward events to localhost
reevit listen subscribes to your account’s live test-mode event stream and
POSTs each event to your local endpoint — signed exactly like production
webhooks, so your signature-verification code runs unchanged:
X-Reevit-Signature,
X-Reevit-Delivery-ID, X-Reevit-Delivery-Attempt,
X-Reevit-Signature-Timestamp) with a real
sha256=<hex HMAC-SHA256 of the raw body> signature. When your key has
webhooks:read, events are signed with your account’s actual webhook
secret; otherwise the CLI generates and prints an ephemeral secret to verify
against. See Webhooks for verification snippets in every SDK.
The full loop
Two terminals and you can watch an outcome travel end to end:payment.* events production would send,
your verification passes, and your failure handling runs against a real
declined payment.
What to test before going live
- Success and both declines — does your app message the customer
correctly for
card_declinedvsinsufficient_funds? - Timeout with one connection — the payment fails after retries; your app should treat it as retryable.
- Timeout with two connections — the payment recovers via failover;
check you handle a succeeded payment whose
routeshows multiple attempts. - Webhook signature rejection — send a request with a bad signature to your endpoint and confirm you reject it.
- Idempotency — replay a delivery (same
X-Reevit-Delivery-ID) and confirm you don’t double-process.

