Skip to main content

Sandbox vs Production Mode

Yabetoo provides two distinct environments for safe development and testing.

Sandbox (Test)

Test environment for development. No real transactions are made.Key prefix: sk_test_

Production (Live)

Production environment for real transactions.Key prefix: sk_live_

API Keys Configuration

Never share your secret API keys. Use environment variables to store them securely.
Create a .env file at the root of your project:
.env
# Test environment
YABETOO_SECRET_KEY=sk_test_XXXXXXXXXXXXXXXXXXXXXXXX
YABETOO_ACCOUNT_ID=acct_xxxxxxxx

# Callback URLs
YABETOO_SUCCESS_URL=http://localhost:3000/checkout/success
YABETOO_CANCEL_URL=http://localhost:3000/checkout/cancel
YABETOO_WEBHOOK_URL=http://localhost:3000/webhooks/yabetoo

Usage in Your Code

import Yabetoo from "@yabetoo/sdk-js";

const yabetoo = new Yabetoo(process.env.YABETOO_SECRET_KEY);

Test Phone Numbers

In sandbox mode, use these phone numbers to simulate different scenarios:
NumberOperatorBehavior
242000000001MTNPayment succeeds
242000000002MTNFails (insufficient funds)
242000000003MTNPending 30s, then succeeds
242000000004AirtelPayment succeeds
242000000005AirtelFails (invalid number)
Test mode transactions don’t involve real money. You can test as much as needed.

Testing Webhooks Locally

To receive webhooks locally, use a tunneling tool like ngrok:
1

Install ngrok

# macOS
brew install ngrok

# or download from https://ngrok.com
2

Expose your local server

ngrok http 3000
You’ll get a URL like https://abc123.ngrok.io
3

Configure the webhook in the Dashboard

Go to Settings > Webhooks and add your ngrok URL:
https://abc123.ngrok.io/webhooks/yabetoo

Verify Webhook Signatures

Always verify webhook signatures to ensure they come from Yabetoo: 
import crypto from 'crypto';

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

Best Practices

Always implement robust error handling:
from yabetoo import Yabetoo, YabetooError
from yabetoo.errors import ValidationError, APIError

try:
    payment = yabetoo.payments.create(data)
except ValidationError as e:
    # Invalid data
    print(f"Validation error: {e.errors}")
except APIError as e:
    # API error
    print(f"API error: {e.message}")
except YabetooError as e:
    # Other Yabetoo error
    print(f"Error: {e}")
Use idempotency keys to avoid duplicates on retry:
payment = yabetoo.payments.create(
    data,
    idempotency_key="order_12345_payment"
)
Log all transactions for debugging:
import logging

logging.basicConfig(level=logging.INFO)
logger = logging.getLogger("yabetoo")

# Yabetoo SDKs log automatically

Pre-Production Checklist

Before going live, verify:
1

Complete Testing

  • Test all payment scenarios (success, failure, pending)
  • Test webhook reception and processing
  • Test refunds and cancellations
2

Security

  • API keys stored in environment variables
  • Webhook signature verification implemented
  • HTTPS enabled on all endpoints
3

Configuration

  • Production callback URLs configured
  • Webhooks pointing to production server
  • Production keys (sk_live_) in place

Useful Resources

Postman Collection

Quickly test the API with our Postman collection

API Reference

Complete API documentation

Error Handling

List of error codes and solutions

Webhooks

Webhook configuration and management