Sandbox cookbook
Fully-independent deployment of the Public API. Separate DB. Stripe always in test mode. Outbound SMS/email disabled.
Seeded dataset
Every fresh sandbox org has the same canonical rows so docs samples keep working after a reset:
| ReferenceId | Debtor | |
|---|---|---|
| DBR-001 | Ava Harris | ava.harris@example.com |
| DBR-002 | Ben Singh | ben.singh@example.com |
| DBR-003 | Carla Tan | carla.tan@example.com |
| DBR-004 | Dan Murphy | dan.murphy@example.com |
| DBR-005 | Ella Nguyen | ella.nguyen@example.com |
Plus 8 debts (amounts 1250 / 4800 / 320.50 / 12750.75 / 990 / 6200 / 75 / 2400) across those debtors with external account ids ACCT-0001…0008.
Reset policy
Sandbox orgs idle >7 days get wiped and reseeded. Hit Reset sandbox in the dashboard to force-reset on demand. Wiped: debts, debtors, transactions, documents, webhook deliveries. Preserved: the org row, branding, API keys, webhook config.
Walking the killer flow
The debtor walkthrough page links you straight into the same screens your production debtors see, but against sandbox data. The flow:
- Verify — DOB + last-4 phone match.
- Review — debt summary card.
- Accept — 3 confirmations or branch to hardship.
- Plan — pick from auto-generated instalment options.
- Payment — Stripe test-mode card form.
- Sign — typed signature commits the binding plan.
- Done — receipt +
debt.acceptedwebhook fires.
What sandbox does differently
- Stripe always test mode. Use Stripe's test card numbers.
- Outbound notifications disabled. Webhooks still fire — that's the point.
- Rate limits generous (3600/h, 50000/d).
- Auth only accepts
ak_test_…keys.
The fine print
Sandbox is governed by separate terms.
No SLA, no compatibility guarantees, no real-money flows, and we reserve the right to revoke
your keys / suspend your tenant / block your IP without notice. Full text:
sandbox terms of service.