Testing

Recommended Tenant Setup

When integration testing or running your systems within a deployed environment, we recommend that you use a dedicated Basis Theory tenant for each test environment that is separate from your production tenant. For example, if you maintain a separate Development, QA, Staging, and Production environment for your systems, we recommend that you mirror this setup by creating 4 separate tenants in Basis Theory. This can help you to isolate test data from production data and allow you to more securely lock down access to production API keys.

Testing Reactors

Reactor code is simply an ES module that exports a default function. This can be tested like any JavaScript code or ES module using the tooling of your choice. Internally at Basis Theory, we have automated tests for our reactor code using Jest to ensure the JavaScript code itself works as expected.

Unit Testing

For unit testing, we use Jest mocks to mock either SDK methods if we use a third party SDK in the reactor, or to mock usages of an http client (e.g., axios, node-fetch).

const fetch = require('node-fetch');

// this is a fake piece of data we expect the destination service to return
const fakeTransactionId = chance.string();

// here we mock the json response returned by node-fetch
jest.mock('node-fetch', () =>
  jest.fn().mockResolvedValue({
    status: 200,
    json: jest
      .fn()
       // this mock should return a "real" response based on what your mocked service normally returns
      .mockImplementation(() => Promise.resolve({ transaction_id: fakeTransactionId }))
  })
);

describe('Example reactor unit test', () => {
  const reactorFunction = require('./reactor');

  it('should call third party service', async () => {
    // this is the request we will pass into the reactor function
    const reactorRequest = {
      configuration: {
        THIRD_PARTY_API_KEY: chance.string()
      },
      args: {
        card_number: chance.string()
      }
    };

    // we expect the third party service to be called by our reactor with this payload
    const expectedRequestToThirdParty = {
      payment_method: {
        credit_card: {
          number: reactorRequest.args.card_number
        }
      }
    };

    const reactorResponse = await reactorFunction(reactorRequest);

    expect(fetch).toHaveBeenCalledTimes(1);
    expect(fetch).toHaveBeenCalledWith(
      'https://my.downstream.service.com/',
      {
        method: 'POST',
        headers: {
          'Content-Type': 'application/json',
          // our third party service accepts the API key in an X-API-KEY header
          'X-API-KEY': reactorRequest.configuration.THIRD_PARTY_API_KEY
        },
        body: JSON.stringify(expectedRequestToThirdParty)
      }
    );

    // we expect our reactor to return the transactionId returned by the third party service
    expect(reactorResponse).toEqual({
      raw: {
        transactionId: fakeTransactionId
      }
    });
  });
});

Integration Testing

For integration testing, we ensure the reactor code actually works against the destination services that the reactor integrates with. As an example, the following snippet shows a sample reactor integration test:

const reactorFunction = require('./reactor'); // this file exports our reactor function as an ES module
const { AuthenticationError } = require('@basis-theory/basis-theory-reactor-formulas-sdk-js');

describe('Example reactor integration test', () => {
  it('should return expected response', async () => {
    const actualResponse = await reactorFunction({
      configuration: {
        // this is a real api key for an external service called by our reactor
        THIRD_PARTY_API_KEY: process.env.THIRD_PARTY_API_KEY
      },
      args: {
        // requests to the reactor will contain a token, which will be detokenized
        // into plaintext before it reaches our reactor code
        // here we test with a fake plaintext card number
        card_number: '4242424242424242'
      }
    });

    // assert on whatever you expect the reactor to return, in our case we expect a transactionId to be returned
    expect(actualResponse.raw.transactionId).not.toBeNull();
  });

  it('should throw an AuthenticationError when using an invalid API key', async () => {
    await expect(
      reactorFunction({
        configuration: {
          // pass in a fake api key that will be rejected by the third party service
          THIRD_PARTY_API_KEY: chance.string()
        },
        args: {
            card_number: '4242424242424242'
        }
      })
    ).rejects.toThrow(new AuthenticationError().message);
  });
});

End-to-End Testing

End-to-end tests against reactors running in Basis Theory can provide further confidence that your reactors work in a deployed environment. These tests require a bit more setup and should sit at the top of your testing pyramid, so we encourage you to first focus on unit and integration tests before attempting to write automated end-to-end tests. If you do choose to write end-to-end tests, here are some tips to keep in mind:

The reactor under test must be provisioned either just-in-time during the test using a management application's API key, or manually provisioned ahead of time and referenced by id in the tests. Either solution requires some configuration to be passed into your tests.
Invoking your reactor under test will require a private application's API key with token:use permission.
If your reactor expects to be called with detokenization expressions in the request, the tokens referenced in your test requests must be pre-created by your test code. This will require access to either a public or private application's API key with token:create permission.

