Skip to main content

SATIM Certification Checklist

Use this checklist before SATIM validation submission.

1. Pre-Certification Test Matrix (Developer + QA)

These are the mandatory tests that the developer and QA teams should perform before requesting SATIM certification.

1.1 Platform and UI Validation

  • SSL security certificate is valid on merchant pages -> Expected: Compliant
  • Final payable amount is clearly emphasized (example: Amount: 5966.56 DZD) -> Expected: Compliant
  • Online payment terms and sale conditions are displayed -> Expected: Compliant
  • Captcha is present on the page containing SATIM payment button -> Expected: Compliant
  • CIB/EDAHABIA logo is visible on SATIM redirect button -> Expected: Compliant
  • Language is consistent across checkout, redirect, return page, receipts, and error messages -> Expected: Compliant

1.2 Return Page Validation

  • Display JSON parameter respCode_desc -> Expected: Compliant
  • Display SATIM transaction identifier orderId -> Expected: Compliant
  • Display merchant order number orderNumber -> Expected: Compliant
  • Display authorization code approvalCode -> Expected: Compliant
  • Display transaction date and time -> Expected: Compliant
  • Display payment amount -> Expected: Compliant
  • Display payment method CIB/EDAHABIA -> Expected: Compliant
  • Display SATIM support number 3020 -> Expected: Compliant
  • SATIM support message and SATIM logo are always displayed together (never one without the other) -> Expected: Compliant
  • If respCode_desc is empty, display actionCodeDescription -> Expected: Compliant
  • Receipt actions available (print, PDF download, PDF email sending) -> Expected: Compliant

1.3 Connectivity and Card Test Scenarios

  • Verify SATIM-to-merchant server connectivity -> Expected: Connection established
  • Online payment with valid CIB card -> Expected: Payment accepted
  • Online payment with temporarily blocked CIB card -> Expected: Payment rejected
  • Online payment with lost CIB card -> Expected: Payment rejected
  • Online payment with stolen CIB card -> Expected: Payment rejected
  • Online payment with invalid expiry date -> Expected: Payment rejected
  • Online payment with non-existing card on issuer server -> Expected: Payment rejected
  • Online payment with card limit exceeded -> Expected: Payment rejected
  • Online payment with insufficient funds -> Expected: Payment rejected
  • Online payment with invalid CVV2 -> Expected: Payment rejected
  • Online payment with invalid password -> Expected: Payment rejected
  • Online payment with max invalid password attempts exceeded (3 failed tries) -> Expected: Payment rejected
  • Card not authorized for online payment service -> Expected: Payment rejected
  • Card inactive for online payment service -> Expected: Payment rejected
  • Online payment exceeding terminal amount limit -> Expected: Payment rejected
  • Online payment with expired card -> Expected: Payment rejected
  • Refund via SATIM platform interface -> Expected: Transaction refunded
  • Cancellation via SATIM platform interface -> Expected: Transaction cancelled

2. Team Coordination Checklist

  • Frontend and backend teams coordinate planning, integration, and testing throughout the SATIM implementation.
  • API contracts and payload formats are aligned between teams before end-to-end testing.
  • Joint test sessions are executed for redirect, acknowledge, return-page behavior, and receipt generation before SATIM review.

3. Backend Checklist

  • register.do is never called before persisting a payment_attempts row with status initiated.
  • orderNumber is always alphanumeric and exactly 10 characters.
  • Amount is always converted to centimes before sending to SATIM.
  • Business amounts are stored as decimal values with 2-digit precision (not integers).
  • Raw register request/response payloads are stored.
  • Raw acknowledge request/response payloads are stored.
  • Acknowledge success logic validates all conditions:
    • ErrorCode = 0
    • params.respCode = "00"
    • OrderStatus = 2
  • Backend maps SATIM acknowledge outcomes to gateway_success_message / gateway_error_message using the same accepted/rejected logic as return-page rules.
  • A transactions row is always persisted, even when acknowledge fails.
  • Credentials are server-side only.
  • Receipt is generated once after final confirmation, persisted (or stored by reference), and reused on later requests (no per-request regeneration).

4. Frontend Checklist

  • Payment pages are served over valid SSL/TLS.
  • Final amount is clearly emphasized.
  • Captcha exists on the page containing the SATIM payment button.
  • CIB/EDAHABIA logo is visible on the SATIM payment button.
  • Terms and conditions are displayed before payment and explicitly accepted by customer.
  • SATIM redirection opens in an independent browser context.
  • Language remains consistent across checkout, redirect, and return flow.

5. Return Page Checklist

5.1 Accepted Payment (respCode=00, ErrorCode=0, OrderStatus=2)

  • Display respCode_desc.
  • Display orderId.
  • Display orderNumber.
  • Display approvalCode.
  • Display transaction date/time.
  • Display paid amount and currency.
  • Display payment method (CIB/EDAHABIA).
  • Display SATIM support number 3020 with SATIM logo.

5.2 Rejected Payment

  • If respCode=00, ErrorCode=0, OrderStatus=3: display the localized rejection message (based on user selected language), and support 3020 with SATIM logo.
  • Otherwise: display respCode_desc, and if empty display actionCodeDescription, then support 3020 with SATIM logo.

6. Receipt Checklist

  • Print receipt action available.
  • Download receipt as PDF action available.
  • Send receipt by email as PDF action available.
  • For multilingual SATIM implementations, receipt generation is available in all supported platform languages.
  • Receipt file/content is generated once and persisted; print/download/email actions must reuse the persisted receipt.