Test environment · Free

Sandbox

You can start using our Sandbox environment right now, no need to contact us. Feel free to test our service and integrate with our API. If you have any questions, just send them to help@starkbank.com, we will answer you quickly, pinky promise. We are here to help you integrate with us ASAP.

About our Sandbox environment

Emulates production exactly

Same endpoints, same schemas, same error codes — only the credentials and base URL change.

Isolated server and database

Everything you create in Sandbox only exists in Sandbox. No production data ever touches the test environment.

70% of charges auto-pay

Boletos and Invoices issued in Sandbox are paid automatically within an hour. Use them to seed your test account.

Response times may differ

Sandbox emulates the underlying operations, so response latency may not match production.

What Sandbox doesn't do

  • Pix keys registered in Sandbox aren't visible in production. Sandbox accounts can't receive or send real Pix.
  • Boletos issued in Sandbox aren't registered with banks or the official registry. Real banks can't pay them.
  • Card payments simulate authorization. No real card is ever charged.
  • Webhook target URLs must be public HTTPS endpoints. For local development, use ngrok or a similar tunnel.
  • Our Sandbox may fit some load testing. For intense load tests, reach out to us first.

Same code in both environments

Production and Sandbox use separate credentials — each environment has its own API ID and private key. To switch, change the "environment" parameter (or the base URL, if you call the REST API directly) and load the credentials for that environment. The resources, schemas, and error codes are identical between environments.

BASE URL - Production
https://api.starkbank.com
BASE URL - Sandbox
https://sandbox.api.starkbank.com

Python

import starkbank

# Example key only — replace with your own.
# Never hardcode private keys in source. Store them in an HSM,
# or at minimum in an encrypted KMS.
private_key_content = """
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMCwW74H6egQkTiz87WDvLNm7fK/cA+ctA2vg/bbHx3woAcGBSuBBAAK
oUQDQgAE0iaeEHEgr3oTbCfh8U2L+r7zoaeOX964xaAnND5jATGpD/tHec6Oe9U1
IF16ZoTVt1FzZ8WkYQ3XomRD4HS13A==
-----END EC PRIVATE KEY-----
"""

# To go live: change environment to "production" and use your production project id + private key.
# The project id is best loaded from an environment variable, not hardcoded in source.
user = starkbank.Project(
    environment="sandbox",
    id="5656565656565656",
    private_key=private_key_content
)

starkbank.user = user

Javascript

const starkbank = require('starkbank');

// Example key only — replace with your own.
// Never hardcode private keys in source. Store them in an HSM,
// or at minimum in an encrypted KMS.
let privateKeyContent = `
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMCwW74H6egQkTiz87WDvLNm7fK/cA+ctA2vg/bbHx3woAcGBSuBBAAK
oUQDQgAE0iaeEHEgr3oTbCfh8U2L+r7zoaeOX964xaAnND5jATGpD/tHec6Oe9U1
IF16ZoTVt1FzZ8WkYQ3XomRD4HS13A==
-----END EC PRIVATE KEY-----
`

// To go live: change environment to 'production' and use your production project id + private key.
// The project id is best loaded from an environment variable, not hardcoded in source.
let user = new starkbank.Project({
    environment: 'sandbox',
    id: '5656565656565656',
    privateKey: privateKeyContent
});

starkbank.user = user;

PHP

use StarkBank\Project;
use StarkBank\Settings;

// Example key only — replace with your own.
// Never hardcode private keys in source. Store them in an HSM,
// or at minimum in an encrypted KMS.
$privateKeyContent = "
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMCwW74H6egQkTiz87WDvLNm7fK/cA+ctA2vg/bbHx3woAcGBSuBBAAK
oUQDQgAE0iaeEHEgr3oTbCfh8U2L+r7zoaeOX964xaAnND5jATGpD/tHec6Oe9U1
IF16ZoTVt1FzZ8WkYQ3XomRD4HS13A==
-----END EC PRIVATE KEY-----
";

// To go live: change environment to "production" and use your production project id + private key.
// The project id is best loaded from an environment variable, not hardcoded in source.
$user = new Project([
    "environment" => "sandbox",
    "id" => "5656565656565656",
    "privateKey" => $privateKeyContent
]);

Settings::setUser($user);

Java

import com.starkbank.*;

// Example key only — replace with your own.
// Never hardcode private keys in source. Store them in an HSM,
// or at minimum in an encrypted KMS.
String privateKeyContent = """
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMCwW74H6egQkTiz87WDvLNm7fK/cA+ctA2vg/bbHx3woAcGBSuBBAAK
oUQDQgAE0iaeEHEgr3oTbCfh8U2L+r7zoaeOX964xaAnND5jATGpD/tHec6Oe9U1
IF16ZoTVt1FzZ8WkYQ3XomRD4HS13A==
-----END EC PRIVATE KEY-----
""";

// To go live: change "sandbox" to "production" and use your production project id + private key.
// The project id is best loaded from an environment variable, not hardcoded in source.
Project user = new Project(
    "sandbox",
    "5656565656565656",
    privateKeyContent
);

Settings.user = user;

Ruby

require('starkbank')

# Example key only — replace with your own.
# Never hardcode private keys in source. Store them in an HSM,
# or at minimum in an encrypted KMS.
private_key_content = '
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMCwW74H6egQkTiz87WDvLNm7fK/cA+ctA2vg/bbHx3woAcGBSuBBAAK
oUQDQgAE0iaeEHEgr3oTbCfh8U2L+r7zoaeOX964xaAnND5jATGpD/tHec6Oe9U1
IF16ZoTVt1FzZ8WkYQ3XomRD4HS13A==
-----END EC PRIVATE KEY-----
'

