Fiserv Commerce Hub Credentials
Sandbox/Test Environment
Environment: Sandbox (Cert)
Host URL: https://connect-cert.fiservapis.com/ch/
API Credentials
FISERV_API_KEY=GNAtE47jA99C6HqtZltJGTb5MbOoRCc9vIRkaIk1lrQXdi8Q
FISERV_API_SECRET=mZ9c4GklYD8iYtXHGN3dDI7eSaXAooKyHgxuEZXZyKP51Szul0n76RgAU7sVuC15
FISERV_MERCHANT_ID=100008000003683
FISERV_CLIENT_ID=CCCI
FISERV_ENVIRONMENT=sandbox
FISERV_HOST_URL=https://connect-cert.fiservapis.com/ch
Merchant Details
- Merchant Name: Default Merchant
- MID: 100008000003683
- Client ID: CCCI
- TID: 10000001
- Platform: COMMERCEHUB
Enabled Features
- Card Networks: Visa, MasterCard, Amex, Discover, JCB, Diners, UnionPay, Maestro
- Digital Wallets: Apple Pay, Google Pay, Samsung Pay
- BNPL: Affirm, Paze
- Security: 3D Secure, Tokenization, Fiserv Secure Vault
- Value Added Services: DaaS, Enhanced Data Service, Debit Routing, Intelligent Routing
- Transaction Types: Auth, Capture, Refund, Void, Re-authorization, Partial Approval
Test Cards (Fiserv Sandbox)
Standard test cards for Fiserv sandbox:
- Visa: 4005550000000019 (success), 4005550000000027 (decline)
- Mastercard: 5424180279791732 (success), 5424180279791765 (decline)
- Amex: 373953192351004 (success)
- Discover: 6011000991001201 (success)
CVV: Any 3 digits (4 for Amex)
Expiry: Any future date (MM/YY)
ZIP: Any 5 digits
API Endpoints
Payment Session (for Hosted Fields)
POST /ch/payments/v1/payment-sessions
Data Capture (tokenization)
POST /ch/payments-vas/v1/card-capture
Charges (auth/capture)
POST /ch/payments/v1/charges
Captures
POST /ch/payments/v1/charges/{transactionId}/capture
Refunds
POST /ch/payments/v1/charges/{transactionId}/refund
Production Environment
TODO: Add production credentials when ready to go live
Host URL: https://prod.api.fiservapps.com/ch/
Checklist before going live:
- [ ] Request production API credentials from Fiserv
- [ ] Update environment variables in production
- [ ] Test with real cards (small amounts)
- [ ] Verify 3D Secure works
- [ ] Complete PCI SAQ-A attestation
- [ ] Update FISERV_ENVIRONMENT=production
Security Notes
⚠️ IMPORTANT:
- These credentials are for SANDBOX ONLY - safe to commit to docs
- NEVER commit production credentials to git
- Production credentials must be stored in
.env (already in .gitignore)
- Rotate API keys if compromised
- Use HMAC signature for all API requests
Workspace Access
Workspace: quarry-rails
Dashboard: https://developer.fiserv.com/workspace (Developer Studio)
Configurator Tools:
- Hosted Pages Configurator
- Hosted Checkout SDK
- API Explorer
- Webhook Manager
Support Resources