A

Merchant Configuration

A-1

Validate API credentials - Client ID

Merchant's API credentials (Client ID and Client Secret) are present and valid in the Flexiti Developer Portal

Merchant is able to successfully authenticate with Flexiti API using these credentials

A-2

Validate API credentials - Client Secret

Merchant's API credentials (Client ID and Client Secret) are present and valid in the Flexiti Developer Portal

Merchant is able to successfully authenticate with Flexiti API using these credentials

A-3

Validate API Base URL is referencing correct Flexiti environment 

Merchant's environment should reference the correct Flexiti environments

• Merchant Integration API requests are sent to https://posapi-mi.flexiti.fi/flexiti/pos-api/

• Training API requests are sent to https://posapi-training.flexiti.fi/flexiti/pos-api/

• Production API requests are sent to https://posapi.flexiti.fi/flexiti/pos-api/

A-4

Validate Disclaimers and Links

Verify that all disclaimers, pdfs, and links are working correctly

Verified by Marketing Team

A-5

Validate Field Lengths

Compare accepted field lengths with parameter lengths

Verified by Implementation Team

A-6

Verify that any merchant-scope API calls are made from the Merchant Server-side (i.e. POST oauth/token, /capture, GET /authorizations, /captures, /lookup, /search)

Ensure that all API Endpoints that require a merchant scope are made from the server-side

Verify that any merchant scope API calls are made from the merchant server-side

A-7

Verify that the APIs are called with the correct scope

Verify that the following API endpoints are called with the “customer” scope:

• POST /client-id/{client_id}/

• i18n

• GET /client-id/{client_id}/

• terms-and-conditions

• POST /client-id/{

• client_id}/

• customers/driverslicense

• POST /client-id/{

• client_id}

• widget/init

• POST /client-id/{

• client_id}/

• apply

• POST /client-id/{

• client_id}/

• accounts/{

• account_number}/

• close

• POST /client-id/{client_id}/accounts/{account_number}/

• calculate-interest

• POST /client-id/{

• client_id}/

• account/{account_number}/verify

• POST /client-id/{

• client_id}/authorization

Verified by Implementation Team

B

Merchant Authentication and Login

B-1

Unsuccessfully Authenticate with Flexiti's POS API - invalid client

Test Case: Access the API with

'client_id=xxxxxx'

POST /oauth/token - 400 - invalid_client

B-2

Unsuccessfully call an endpoint - Invalid token

Test Case: Call the /token endpoint to generate a token and then call a different endpoint after the "expires_in" value expires.

Any endpoint - 401 - unauthorized

B-3

Unsuccessfully call an endpoint - wrong scope

Test Case: Attempt to call the following endpoints with an token that has a “customer” scope:

• GET /client-id/{client_id}/customers/search

• GET /client-id/{client_id}/customers/lookup

• POST /client-id/{clientId}/authorization/{authorizationId}/release

• POST /client-id/{clientId}/authorization/{authorizationId}/capture

• POST /client-id/{clientId}/authorization/{authorizationId}/capture/{captureId}/return

• POST /client-id/{client_id}/accounts/{account_number}/refund

• GET /client-id/{clientId}/authorizations

• GET /client-id/{clientId}/authorization/{authorizationId}

• GET /client-id/{clientId}/captures

• GET /client-id/{client_id}/customers/search - 403 - forbidden

• GET /client-id/{

• client_id}

• /customers/lookup

• - 403 - forbidden

• POST /client-id/{clientId}/authorization/{authorizationId}/release - 403 - forbidden

• POST /client-id/{clientId}/authorization/{authorizationId}/capture - 403 - forbidden

• POST /client-id/{clientId}/authorization/{authorizationId}/capture/{captureId}/return - 403 - forbidden

• POST /client-id/{

• client_id}

• /

• accounts/

• {account_number

• }/refund - 403 - forbidden

• GET /client-id/{clientId}/authorizations - 403 - forbidden

• GET /client-id/{clientId}/authorization/{authorizationId} - 403 - forbidden

• GET /client-id/{clientId}/captures - 403 - forbidden

B-4

Any API call - Session time out

Test Case: 

{{pos_url}}/flexiti/pos-api/v2.5/client-id/{{client_id}}/

GET {{pos_url}}/flexiti/pos-api/v2.5/client-id/{{client_id}}/

customers/lookup?account_number=0001 - 504 - GATEWAY_TIMEOUT

B-5

Successfully Authenticate with Flexiti's POS API

Test Case: Use the correct “client_secret” and “client_id” from the Developer Portal to access the Flexiti API.

