# ORC API Testing - Cyber Only source: https://developer.mastercard.com/onboard-risk-check/documentation/testing/cyber-only/index.md ## Test scenarios {#test-scenarios}
Note: For more details on ICA, please refer to [Glossary](https://developer.mastercard.com/onboard-risk-check/documentation/glossary/index.md). ### Inquiry Details Request API endpoint {#inquiry-details-request-api-endpoint} | **Scenario No.** | **Scenario** | **Key Data** | **Sample Action** | **Pass Criteria** | |------------------|-----------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 | To ensure that the customer is onboarded to use the ORC API and is able to make a valid Get Inquiries Details Request call. | You will need a valid IRN from an inquiry initiated in the past either from ORC or MATCH. Below is a valid IRN for sandbox environment: 11111111111129. | Make a request to the Get endpoint to merchants/url-inquiries/IRN (inquiry reference number). | A response will be generated for the IRN with a HTTP status of 200 OK. | | 2 | To ensure that the customer is using a valid consumer key to pass authentication. | 1. Valid consumer key generated through Mastercard Developers project. 2. Valid IRN - 11111111111129. 3. Customer onboarding unsuccessful or incomplete. | Make a request to the Get endpoint to merchants/url-inquiries/IRN (inquiry reference number). | A response will be generated for the Invalid IRN with a HTTP status of 404 (NOT FOUND) since an approved consumer key was not found. | | 3 | To ensure that the customer is using a valid IRN. The IRN must be from a past inquiry initiated by the same customer. | 1. Valid consumer key generated through Mastercard Developers project. 2. Successful onboarding. 3. Invalid IRN, or, an IRN that doesn't belong to the same customer. For example, 1111111111112. | Make a request to the Get endpoint to merchants/url-inquiries/IRN (inquiry reference number). | A response will be generated for the Invalid IRN with a HTTP status of 404 (NOT FOUND) since either the resource was not found or inaccessible due to IRN belonging to another customer. | | | | | | | ### Create Request Inquiry Request API endpoint {#create-request-inquiry-request-api-endpoint} | **Scenario No.** | **Scenario** | **Key Data** | **Sample Action** | **Pass Criteria** | |------------------|------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 | To ensure that the customer is onboarded to use the ORC API and is able to make a valid POST Create Request Inquiry request. | - Requesting ICA -Merchant URL -Merchant Name -Application Name -User ID -Request DataTime -Company ID or CID. | Make a request to the POST Endpoint to `/merchants/url-inquiries`. | A response will be generated and a unique Inquiry Request Number will be returned with a HTTP status of 202. | | 2 | To ensure that the customer is using valid fields and values. | -Requesting ICA -Merchant URL -Merchant Name -Application Name -User ID -Request DataTime -Company ID or CID | Make a request to the POST endpoint to `/merchants/url-inquiries`. | A response will be generated for the following invalid or missing fields: - Requesting ICA -Merchant URL -Merchant Name -Application Name -User ID -Request DataTime -Company ID or CID -400 -- Bad Request. | | 3 | To ensure that the customer is using valid fields and values. | -Requesting ICA -Merchant URL -Merchant Name -Application Name -User ID -Request DataTime -Company ID or CID | Make a request to the POST endpoint to `/merchants/url-inquiries`. | A response will be generated for the following invalid or missing fields: - Requesting ICA -Merchant URL -Merchant Name -Application Name -User ID -Request DataTime -Company ID or CID -401 -- Unauthorized. | | 4 | To ensure that the customer is using valid fields and values. | -Requesting ICA -Merchant URL -Merchant Name -Application Name -User ID -Request DataTime -Company ID or CID | Make a request to the POST endpoint to `/merchants/url-inquiries`. | A response will be generated for the following invalid or missing fields: - Requesting ICA -Merchant URL -Merchant Name -Application Name -User ID -Request DataTime -Company ID or CID -404 -- Not Found. | | 5 | To ensure that the customer is using a valid ICA/CID. | 1. Valid consumer key generated through Mastercard Developers project. 2. CIDs that have at least one user/ICA opted in to the new Cyber Secure Match role/function in MCC. | Make a request to the POST endpoint to `/merchants/url-inquiries`. | A response will be generated for the invalid ICA/CID with a HTTP status of 404 (NOT FOUND). | | | | | | | ### Error codes and format {#error-codes-and-format} For details about the error format, refer to [Cyber Only: Code and Formats](https://developer.mastercard.com/onboard-risk-check/documentation/code-and-formats/cyber-only/index.md).