Skip to main content

Environments: Sandbox and Live

Azotte provides two operational environments so teams can build safely and go live with confidence:

  • Sandbox for development, integration, and QA
  • Live for real customer traffic and production billing

Both environments use the same platform model and APIs, but they are isolated from each other.

Why Two Environments

Environment separation reduces production risk:

  • Build and validate integration flows without impacting real customers
  • Test subscription, payment, and webhook behavior in a safe space
  • Promote a verified configuration to production with controlled rollout

Sandbox Environment

Sandbox is designed for engineering and testing workflows.

Use Sandbox to:

  • Validate tenant and storefront configuration
  • Test checkout and subscription lifecycle handling
  • Verify webhook processing and idempotency logic
  • Exercise failure handling, retries, and recovery paths

Sandbox characteristics:

  • Uses development API keys (pk_dev_, sk_dev_)
  • Uses non-production data
  • Suitable for automated tests, staging checks, and UAT

Live Environment

Live is the production environment used for real transactions.

Use Live when:

  • Your integration has passed Sandbox validation
  • Webhook processing, monitoring, and alerting are in place
  • Payment and fiscalization configurations are production-ready

Live characteristics:

  • Uses production API keys (pk_live_, sk_live_)
  • Handles real customers, subscriptions, payments, and invoices
  • Requires strict operational controls and incident response readiness

Isolation Rules

Sandbox and Live are separated at the platform boundary.

  • API keys are environment-scoped and not interchangeable
  • Data does not sync automatically between Sandbox and Live
  • Webhook endpoints should be environment-specific
  • Configuration changes should be repeated and verified per environment

Integration Pattern

Recommended pattern:

  • Keep separate credentials per environment
  • Keep separate webhook endpoints and secrets per environment
  • Keep separate monitoring dashboards and alert thresholds

Go-Live Readiness Checklist

Before switching traffic to Live, confirm:

  • Authentication uses production keys only
  • Tenant and storefront settings are reviewed in Live
  • Payment provider and fiscalization provider are configured for production
  • Webhook signature validation and retry handling are verified
  • Observability is in place for payments, subscriptions, and webhooks
  • Operational runbooks exist for failures and key rotation