POST /oauth/token - 200

C

Customer Apply & Apply/Buy Flows

C-1

Apply & Apply/Buy - Widget - /init endpoint

C-1.1

Customer already has an account that needs to be to activated

Test Case:

{
    "customer_identification":

POST /client-id/{{client_id}}/widget/init - 200

C-1.2

Customer submits a new application

and Flexiti identifies the customer has an existing account.

Test Case:

POST /client-id/{{client_id}}/widget/init - 200

action: "purchase"
type: "flx-success"
verified: false

C-1.3

Customer submits a new application (widget)

Test Case: Use a new application payload but pass the key below as the middle name:

"middle_name": "A-RR_L"

POST /client-id/{{client_id}}/widget/init - 200

action: "apply"
type: "flx-success"
verified: true/false

Send the application payload through the POST /client-id/{client_id}/apply endpoint

C-1.4

New Flexiti user initiates and completes application flow - pending

Test Case: Use a new application payload but pass the key below as the middle name:

"middle_name": "P-CREDIT"

POST /client-id/{{client_id}}/widget/init - 200

action: "apply"
type: "flx-success"
verified: true/false

Send the application payload through the POST /client-id/{client_id}/apply

endpoint

C-1.5

New Flexiti user initiates and completes application flow - decline

Test Case: Use a new application payload but pass the key below as the middle name:

"middle_name": "D-CREDIT"

POST /client-id/{{client

_id}}

/widget/init - 200

action: "

flx-success"
verified: true/false

Send the application payload through the POST /client-id/{client_id}/apply endpoint

C-1.6

Customer submits a new application that will be declined due to a derogatory status’s on an existing account.

Test Case:

{
    "

POST /client-id/{{client_id}}/widget/init - 200

action: "apply"
type: "flx-success"
verified: false

Send the application payload through the POST /client-id/{client_id}/apply endpoint

C-1.7

Customer attempts an application but there is an IT related error.

To be performed with Flexiti Assistance.

Test Case: Use a new application payload but pass the key below as the middle name:

"middle_name": "

POST /client-id/{{client_id}}/widget/init - 409 -application_create_error

action: "retry"
type: "flx-success"
verified: false

C-1.8

Customer initiates and then fails verification

Test Case: Create Application with new information and enter 1111 as the pin 4 times.

POST /client-id/{{client_id}}/widget/init - 200

action: "apply"
type: "flx-success"
verified: false

Send the application payload through the POST /client-id/{client_id}/apply endpoint

C-2

Apply & Apply/Buy - Application - /apply

endpoint

C-2.1

Application submission fails - invalid inputs

 Test Case:

{
  "amount_requested": 5000,
  "phone_number": "5551231231",
  "language": "en-CA",
  "salutation": "mr",
  "first_name": "Garry",
  "middle_name": "",
  "last_name": "Blue",
  "dob": "1980-01-01",
  "address_1": "123 Any Street",
  "address_2": "Apt C",
  "city": "Montreal",
  "province": "QC",
  "postal_code": "A1A0H1",
  "monthly_housing_expenses": 1000,
  "input_type": "manual",
  "personal_income": "abc",
  "household_income": 223123,
  "housing_type": "Rent",
  "email": "email@address.com",
  "occupation_id": "FE",
  "occupation_title": "Baker",
  "employer_name": "Tasty Bakery",
  "employer_phone": "1231231231",
  "sin": "",
  "security_qid": "8",
  "security_answer": "Horse",
   "piw": "Cloud",
  "tos_agreement": true
}

POST /client-id/{client_id}/apply - 409 - "wrong_inputs"

{
    "url": "/flexiti/pos-api/v2.5/client-id/{client-id}/apply",
    "message": "Some inputs are wrong!",
    "error": "wrong_inputs",
    "field_errors": [
        {
            "param": "personal_income",
            "msg": "invalid",
            "value": "abc"
        }
    ]
}

C-2.2

Application submission fails - Terms and Conditions required

 Test Case: Any application where "tos_agreement": false

POST /client-id/{client_id}/apply - 409 -  "tos_agreement_required"

{
    "url": "/flexiti/pos-api/v2.5/client-id/{client-id}/apply",
    "message": "It has been following errors:",
    "error": "tos_agreement_required"
}

C-

2.3

New Flexiti user initiates and

completes application flow -

approval

 Test Case: Any application

with "middle_name": "