Testing Techniques

Mocking at the Network Level

Mocking network calls is useful within a category of testing that we refer to as Acceptance Testing. While the terminology differs throughout the software industry, we use this term to refer to black box testing of a system component to ensure it meets business requirements (i.e. acceptance criteria). With this type of test, you typically strive to mock external dependencies, especially network calls to external systems.

There are many tools available to facilitate mocking network calls, such as Wiremock (our preferred tool) or Mock Service Worker. If you're interested in learning more, check out our series of blog posts diving deep into our testing philosophy at Basis Theory.

Mocking at the Unit Level

We recommend that you generally adhere to good design principles and strive to loosely couple your application code from external dependencies, including integration points with Basis Theory. This can be accomplished by using inversion of control and dependency injection within your codebase whenever possible.

We also offer official SDKs in many languages, which provide standard interfaces for interacting with the Basis Theory API. This makes it easy to mock methods on these interfaces within your unit tests. While the specifics of how to structure your code and mock dependencies within unit tests differ across languages and frameworks, you have all the tools available to write loosely-coupled and well-tested code.

Test Data

Card Numbers

The card and card_number token types accept any Luhn-valid card numbers and are not restricted to a particular set of card numbers, even for tenants only used for testing purposes. However, if you exchange card tokens with any external systems using reactors or the proxy, those systems may have their own test card requirements that you should follow to ensure the integration works as expected.

BIN Details Test Cards

Your Test Tenant can be configured to return fake data for the BIN Details enrichment and can be requested in the Tenant's Quota Page.

When fake responses are enabled the following will occur:

If a card does not have a static value below, on every request a random set of BIN details following the enhanced data structure.
If a card does have a static value below, on every request the BIN details will be the same.

The following card numbers ranges have static BIN Details:

All the 3DS Test Cards are included in the fake BIN database as CREDIT cards.

Card Number Begin	Card Number End	Type	Card Brand	Test Card Example
`4242424242424242`	`4242424242424242`	CREDIT	VISA	`4242424242424242`
`5555555555550000`	`5555555555560000`	CREDIT	MASTERCARD	`5555555555554444`
`378282246310000`	`378282246310010`	CREDIT	AMEX	`378282246310005`
`4000056655665550`	`4000056655665550`	CREDIT	VISA	`4000056655665556`
`6200000000000000`	`6200000000000000`	CREDIT	UNIONPAY	`6200000000000005`
`6011010000000000`	`6011010000000005`	DEBIT	DISCOVER	`6011010000000003`
`3566002020360504`	`3566002020360506`	DEBIT	JCB	`3566002020360505`
`378282246310011`	`378282246310020`	DEBIT	VISA	`378282246310013`
`4005550000081018`	`4005550000081020`	DEBIT	VISA	`4005550000081019`
`5112000400000000`	`5112000400000001`	DEBIT	MASTERCARD	`5112000400000000`
`5112010000000003`	`5112010100000002`	DEBIT	MASTERCARD	`5112010000000003`
`6011000990139420`	`6011000990139430`	CREDIT	DISCOVER	`6011000990139424`
`6011111111111110`	`6011111111111120`	CREDIT	DISCOVER	`6011111111111117`

3DS Test Cards

The following test card numbers can be used to test various 3D Secure scenarios.

