authorize and reconcile paths the issuer would call in production.
Production returns 404 on these paths.
/sandbox/internal-accounts/{id}/fund.
Issuance suffixes (platformCardId)
The last three characters ofplatformCardId (or cardholderId when
platformCardId is omitted) control how POST /cards resolves:
Funding-source suffixes (accountId)
Binding a funding source resolves based on the last three characters ofaccountId:
Authorization simulate
merchant.descriptor:
The response is the resulting
CardTransaction.
Clearing simulate
amount > authorizedAmountexercises the over-auth post-hoc pull path (restaurant tip / tip-on-top).amount = 0exercisesAUTHORIZATION_EXPIRY— the auth expires with no clearing posted.
Return simulate
REFUNDED; a partial refund keeps
it SETTLED with a non-zero refundedAmount.
End-to-end happy path
A simple Sandbox loop that exercises issue → activate → auth → clear → refund:CARD.STATE_CHANGE or
CARD.FUNDING_SOURCE_CHANGE webhooks plus transaction webhooks for
the simulated authorization, clearing, and return — wire those into
your local webhook handler to validate end-to-end.