# To go live: change environment to 'production' and use your production project id + private key.
# The project id is best loaded from an environment variable, not hardcoded in source.
user = StarkBank::Project.new(
    environment: 'sandbox',
    id: '5656565656565656',
    private_key: private_key_content
)

StarkBank.user = user

Elixir

# file config/config.exs

import Config

# Example key only — replace with your own.
# Never hardcode private keys in source. Store them in an HSM,
# or at minimum in an encrypted KMS.
private_key_content = "
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMCwW74H6egQkTiz87WDvLNm7fK/cA+ctA2vg/bbHx3woAcGBSuBBAAK
oUQDQgAE0iaeEHEgr3oTbCfh8U2L+r7zoaeOX964xaAnND5jATGpD/tHec6Oe9U1
IF16ZoTVt1FzZ8WkYQ3XomRD4HS13A==
-----END EC PRIVATE KEY-----
"

# To go live: change environment to :production and use your production project id + private key.
# The project id is best loaded from an environment variable, not hardcoded in source.
config :starkbank,
  project: [
    environment: :sandbox,
    id: "5656565656565656",
    private_key: private_key_content
  ]

C#

// Example key only — replace with your own.
// Never hardcode private keys in source. Store them in an HSM,
// or at minimum in an encrypted KMS.
string privateKeyContent = "-----BEGIN EC PARAMETERS-----\nBgUrgQQACg==\n-----END EC PARAMETERS-----\n-----BEGIN EC PRIVATE KEY-----\nMHQCAQEEIMCwW74H6egQkTiz87WDvLNm7fK/cA+ctA2vg/bbHx3woAcGBSuBBAAK\noUQDQgAE0iaeEHEgr3oTbCfh8U2L+r7zoaeOX964xaAnND5jATGpD/tHec6Oe9U1\nIF16ZoTVt1FzZ8WkYQ3XomRD4HS13A==\n-----END EC PRIVATE KEY-----";

// To go live: change environment to "production" and use your production project id + private key.
// The project id is best loaded from an environment variable, not hardcoded in source.
StarkBank.Project user = new StarkBank.Project(
    environment: "sandbox",
    id: "5656565656565656",
    privateKey: privateKeyContent
);

StarkBank.Settings.User = user;

Go

import (
    "github.com/starkbank/core-go/starkcore/user/project"
    "github.com/starkbank/sdk-go/starkbank"
)

// Example key only — replace with your own.
// Never hardcode private keys in source. Store them in an HSM,
// or at minimum in an encrypted KMS.
var privateKeyContent =
"-----BEGIN EC PRIVATE KEY-----
MHQCAQEEILChZrjrrtFnyCLhcxm/hp+9ljWSmG7Wv9HRugf+FnhkoAcGBSuBBAAK
oUQDQgAEpIAM/tMqXEfLeR93rRHiFcpDB9I18MrnCJyTVk0MdD1J9wgEbRfvAZEL
YcEGhTFYp2X3B7K7c4gDDCr0Pu1L3A==
-----END EC PRIVATE KEY-----"

// To go live: change Environment to "production" and use your production project id + private key.
// The project id is best loaded from an environment variable, not hardcoded in source.
var user = project.Project{
  Id:          "5656565656565656",
  PrivateKey:  privateKeyContent,
  Environment: "sandbox",
}

starkbank.User = user

Clojure

(ns my-lib.core
  (:use starkbank.core))

; Example key only — replace with your own.
; Never hardcode private keys in source. Store them in an HSM,
; or at minimum in an encrypted KMS.
(def private-key-content "-----BEGIN EC PARAMETERS-----\nBgUrgQQACg==\n-----END EC PARAMETERS-----\n-----BEGIN EC PRIVATE KEY-----\nMHQCAQEEIMCwW74H6egQkTiz87WDvLNm7fK/cA+ctA2vg/bbHx3woAcGBSuBBAAK\noUQDQgAE0iaeEHEgr3oTbCfh8U2L+r7zoaeOX964xaAnND5jATGpD/tHec6Oe9U1\nIF16ZoTVt1FzZ8WkYQ3XomRD4HS13A==\n-----END EC PRIVATE KEY-----")

; To go live: change "sandbox" to "production" and use your production project id + private key.
; The project id is best loaded from an environment variable, not hardcoded in source.
(def user (starkbank.user/project
    "sandbox"
    "5656565656565656"
    private-key-content))

(starkbank.settings/user user)

Curl

Going to production

When you're ready, the switch from Sandbox to live takes a handful of steps.

  1. Open a production account in Web Banking (production also requires CNPJ verification).
  2. Generate a fresh ECDSA key pair for production — never reuse Sandbox keys.
  3. Register the production public key in the production Web Banking.
  4. Switch your code to production. In the SDK: change the environment from "sandbox" to "production" and load the production Project's id and private key. If you call the REST API directly: swap the base URL from sandbox.api.starkbank.com to api.starkbank.com and use the production signing key.
  5. Update webhook target URLs to production-reachable HTTPS endpoints and re-create the subscriptions in production.
  6. Smoke-test with a small Pix amount before scaling traffic.

What's next

Now that your Sandbox account is open, the integration takes about 2 days end-to-end.