# Sandbox Testing source: https://developer.mastercard.com/mastercard-processing-fraud/documentation/sandbox-testing/index.md ## Overview {#overview} The section describes all use cases that can be tested using the Sandbox environment. The Sandbox contains limited-capacity mock APIs, enabling you to try the APIs quickly to assist with initial integration and solution development. The Sandbox returns mock responses for a defined request. Particular values in the request body, such as path parameters or fields, will give specific predefined responses. Note: At the beginning of each test case, there might be information (in the form of a table) that you must use in the request to execute the test case. The table displays specific values that are preconfigured in the Sandbox. Otherwise, you can send any values in the request, and the Sandbox will always return the same mock response. The following test cases are provided: | Test case | Test case scenario | |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------| | [Redefine a Risk Control](https://developer.mastercard.com/mastercard-processing-fraud/documentation/sandbox-testing/redefine-risk-control/index.md) | Success | | | Fail -- Invalid Risk Control Code | | [Change the Status of Risk Control](https://developer.mastercard.com/mastercard-processing-fraud/documentation/sandbox-testing/change-status-risk-control/index.md) | Success -- Activate a Risk Control | | | Success -- Suspend a Risk Control | | | Fail -- Invalid Risk Control Code | | [Reset Risk Control Counters](https://developer.mastercard.com/mastercard-processing-fraud/documentation/sandbox-testing/reset-risk-control-counters/index.md) | Success | | | Fail -- Invalid Risk Control Code | | [Restore Risk Control Original Values](https://developer.mastercard.com/mastercard-processing-fraud/documentation/sandbox-testing/restore-risk-control-orig-values/index.md) | Success | | | Fail -- Invalid Risk Control Code | | [Retrieve Risk Controls](https://developer.mastercard.com/mastercard-processing-fraud/documentation/sandbox-testing/retrieve-risk-controls/index.md) | Success | | | Success -- No Risk Control stored in CMS | ## API configuration {#api-configuration} There is a predefined API configuration of the Sandbox containing the following: * Characters allowed in the requests. * `cardContractnumber` (PAN) masking pattern used in all API responses. * Input patterns for fields containing e-mail, phone, or fax number. * Available dictionaries' values. | Global parameter | Value | |-----------------------------------------|------------------------------------------------------------------------------------| | PAN masking pattern | XXXXXX____XXXX | | Allowed default characters | abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.,\&#'@+\\\\-\*_=; /1234567890 | | Allowed characters for technical fields | abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\*#+= /1234567890\\\\-_%; | ## Global error test cases {#global-error-test-cases} There are globally predefined main CMS object identifiers (`contractId`) which allow getting typical errors during the processing of the request. | Path parameter name | Path parameter available value | reasonCode | Description | |---------------------|--------------------------------|-------------------------|-----------------------------------| | `contract_id` | 10001 | CONTRACT_DOES_NOT_EXIST | Contract with id 10001 not found. | To get the `reasonCode` `CONTRACT_ DOES_NOT_EXIST` error, you should define the `contract_id` parameter with the `10001` value in the request. That rule applies to any API endpoints with `contract_id` unless it is described differently in the particular test case.