Back to blog
Payment Gateway Notes · 13 min read

Debugging Midtrans Snap: Keys, Expiry, Webhooks, and Ngrok

A practical debugging note from integrating Midtrans Snap, covering unauthorized errors, expiry payloads, webhook URLs, and ngrok.

Midtrans Snap looks simple on paper: configure keys, send a request to the Snap API, receive a token, and redirect the customer. In practice, small details can break the flow and each error points to a different layer.

An unauthorized error often means the key and environment do not match. Sandbox keys should call sandbox endpoints, and production keys should call production endpoints. In Laravel, it is also important to make sure the application is reading the expected configuration value, especially when config caching is involved.

The expiry.duration error taught me that providers can be strict about payload types. A value that looks like a number may still be sent as a string if we are not careful. This is where structured data objects and explicit casting help keep provider payloads predictable.

Ngrok introduced another lesson. The notification URL must point to the actual webhook endpoint, not only the tunnel domain. If the provider is given the wrong path, the request will never reach the controller that understands payment notifications.

The most useful habit from this process is classifying errors. A 401 usually means authorization or keys. A 400 usually means payload. A 404 usually means route or URL. A timeout usually means connection or tunnel. Once errors are grouped this way, debugging becomes much calmer.

Related articles

More reading around a similar topic.