Card Number	Card Brand	3DS Scenario	Is Luhn Valid
`4200000000000002`	VISA	Successful Frictionless Authentication	No
`4200000000000003`	VISA	Authentication Attempted	No
`4200000000000005`	VISA	Authentication Failed	No
`4200000000000006`	VISA	Authentication Unavailable	No
`4200000000000007`	VISA	Authentication Rejected	No
`4200000000000004`	VISA	Successful Challenge Authentication	No
`4200000000000014`	VISA	Successful Challenge Authentication - Method not Required	No
`4200000000000015`	VISA	Successful Mandated Challenge Authentication	No
`4200000000000016`	VISA	Successful Out-of-Band Challenge Authentication	No
`4200000000000008`	VISA	Attempted Challenge Authentication	No
`4200000000000009`	VISA	Failed Challenge Authentication	No
`4200000000000017`	VISA	Failed Out of Band Challenge Authentication	No
`4200000000000010`	VISA	Unavailable Challenge Authentication	No
`4200000000000011`	VISA	Rejected Challenge Authentication	No
`4200000000000012`	VISA	3DS Directory Server Error	No
`4200000000000013`	VISA	Internal 3DS Server Error	No
`4264281511112228`	VISA	Authentication Failed	Yes
`340000000004001`	AMEX	Successful Challenge Authentication	Yes
`4000020000000000`	VISA	Successful Challenge Authentication	Yes
`4111111111111111`	VISA	Authentication Attempted	Yes
`5204247750001471`	MASTERCARD	Successful Frictionless Authentication	Yes
`6011601160116011`	DISCOVER	Successful Frictionless Authentication	Yes
`370000000000002`	AMEX	Successful Challenge Authentication	Yes
`3566002020360505`	JCB	Successful Challenge Authentication	Yes
`3566006663297692`	JCB	Successful Challenge Authentication	Yes
`36185973325993`	DISCOVER	Successful Challenge Authentication	Yes
`5424180011113336`	MASTERCARD	Authentication Attempted	Yes
`5424180000000171`	MASTERCARD	Authentication Failed	Yes
`5405001111111165`	MASTERCARD	Authentication Unavailable	Yes
`5405001111111116`	MASTERCARD	Authentication Rejected	Yes
`4005562231212123`	VISA	Successful Challenge Authentication - Method not Required	Yes
`4761369980320253`	VISA	Successful Mandated Challenge Authentication	Yes
`4000000000000341`	VISA	Successful Out-of-Band Challenge Authentication	Yes
`5200000000001104`	MASTERCARD	Successful Mandated Challenge Authentication	Yes
`4005571701111111`	VISA	Attempted Challenge Authentication	Yes
`4055011111111111`	VISA	Failed Challenge Authentication	Yes
`5427660064241339`	MASTERCARD	Failed Challenge Authentication	Yes
`6011361011110004`	DISCOVER	Failed Out of Band Challenge Authentication	Yes
`6011361000008888`	DISCOVER	Unavailable Challenge Authentication	Yes
`6011361000001115`	DISCOVER	Rejected Challenge Authentication	Yes
`4264281500003339`	VISA	3DS Directory Server Error	Yes
`4264281500001119`	VISA	Internal 3DS Server Error	Yes
`5424180011110001`	MASTERCARD	3DS Directory Server Error	Yes

Account Updater Test Cards

The following test card numbers can be used to test various Account Updater scenarios.

PAN	Exp. Month	Exp. Year	Result Code	Update Details
`4111111111111111`	`12`	`2023`	`UPD_PAN`	`4166676667666746`
`6011690151507086`	`12`	`2023`	`UPD_EXP_DATE`	`12/2026`
`6011760519541711`	`12`	`2023`	`UPD_BRAND_CONV`	N/A
`6011490740263725`	`12`	`2023`	`UPD_CORRECTED`	N/A
`5461310156953048`	`12`	`2023`	`WRN_CLOSED_ACCOUNT`	N/A
`4929980395567582`	`12`	`2023`	`WRN_CONTACT_CARDHOLDER`	N/A
`4916725297925395`	`12`	`2023`	`WRN_ISSUER_NO_DATA`	N/A
`5580422612666704`	`12`	`2023`	`WRN_ISSUER_NOT_ENROLLED`	N/A
`4035501000000008`	`12`	`2023`	`WRN_OPT_OUT`	N/A
`201400000000009`	`12`	`2023`	`WRN_UNSUPPORTED_NETWORK`	N/A
`6011178332216017`	`12`	`2023`	`ERR_UNDEFINED`	N/A
`6011648103759866`	`12`	`2023`	`ERR_INVALID_EXP_DATE`	N/A
`378025849667382`	`12`	`2023`	`ERR_INVALID_PAN`	N/A
`370000000000002`	`12`	`2023`	`ERR_INVALID_CONFIG`	N/A
`4711358892785746`	`12`	`2023`	(No change and not returned in file)	N/A

Bank Verification Test Cards

The following test bank account numbers can be used to test various Bank Verification scenarios.

Routing Number	Account Number	Status
`021000020`	`00000`	`disabled`
`021000021`	`00001`	`enabled`
`021000021`	`00002`	`inconclusive`

Recommended Tenant Setup​

Testing Reactors​

Unit Testing​

Integration Testing​

End-to-End Testing​

Testing Techniques​

Mocking at the Network Level​

Mocking at the Unit Level​

Test Data​

Card Numbers​

BIN Details Test Cards​

3DS Test Cards​

Account Updater Test Cards​

Bank Verification Test Cards​