A 401 error means your API key is incorrect or improperly formatted. Double-check your key and verify the formatting in the Authorization header. When using Basic Auth, include a trailing colon after your API key (e.g., YOUR_API_KEY:). The colon separates the username from the empty password field. Make sure there are no extra spaces or characters.

This means the payment method has not been activated on your account. Each payment method requires activation before use. Contact your Cost+ account manager or enable it in the Merchant Portal under Settings, then Payment Methods. Only use payment methods you have been approved for.

Use these test cards in sandbox mode with any future expiry date and any 3-digit CVC: 4111 1111 1111 1111 (Visa, Success), 5544 3300 0000 0037 (Mastercard, Success), 4462 0300 0000 0000 (Visa, Success), 4111 1111 1111 1105 (Visa, Do Not Honor), 4111 1111 1111 1143 (Visa, Stolen Card), 4111 1111 1111 1151 (Visa, Insufficient Funds). These only work with sandbox API keys.

If your webhook endpoint does not respond with a 2xx status code, Cost+ retries up to 10 times, spaced 2 minutes apart. The first attempt times out after 4 seconds, subsequent retries time out after 10 seconds. After 10 failed retries, the webhook event is marked as failed but the order status remains retrievable via the API. Always ensure your endpoint responds quickly with a 200 status code.

Orders have six statuses. Non-terminal (can still change): "new" (freshly created, no payment initiated), "processing" (payment attempt underway, customer may be completing 3DS), "error" (payment failed, customer can retry). Terminal (final): "completed" (successful payment, ready for fulfillment), "cancelled" (user or API-initiated cancellation), "expired" (no successful payment within the expiration window, default 30 minutes).

You can reach our support team at support@costplus.io. Our Help Desk is available at helpdesk.costplus.io. Developer documentation is at docs.costplus.io. Support hours are 09:00 - 17:00 CET.