> ## Documentation Index
> Fetch the complete documentation index at: https://docs.yabetoopay.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Development Environment

> Set up your environment to develop and test your Yabetoo integration

## Sandbox vs Production Mode

Yabetoo provides two distinct environments for safe development and testing.

<CardGroup cols={2}>
  <Card title="Sandbox (Test)" icon="flask">
    Test environment for development. No real transactions are made.

    **Key prefix**: `sk_test_`
  </Card>

  <Card title="Production (Live)" icon="rocket">
    Production environment for real transactions.

    **Key prefix**: `sk_live_`
  </Card>
</CardGroup>

## API Keys Configuration

<Warning>
  Never share your secret API keys. Use environment variables to store them securely.
</Warning>

### Recommended Environment Variables

Create a `.env` file at the root of your project:

```bash .env theme={null}
# Test environment
YABETOO_SECRET_KEY=sk_test_XXXXXXXXXXXXXXXXXXXXXXXX
YABETOO_ACCOUNT_ID=acct_xxxxxxxx

# Callback URLs
YABETOO_SUCCESS_URL=http://localhost:3000/checkout/success
YABETOO_CANCEL_URL=http://localhost:3000/checkout/cancel
YABETOO_WEBHOOK_URL=http://localhost:3000/webhooks/yabetoo
```

### Usage in Your Code

<CodeGroup>
  ```javascript JavaScript theme={null}
  import Yabetoo from "@yabetoo/sdk-js";

  const yabetoo = new Yabetoo(process.env.YABETOO_SECRET_KEY);
  ```

  ```python Python theme={null}
  import os
  from yabetoo import Yabetoo

  yabetoo = Yabetoo(os.environ.get("YABETOO_SECRET_KEY"))
  ```

  ```php PHP theme={null}
  <?php
  $yabetoo = new Yabetoo\Yabetoo($_ENV['YABETOO_SECRET_KEY']);
  ```

  ```java Java theme={null}
  import com.yabetoo.Yabetoo;

  Yabetoo yabetoo = new Yabetoo(System.getenv("YABETOO_SECRET_KEY"));
  ```
</CodeGroup>

## Test Phone Numbers

In sandbox mode, use these phone numbers to simulate different scenarios:

| Number         | Operator | Behavior                   |
| -------------- | -------- | -------------------------- |
| `242000000001` | MTN      | Payment succeeds           |
| `242000000002` | MTN      | Fails (insufficient funds) |
| `242000000003` | MTN      | Pending 30s, then succeeds |
| `242000000004` | Airtel   | Payment succeeds           |
| `242000000005` | Airtel   | Fails (invalid number)     |

<Tip>
  Test mode transactions don't involve real money. You can test as much as needed.
</Tip>

## Testing Webhooks Locally

To receive webhooks locally, use a tunneling tool like ngrok:

<Steps>
  <Step title="Install ngrok">
    ```bash theme={null}
    # macOS
    brew install ngrok

    # or download from https://ngrok.com
    ```
  </Step>

  <Step title="Expose your local server">
    ```bash theme={null}
    ngrok http 3000
    ```

    You'll get a URL like `https://abc123.ngrok.io`
  </Step>

  <Step title="Configure the webhook in the Dashboard">
    Go to **Settings** > **Webhooks** and add your ngrok URL:

    ```
    https://abc123.ngrok.io/webhooks/yabetoo
    ```
  </Step>
</Steps>

## Verify Webhook Signatures

Always verify webhook signatures to ensure they come from Yabetoo:

<CodeGroup>
  ```javascript JavaScript theme={null}
  import crypto from 'crypto';

  function verifyWebhookSignature(payload, signature, secret) {
    const expectedSignature = crypto
      .createHmac('sha256', secret)
      .update(payload)
      .digest('hex');

    return crypto.timingSafeEqual(
      Buffer.from(signature),
      Buffer.from(expectedSignature)
    );
  }
  ```

  ```python Python theme={null}
  import hmac
  import hashlib

  def verify_webhook_signature(payload: str, signature: str, secret: str) -> bool:
      expected_signature = hmac.new(
          secret.encode(),
          payload.encode(),
          hashlib.sha256
      ).hexdigest()

      return hmac.compare_digest(signature, expected_signature)
  ```

  ```java Java theme={null}
  import javax.crypto.Mac;
  import javax.crypto.spec.SecretKeySpec;
  import java.security.MessageDigest;

  public boolean verifyWebhookSignature(String payload, String signature, String secret) {
      try {
          Mac mac = Mac.getInstance("HmacSHA256");
          SecretKeySpec secretKeySpec = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
          mac.init(secretKeySpec);
          byte[] hash = mac.doFinal(payload.getBytes());
          String expectedSignature = bytesToHex(hash);
          return MessageDigest.isEqual(
              signature.getBytes(),
              expectedSignature.getBytes()
          );
      } catch (Exception e) {
          return false;
      }
  }
  ```
</CodeGroup>

## Best Practices

<AccordionGroup>
  <Accordion title="Error Handling">
    Always implement robust error handling:

    ```python theme={null}
    from yabetoo import Yabetoo, YabetooError
    from yabetoo.errors import ValidationError, APIError

    try:
        payment = yabetoo.payments.create(data)
    except ValidationError as e:
        # Invalid data
        print(f"Validation error: {e.errors}")
    except APIError as e:
        # API error
        print(f"API error: {e.message}")
    except YabetooError as e:
        # Other Yabetoo error
        print(f"Error: {e}")
    ```
  </Accordion>

  <Accordion title="Idempotency">
    Use idempotency keys to avoid duplicates on retry:

    ```python theme={null}
    payment = yabetoo.payments.create(
        data,
        idempotency_key="order_12345_payment"
    )
    ```
  </Accordion>

  <Accordion title="Logging and Monitoring">
    Log all transactions for debugging:

    ```python theme={null}
    import logging

    logging.basicConfig(level=logging.INFO)
    logger = logging.getLogger("yabetoo")

    # Yabetoo SDKs log automatically
    ```
  </Accordion>
</AccordionGroup>

## Pre-Production Checklist

Before going live, verify:

<Steps>
  <Step title="Complete Testing">
    * [ ] Test all payment scenarios (success, failure, pending)
    * [ ] Test webhook reception and processing
    * [ ] Test refunds and cancellations
  </Step>

  <Step title="Security">
    * [ ] API keys stored in environment variables
    * [ ] Webhook signature verification implemented
    * [ ] HTTPS enabled on all endpoints
  </Step>

  <Step title="Configuration">
    * [ ] Production callback URLs configured
    * [ ] Webhooks pointing to production server
    * [ ] Production keys (`sk_live_`) in place
  </Step>
</Steps>

## Useful Resources

<CardGroup cols={2}>
  <Card title="Postman Collection" icon="rocket" href="/en/developer-tools/postman">
    Quickly test the API with our Postman collection
  </Card>

  <Card title="API Reference" icon="book" href="/en/api-reference/introduction">
    Complete API documentation
  </Card>

  <Card title="Error Handling" icon="triangle-exclamation" href="/en/api-reference/errors">
    List of error codes and solutions
  </Card>

  <Card title="Webhooks" icon="bell" href="/en/developer-tools/webhook/overview">
    Webhook configuration and management
  </Card>
</CardGroup>