A-RR_L",

POST /client-id/{client

_id}/apply

- 200 - Approved response

C-2.4

New Flexiti user initiates and completes application flow - pending

 Test Case: Any application with "middle_name": "P-CREDIT",

POST /client-id/{client_id}/apply - 200 - Pending response

C-2.5

New Flexiti user initiates and completes application flow - decline

 Test Case: Any application with"middle_name": "D-

CREDIT",

POST /client-id/{client_id}/apply

- 200 - Declined response

C-3

Apply/Buy - Plan Section - /calculate-interest endpoint

See D-2

C-4

Apply/Buy - Purchase - /authorization endpoint

See D-3

D

Customer Buy Flow

D-1

Buy - Widget - /init endpoint

D-1.1

Customer initiates and then fails verification - account not found

Test Case:

• Account #: 1234

• flow: purchase

POST /client-id/{{client_id}}/widget/

init -

404 - not_found

{
    "url": "/flexiti/pos-api/v2.5/client-id/{client_id

D-2

Buy - Plan Section - /calculate-interest endpoint

D-2.1

Customer's Plans and Terms not displayed - account not found

Test Case:

• Account #: 1234

POST /pos-api/client-id/{client_id}/

accounts/{account_number}/calculate-interest - 404 - "not_found"

D-2.2

Customer's Plans and Terms displayed (QC Customer Account)

Test Case:

• Account #:

• 116991631

POST /pos-api/client-id/{

client_id}/accounts/{account_number}/

calculate-interest - 200

D-2.3

Customer's Plans and Terms displayed (ROC Customer Account)

Test Case: Merchant generated from test data in sandbox account

• Account #: 116991632

POST /pos-api/client-id/{client_id}

/accounts/{account_number}/calculate-interest - 200

D-3

Buy - Purchase - /authorization endpoint

D-3.1

Customer initiates and then

fails Flexiti authorization - not verified

Test Case:

1. Incorrectly input dynamic pin or security question and answer in the widget /init 3 times

2. Then attempt an authorization using that account

POST /client-id/{client-id}/authorization

- 409 - not_verified

D-3.2

Customer initiates and then fails

Flexiti authorization -

Account Number not found

Test Case:

Merchant generated from test data in sandbox account

• Account #: 1234

POST /client-id/{client

-id}/

authorization - 404 - not_found

D-3.3

Customer initiates and then fails Flexiti authorization -

user not able to purchase

Test Case: Merchant generated from test data in sandbox account

• FlexitiCard #: 2374980012865132

• Account #: 116991633

POST /client-id/{client-id}/authorization - 409 -

user_not_able_to_purchase

D-3.4

Customer initiates and then fails Flexiti authorization -

not

enough credit

Test Case: Merchant generated from test data in sandbox account

• Request an authorization amount larger than the test accounts open to buy

POST /client-id/{client-id}/authorization -

409 -

credit_

exceeded

D-3.5

Customer initiates and then fails Flexiti authorization -

invalid plan ID

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{client-id}/authorization - 409 -

plan_term_not_

set

D-3.5

Customer initiates and then fails Flexiti authorization -

invalid term

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{client-id}/authorization - 409 -

plan_term_not_set

D-3.7

Customer initiates and then fails Flexiti authorization -

plan

not available to customer

Test Case: Merchant generated from test data in sandbox account

• Account #: provided on request

POST /client-id/{client-id}/authorization - 409 - plan_term_not_

available

D-3.8

Customer

successfully performs a regular purchase authorization (QC Account)

Test Case: Merchant generated from test data in sandbox account

• Account #: provided on request

POST /client-id/{client-id}/authorization -

200

D-3.9

Customer successfully performs a promotional purchase authorization (QC Account)

Test Case: Merchant generated from test data in sandbox account

• Account #: provided on request

POST /client-id/{client-id}/authorization -

200

D-3.10

Customer successfully performs a regular purchase authorization (

ROC account)

Test Case: Merchant generated from test data in sandbox account

• Account #: provided on request

POST /client-id/{client-id}/authorization - 200

D-3.11

Customer successfully performs a promotional purchase authorization (

ROC Account)

Test Case: Merchant generated from test data in sandbox account

• Account #: provided on request

POST /client-id/{client-id}/authorization - 200

D-3.12

Response in "account_avs" with customer address matching values

Test Case: Merchant generated from test data in sandbox

account

POST /client-id/{client-id}/authorization - 200

D-3.13

Billing and Shipping Information should be separately passed in and matching the expected values

Test Case: Run an authorization where the billing and shipping information are not matching each other

POST /client-id/{client-id}/authorization - 200

Verify with the Flexiti implementation team that the request received has the different corresponding billing & shipping info.

