Payment provider sandbox

Payments

Provider-neutral sandbox and payment intent readiness. Live payment remains disabled; this page only documents safe sandbox and future provider onboarding requirements.

sandbox onlylive payment disabledconfirmedlocked

No real payment initiation

Sandbox payment intent does not move money. Do not enter bank or card credentials. Real payments require a regulated provider, explicit operator consent, spend limits, payee controls, reconciliation, a kill switch, and audit logs.

Live bank action readiness

V4.1 architecture report only. It identifies what must exist before a reviewed first GBP 1 bank action; it does not enable live money movement.

ready for operator reviewopen banking pisplive provider calls disabledoperator review required

Regulated route

Selected

Consent model

Present

Payee controls

Present

Duplicate prevention

Present

First action cap

£1.00

Daily cap

£25.00

Ledger aligned

Yes

Active unresolved actions

0

Reconciliation before next

Clear

Kill switch

Active

Live payment

Disabled

Live execution

Disabled

Blockers before first real bank action

  • Live provider calls remain disabled.
  • Live payment remains disabled.
  • Live execution remains disabled.

Ledger aligned

pass

Discrepancy is GBP 0.00.

No active unresolved real action

pass

No active unresolved real actions exist.

Provider route selected

pass

Configured route type is open banking pisp.

Regulated provider route required

pass

A regulated Open Banking/PISP-style route is selected.

Provider sandbox adapter foundation present

pass

TrueLayer-style Open Banking/PISP sandbox adapter shape is present and mock-only.

TrueLayer sandbox client foundation present

pass

TrueLayer Payments API v3 sandbox client boundary is present and disabled by default.

Explicit consent required

pass

Payment intent inputs require operator consent text.

Payee controls required

pass

Local approved-payee metadata checks are present; no bank details are stored.

Duplicate prevention required

pass

Local duplicate-payment prevention checks active and recent app records.

First live action cap is GBP 1

pass

The hard first-live-action cap is GBP 1.00.

Daily cap safe

pass

Daily cap is GBP 25.00.

Single action cap safe

pass

Normal live-assisted single action cap is GBP 10.00.

Kill switch active

pass

Live kill switch remains active.

Reconciliation clear before next action

pass

No reconciliation blocker exists before the next action.

Live provider calls enabled state

fail

Live provider calls remain disabled.

Live payment enabled state

fail

Live payment remains disabled.

Live execution enabled state

fail

Live execution remains disabled.

TrueLayer sandbox client

TrueLayer Payments API v3 sandbox boundary. Sandbox HTTP is disabled by default; add sandbox credentials to BUILD env and explicitly enable sandbox HTTP before use.

ready for sandbox httpsandbox onlysandbox HTTP enabledno production

Provider

truelayer

Environment

sandbox

Base URL

https://api.truelayer-sandbox.com

Production allowed

No

Client id

Present

Client secret

Present

Merchant account

Present

Redirect URI

Present

Webhook URI

Present

Private key path

Present

Private key loadable

Yes

Key id

Present

Request signing

Ready

Sandbox call path

Ready

Webhook secret

Present

Raw secrets exposed

No

Next required action: add sandbox credentials to BUILD `.env`, set `SMALL_WINS_TRUELAYER_ENV=sandbox`, and enable sandbox HTTP only after operator approval. Live payment, live execution, provider ledger updates, and real money movement remain disabled.

Provider sandbox adapter

TrueLayer-style Open Banking/PISP sandbox adapter shape. This is local mock-only: no SDK, no credentials, no external HTTP, no ledger update, and no money movement.

truelayer sandbox shapesandbox mock onlyexternal HTTP disabledcannot move money

Provider mode

open banking pisp sandbox mock

Production enabled

No

SDK installed

No

Credentials

Not configured

Live provider calls

Disabled

Live payment

Disabled

Live execution

Disabled

First action cap

£1.00

Sandbox mock only

pass

Adapter shape is local mock-only and cannot call an external provider.

No credentials configured

pass

No provider credentials, tokens, certificates, or secrets are configured.

Live provider, payment, and execution disabled

pass

Live provider calls, live payment, and live execution remain disabled.

Provider ledger updates blocked

pass

Provider sandbox status cannot update the real ledger.

Regulated provider route decision

Local metadata-only decision layer. No regulated provider route is selected, and route selection cannot enable live money movement in this build.

metadata selectedopen_banking_pispmetadata onlylive calls disabled

Route selected

Yes

Regulated route

Selected

Selected route

open_banking_pisp

Can enable money

No

Live provider calls

Disabled

Live payment

Disabled

Live execution

Disabled

Kill switch

Active

Manual external onlynot regulated bank routedisabled in this build

manual external

Operator pays outside the app and records evidence manually.

Can initiate payment: no, Provider contract: not required, First-live-bank-action: not suitable

Open Banking PISPregulated bank routedisabled in this build

open banking pisp

Future regulated Open Banking payment initiation route.

