How to simulate error for creating card (not payment) in sandbox env

Dear team,

By referring to the link Sandbox Payments, I noticed below card info to simulate error in sandbox env.

Test values Desired error state
CVV: 911 Card CVV incorrect
Postal code: 99999 Card postal code incorrect
Expiration date: 01/40 Card expiration date incorrect
Card number: 4000000000000002 Card declined number
PAN: 4000000000000010 Card on file auth declined

However, when i tried to create card (not payment) with above info, I always got a general error “Error [category=INVALID_REQUEST_ERROR, code=INVALID_CARD_DATA, detail=Invalid card data., field=source_id]”, instead of the msg for the specific error info as above table shows, is it the expected behavior of creating card?


I also tried the ones shown in API explorer, and the result looks the same

The behavior you’re experiencing with the Cards API is by design. When an error occurs, it intentionally provides a general error message rather than pinpointing the exact issue through field-specific errors. This design strategy is implemented as a security measure to safeguard against malicious attempts to exploit the system.

The rationale behind this approach is to obscure any potential hints that could be leveraged by bad actors to compromise the payment process. Specific error messages could inadvertently reveal insights into the API’s structure or validation mechanisms, which could then be manipulated for fraudulent activities. By limiting the error details provided, the API reduces the risk of such vulnerabilities being discovered and exploited.

In essence, the Cards API prioritizes the security of the transaction process by withholding detailed error information, thereby creating a more secure environment for all customers. :slightly_smiling_face: