By referring to the link Sandbox Payments, I noticed below card info to simulate error in sandbox env.
Test values
Desired error state
CVV: 911
Card CVV incorrect
Postal code: 99999
Card postal code incorrect
Expiration date: 01/40
Card expiration date incorrect
Card number: 4000000000000002
Card declined number
PAN: 4000000000000010
Card on file auth declined
However, when i tried to create card (not payment) with above info, I always got a general error “Error [category=INVALID_REQUEST_ERROR, code=INVALID_CARD_DATA, detail=Invalid card data., field=source_id]”, instead of the msg for the specific error info as above table shows, is it the expected behavior of creating card?
The behavior you’re experiencing with the Cards API is by design. When an error occurs, it intentionally provides a general error message rather than pinpointing the exact issue through field-specific errors. This design strategy is implemented as a security measure to safeguard against malicious attempts to exploit the system.
The rationale behind this approach is to obscure any potential hints that could be leveraged by bad actors to compromise the payment process. Specific error messages could inadvertently reveal insights into the API’s structure or validation mechanisms, which could then be manipulated for fraudulent activities. By limiting the error details provided, the API reduces the risk of such vulnerabilities being discovered and exploited.
In essence, the Cards API prioritizes the security of the transaction process by withholding detailed error information, thereby creating a more secure environment for all customers.