Can initiate payment: no, Provider contract: required, First-live-bank-action: possible later after approval

Card or prepaid providernot regulated bank routedisabled in this build

card or prepaid

Future card or prepaid provider route, not a bank route in this build.

Can initiate payment: no, Provider contract: required, First-live-bank-action: not suitable

Bank transfer manual referencenot regulated bank routedisabled in this build

manual bank transfer

Manual transfer with operator-entered evidence and reference.

Can initiate payment: no, Provider contract: not required, First-live-bank-action: not suitable

First live action controls

Local controls for a future reviewed GBP 1 bank action. These checks store no bank details, do not call providers, and cannot move money.

operator review requiredhard cap GBP 1cannot move moneylive execution disabled

Payee controls

Present

Duplicate prevention

Present

First live cap

£1.00

Operator review

Required

App can move money

No

Live provider calls

Disabled

Live payment

Disabled

Live execution

Disabled

Planned payee label required

A non-sensitive planned payee label must be captured before review.

Stores sensitive bank details: no

Planned payee reference required

A non-sensitive planned payee/reference must be captured before review.

Stores sensitive bank details: no

Provider readiness

No live provider calls are enabled.

provider not configuredsandbox/stublive payment disabled

Sandbox providers

4

Stub/live-disabled providers

4

Operator confirmed

No

Kill switch active

Yes

Sandbox provider status: all listed providers stay sandbox-capable.

Stub/live-disabled provider status: all listed providers stay live-disabled.

Explicit note: no live provider calls are enabled.

Provider automation foundation

Sandbox-only provider automation. No app money movement and no live provider calls.

sandbox-only readylive provider calls disabledapp money movement disablednext cap £1

Live-assisted mode

Enabled

Ledger aligned

Yes

Discrepancy

£0.00

No active unresolved action

Yes

Live payment

Disabled

Live execution

Disabled

Live provider calls

Disabled

Next readiness

ready for next manual action review

Readiness checklist

Live-assisted mode enabled

pass

Live-assisted mode is enabled.

Ledger aligned and discrepancy zero

pass

Discrepancy is GBP 0.00.

No active unresolved real action

pass

No active unresolved real actions exist.

App money movement disabled

pass

App money movement remains disabled.

Live provider calls disabled

pass

Live provider calls remain disabled.

Live payment disabled

pass

Live payment remains disabled.

Live execution disabled

pass

Live execution remains disabled.

Next manual action cap is GBP 1

pass

The next manual action cap remains GBP 1.00.

Next readiness is ready for review

pass

Next readiness is ready for the next manual action review.

Confirmed opening balance

£175.00

App ledger balance

£173.00

Discrepancy

£0.00

Live payment status

Disabled

Payment providers

Manual no payment providersandbox enabledlive disabled

Provider mode: none

Requires explicit consent: yes

Allowed funding modes: manual_spend_required, no_funding_required

Required operator fields: payeeLabel, payeeReference, operatorConsentText

Operator pays outside the app. No live payment rail is connected. This provider is manual only.

Mock payment provider sandboxsandbox enabledlive disabled

Provider mode: provider sandbox

Requires explicit consent: yes

Allowed funding modes: no_funding_required, manual_spend_required, payment_provider_required

Required operator fields: amount, payeeLabel, payeeReference, operatorConsentText

Sandbox only and local to the app. No real payment provider is contacted. No ledger entry is created by the sandbox itself.

Open Banking PISP stubsandbox enabledlive disabled

Provider mode: open banking pisp required

Requires explicit consent: yes

Allowed funding modes: payment_provider_required, open_banking_required_later

Required operator fields: amount, payeeLabel, payeeReference, operatorConsentText

Future regulated Open Banking path only. No real Open Banking connection exists yet. Explicit consent would be required before any live payment.

Card or prepaid provider stubsandbox enabledlive disabled

Provider mode: payment intent required

Requires explicit consent: yes

Allowed funding modes: payment_provider_required

Required operator fields: amount, payeeLabel, payeeReference, operatorConsentText

Future card or prepaid provider path only. No card numbers or CVV are stored here. Live payments remain disabled in this build.

What is needed before live money movement

  • Chosen regulated provider or provider account.
  • Sandbox credentials for testing only.
  • Production credentials later, after review and approval.
  • Explicit operator approval and consent.
  • Spend limits and payee controls.
  • Transaction status reconciliation.
  • Kill switch and manual override.
  • Audit log coverage for all payment state changes.
  • Refund and return handling.

Live payment disabled

Live payment is not connected

This build can draft sandbox payment intents only. Live provider onboarding is a future step.

Current real float

Confirmed opening balance is the real float baseline. App ledger balance is the tracked balance. The discrepancy should remain zero when these are aligned.

Starting bankroll baseline: £175.00