Skip to main content
Together
Sign in

Sandbox

Every live organisation has a paired sandbox. Use it to build against the API without touching production data, donors, or live Stripe charges.

How pairing works

  • Each live organisation ships with a paired sandbox at slug {live-slug}-sandbox. For example, acme pairs with acme-sandbox.
  • The sandbox is a real Organisation row with isSandbox: true that points back to the live organisation. Data is fully isolated: the sandbox does not mirror or sync with live.
  • Access inherits. If you have a role on the live organisation, you have the same role on its sandbox. No separate users, no extra invites.
  • Sandboxes are seeded with a small deterministic dataset (one donor, one donation) so you have something to list and fetch immediately. Generate more via the API as you need it.

Switching in the UI

Open /settings/api and use Switch to sandbox / Switch to live at the top of the page. The switch is session-scoped via a pc_active_org cookie. Your home organisation is unaffected, and your teammates are unaffected.

  • While in sandbox, a persistent banner reminds you which context you're in.
  • The server re-verifies the cookie against your access on every request, so a stale or spoofed value cannot grant access to an unrelated organisation.

Using the sandbox from the API

API keys are scoped to the organisation they were created in. The simplest flow is:

  • Switch to sandbox at /settings/api.
  • Create a key there.
  • Call the API with that key. The key itself is tagged to the sandbox organisation, so no separate slug header is needed.
curl -sS https://alltogether.giving/api/v1/donors \
  -H "Authorization: Bearer pc_sandbox_key_here"

Stripe test mode

Sandboxes are wired to Stripe test mode. Any PaymentIntent, Checkout Session, or webhook touched by sandbox flows uses test keys, so:

  • You can exercise 4242 4242 4242 4242 and the rest of the test card family freely.
  • No live customer is ever charged.
  • Disclosure and cap calculations run the same way as live. The numbers you see in sandbox mirror production logic against test data.
Platform fees are not collected in sandbox, but fee calculation still runs. Use it to verify your integration expects the right application_fee_amount.

Rate limits and idempotency

Sandbox has its own rate limit budget and its own idempotency namespace. A hot retry loop in sandbox cannot exhaust your live quota, and because idempotency records are scoped per organisation, an Idempotency-Key used in sandbox does not collide with the same string in live.

What's gated off

  • Sandbox does not send outbound email. Flows that would notify a donor or admin are no-oped and logged.
  • Sandbox does not count toward your seat, donation, or plan entitlements.
  • Stripe Connect onboarding is blocked in sandbox, and platform subscriptions do not apply: every product is entitled for free under the synthetic sandbox attribution. Billing runs on the live organisation only.

Related

  • Quickstart: the two-minute path from zero to a successful API call.
  • Rate limits: sandbox and live budgets are independent.