D3.14

In-store pick-ups: If in-store pick-ups is desired for online, the shipping address passed in is the store address.

Test Case: Process a transaction for instore pickup (There’s no difference from the Flexiti API’s perspective)

POST /client-id/{client-id}/authorization - 200

Verify with the Flexiti implementation team & the merchant dev team that the shipping info received by Flexiti is that of the pick-up store info.

E

Merchant Order  Management

E-1

Unsuccessfully release an authorization - wrong transaction ID

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/release - not_found

E-2

Unsuccessfully release an authorization - total requested more than authorization

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/release - auth_amount_exceeded

E-3

Unsuccessfully release an authorization - authorization ended

Test Case: Merchant generated from test data in sandbox account with Flexiti assistance.

POST /client-id/{clientId}/authorization/{authorizationId}/release - authorization_ended

E-4

Unsuccessfully release an authorization - employee does not have permission

Test Case: Merchant generated from test data in sandbox account with Flexiti assistance

POST /client-id/{clientId}/authorization/{authorizationId}/release - not_permitted

E-5

Perform a full release of an Authorization

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/release - 200

E-6

Perform a partial release of an Authorization

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/release - 200

E-7

Unsuccessfully capture an authorization - customer not able to purchase

Test Case: Merchant generated from test data in sandbox account with Flexiti assistance.

POST /client-id/{clientId}/authorization/{authorizationId}/capture - 409 - not_permitted

E-8

Unsuccessfully capture an authorization - authorization not capturable

Test Case: Merchant generated from test data in sandbox account with Flexiti assistance.

POST /client-id/{clientId}/authorization/{authorizationId}/capture - 409 - not_permitted

E-9

Unsuccessfully capture an authorization - wrong authorization ID

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/capture - 404 - not_found

E-10

Unsuccessfully capture an authorization - amount greater than authorization

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/capture - 409 - auth_amount_exceeded

E-11

Fully Capture an authorization

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/capture - 200

E-12

Partially Capture an authorization

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/capture - 200

E-13

Unsuccessfully refund a captured regular purchase - customer account not found

Test Case:

Account #: 1234

POST /client-id/{client_id}/accounts/{account_number}/refund - 404 - not_found

E-14

Unsuccessfully refund a captured regular purchase - refund exceeds limit

Test Case: Merchant generated from test data in sandbox account with Flexiti assistance.

POST /client-id/{client_id}/accounts/{account_number}/refund - 409 - refunds_limit_exceeded_amount

E-15

Perform a full refund of a captured regular purchase

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{client_id}/accounts/{account_number}/refund - 200

E-16

Perform a Partial Refund of a captured regular purchase

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{client_id}/accounts/{account_number}/refund - 200

E-17

Unsuccessfully return a captured promotional purchase - wrong authorization ID

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/capture/{captureId}/return

E-18

Unsuccessfully return a captured promotional purchase - return exceeds limit

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/capture/{captureId}/return

E-19

Perform a full Return on a captured promotional purchase

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/capture/{captureId}/return - 200

E-20

Perform a Partial return of a captured promotional purchase

Test Case: Merchant generated from test data in sandbox account

POST /client-id/{clientId}/authorization/{authorizationId}/capture/{captureId}/return - 200

E-21

Unsuccessfully view list of Authorizations available for capture - wrong dates

Test Case: Merchant generated from test data in sandbox account

GET /client-id/{clientId}/authorizations - 409 - date_from_bigger_than_date_to

E-22

View a list of Authorizations available for capture

Test Case: Merchant generated from test data in sandbox account

GET /client-id/{clientId}/authorizations - 200

E-23

Unsuccessfully view an authorization - authorization not found

Test Case: Merchant generated from test data in sandbox account

GET /client-id/{clientId}/authorization/{authorizationId} - 409 - not_found

E-24

View an authorization

Test Case: Merchant generated from test data in sandbox account

GET /client-id/{clientId}/authorization/{authorizationId} - 200

E-25

Unsuccessfully View a list of captures - wrong dates

Test Case: Merchant generated from test data in sandbox account

GET /client-id/{clientId}/captures - 409 - date_from_bigger_than_date_to

E-26

View a list of captures

Test Case: Merchant generated from test data in sandbox account

GET /client-id/{clientId}/captures - 200