Skip to main content

How to test

iDenfy uses the same API URL for sandbox and production. Your API key determines which mode you’re in.
1

Get sandbox API keys

Your sandbox keys are in Dashboard → Settings → API Keys.
2

Set up a webhook receiver

Use one of these to inspect incoming webhooks:
# Option 1: webhook.site (no setup)
# Go to https://webhook.site — you get a unique URL immediately

# Option 2: ngrok (tunnels to localhost)
ngrok http 3000
# Use the https URL it gives you
Paste the URL in Dashboard → Settings → Webhooks).
3

Generate a test token

curl -X POST https://ivs.idenfy.com/api/v2/token \
  -u "SANDBOX_API_KEY:SANDBOX_API_SECRET" \
  -H "Content-Type: application/json" \
  -d '{"clientId": "test-001"}'
4

Run a dummy verification

Use the Sample Verification feature in your Dashboard to generate mock results with predefined outcomes — no real documents needed.

Simulating different outcomes

Use Dummy Results to trigger specific verification statuses:
OutcomeWhat to test in your app
APPROVEDHappy path — user gets access
DENIEDShow rejection message, offer retry
SUSPECTEDCheck fraudTags / mismatchTags, make a decision
EXPIREDToken timed out — prompt re-verification
For AML screening, use AML Dummy Results to trigger sanctions/PEP matches.

Go-live checklist

Before switching to production keys:
  • Webhooks — all statuses handled (APPROVED, DENIED, SUSPECTED, EXPIRED)
  • Error handling — graceful responses for 400, 401, 403, 429, 500
  • Token expiry — tested what happens when user returns after session expires
  • Callback signingHMAC verification implemented
  • IP whitelistingiDenfy IPs whitelisted on your webhook endpoint
  • Data storagescanRef stored in your database for each verification
  • Production webhook URL — configured in Dashboard
  • Production API keys — generated and stored securely (env vars, not code)
The most common go-live issue: webhook endpoint returns non-2xx. iDenfy retries, and in the meantime the user sees a “failed” redirect even though verification may have succeeded. Test your webhook endpoint thoroughly.