Skip to main content

Developers: Sandbox

The Developer Sandbox lets merchants test selected public API scenarios from the dashboard before wiring an integration into production code.

Execution Model

Sandbox runs call the real public API surface under /api/public/v1.

Use test mode for executable sandbox runs.
Use live mode only for generated code samples unless your team explicitly enables live execution later.
The dashboard does not save pasted API tokens.
Public API request logs still record authenticated sandbox calls.

Supported Scenarios

The sandbox uses an allowlist of scenarios instead of arbitrary URLs:

list supported payment countries
resolve merchant handle
resolve store by merchant handle and store slug
read FX rates
convert currency

This keeps the sandbox useful without turning it into an unsafe request tool.

Token Handling

Use a test publishable, secret, or system key depending on the scenario scope.

Rules:

never paste live secrets unless live execution is explicitly approved
rotate a token if it was exposed outside the intended developer workflow
use request logs to verify status, mode, latency, and request IDs

Code Samples

Every scenario generates cURL and TypeScript examples with:

Authorization: Bearer <token>
X-EshopOS-Mode: test|live
the resolved public API URL

Copy the sample into your integration and replace the placeholder token with a server-side secret or browser-safe publishable key as appropriate.

Execution Model
Supported Scenarios
Token Handling
Code Samples