Test Cases
Complete all 30 test cases before submitting for integration certification. Use Aerosync Test Banks (MFA, OAuth, Security Question) for all widget tests.
Test cases marked ★ require screen recordings for certification submission.
Category 1: Authentication (TC-01 to TC-06)
| ID | Test Case | Expected Result | Validation Notes |
|---|---|---|---|
| TC-01 | Get Aeropay token with valid credentials (scope: merchant, valid api_key, api_secret, merchantId) | HTTP 200, token returned with TTL 1800 | Confirm token is JWT format. Verify expiry handling logic. |
| TC-02 | Get Aeropay token with invalid api_secret | HTTP 401, AC-101 returned | Confirm your error handler catches and logs AC-101. |
| TC-03 | Get Aerosync API token with valid apiKey and apiSecret | HTTP 200, token returned with TTL 1800 | This token is for server-side data API calls — distinct from the widget token. |
| TC-04 | Get widget token with valid aeroPassUserUuid | HTTP 200, widget JWT and userId returned | Confirm aeroPassUserUuid passed is from your DB, not hardcoded. |
| TC-05 | Call GET /accounts with an expired API token (simulate by using a token past its 1800s TTL) | HTTP 403, AC-001 returned | Verify your token refresh logic kicks in and retries the call. |
| TC-06 | Call GET /accounts with no Authorization header | HTTP 403, AC-001 returned | Ensure all API calls include Authorization: Bearer <token>. |
Category 2: Bank Linking (TC-07 to TC-14)
| ID | Test Case | Expected Result | Validation Notes |
|---|---|---|---|
| TC-07 ★ | Create new AeroPass user and launch widget — link Aerosync Bank (MFA) | Widget renders, user authenticates, onSuccess fires with connectionId | Record full screen capture for certification. Verify connectionId stored in DB. |
| TC-08 ★ | Launch widget for returning user (existing aeroPassUserUuid) — link Aerosync Bank (OAuth) | Widget shows returning user experience, OAuth external window opens and closes | deeplink required for mobile. Verify OAuth redirect and closure. |
| TC-09 ★ | Launch widget — link Aerosync Bank (MFA Trigger). Credentials: mxuser / challenge / MFA: correct | Security question displays, user answers correctly, onSuccess fires | Record for certification. Verify no crash on security question page. |
| TC-10 | User closes widget without completing bank link (onClose event) | onClose fires, no connectionId produced, UI handles gracefully | Confirm no orphaned state in your app. Ensure retry UI is surfaced. |
| TC-11 | Launch widget with invalid or expired widget token | Widget shows error state, onError fires | Verify onError handler logs the error. Implement token refresh before retry. |
| TC-12 | Launch widget with handleMFA: true but missing jobId | Widget does not launch correctly or onError fires | Validate that both jobId and connectionId are present before launching MFA widget. |
| TC-13 | Retrieve account details (GET /accounts) after successful bank link | HTTP 200, accountNumber, routingNumber, connectionStatus: "CONNECTED" returned | Check accountNumberType field. Note canFetchBalance value for job tests. |
| TC-14 | Call GET /accounts with an invalid connectionId | HTTP 404, AC-102 returned | Verify error is caught and user sees an appropriate message, not a blank screen. |
Category 3: Aggregation Jobs (TC-15 to TC-22)
| ID | Test Case | Expected Result | Validation Notes |
|---|---|---|---|
| TC-15 | Create balance refresh job (POST /refresh) and poll to COMPLETED | jobStatus: COMPLETED within ~10–15 seconds, mfaTriggered: false | Confirm polling interval ≤ 3 seconds. Log all intermediate statuses. |
| TC-16 ★ | Trigger balance refresh that generates MFA_REQUIRED status, then re-launch MFA widget to completion | mfaTriggered: true detected, MFA widget launches, user completes, job advances to COMPLETED | Use Aerosync Bank (MFA) for this test. Record full flow for certification. |
| TC-17 | Create transaction history job (POST /transactions) and poll to COMPLETED | jobStatus: COMPLETED, transaction list returned with date, amount, description fields | Verify at least 1 transaction is returned for the test bank. |
| TC-18 | Create identity job (POST /identity) and poll to COMPLETED | jobStatus: COMPLETED, account holder name and address returned | Confirm identity data maps to your internal schema. |
| TC-19 | Attempt to create two concurrent identity jobs on the same connectionId | Second job returns HTTP 409, AC-112 Conflict | Implement a job-state guard in your backend to prevent duplicate concurrent jobs. |
| TC-20 | Create balance refresh job — simulate timeout by capping at 30 poll attempts without COMPLETED | Your timeout logic fires, user sees error state | Verify timeout does not crash the app. Confirm retry UI is offered to the user. |
| TC-21 | Attempt POST /refresh on a manually linked bank account | HTTP 405, AC-107 returned | Use connectionMethod from GET /accounts to detect manual links and skip this call proactively. |
| TC-22 | Call GET /job/{jobId} with an invalid jobId | HTTP 404, AC-109 returned | Verify your polling loop exits cleanly on 404 and does not infinite-loop. |
Category 4: Data Retrieval (TC-23 to TC-26)
| ID | Test Case | Expected Result | Validation Notes |
|---|---|---|---|
| TC-23 | Retrieve balance after COMPLETED refresh job (GET /balance) | HTTP 200, current balance amount returned | Confirm response includes both current and available balance if the FI provides both. |
| TC-24 | Retrieve transaction history after COMPLETED job (GET /transactions) | HTTP 200, array of transaction objects with date, amount, currency, description | Validate date formats are ISO 8601. Check for null/empty description handling. |
| TC-25 | Retrieve identity data after COMPLETED identity job (GET /identity) | HTTP 200, holder name, address, and email returned | Confirm field completeness. Some FIs may omit email — handle gracefully. |
| TC-26 | Call GET /balance when canFetchBalance is false | HTTP 400 or empty response | Check canFetchBalance before calling. Prevents unnecessary job triggers. |
Category 5: Edge Cases & Resilience (TC-27 to TC-30)
| ID | Test Case | Expected Result | Validation Notes |
|---|---|---|---|
| TC-27 | Simulate connectionExpiry approaching — launch reconnection widget before expiry | Reconnection widget renders, user re-authenticates, connectionStatus returns to CONNECTED | Monitor connectionExpiry via a background job. Alert your system at the 48-hour threshold. |
| TC-28 | Submit MFA answer after MFA session has expired (AC-110) | HTTP 405, AC-110 returned | Re-trigger the job and re-launch MFA widget from scratch. Do not attempt to resume the expired session. |
| TC-29 | Attempt to get widget token without first creating an AeroPass user (missing aeroPassUserUuid) | HTTP 400 or 401 from widget token endpoint | Confirm your onboarding flow always creates the AeroPass user before any widget launch. |
| TC-30 | Trigger a balance job and confirm job.balance webhook received at your endpoint with valid HMAC-SHA256 signature | Webhook received within 30 seconds of job completion, signature validates | Use Aeropay's test webhook endpoint to confirm delivery. Log raw payload + signature for debugging. |
Updated 28 days ago