# Sandbox

You can start using our Sandbox environment right now, no need to contact us. Feel free to test our service and integrate with our API. If you have any questions, just send them to help@starkbank.com, we will answer you quickly, pinky promise. We are here to help you integrate with us ASAP.

- [Create account (Sandbox)](https://web.starkbank.com/sandbox/create)
- [Log in (Sandbox)](https://web.sandbox.starkbank.com/signin)

## About our Sandbox environment

- **Emulates production exactly** — Same endpoints, same schemas, same error codes — only the credentials and base URL change.
- **Isolated server and database** — Everything you create in Sandbox only exists in Sandbox. No production data ever touches the test environment.
- **70% of charges auto-pay** — Boletos and Invoices issued in Sandbox are paid automatically within an hour. Use them to seed your test account.
- **Response times may differ** — Sandbox emulates the underlying operations, so response latency may not match production.

## What Sandbox doesn't do

- Pix keys registered in Sandbox aren't visible in production. Sandbox accounts can't receive or send real Pix.
- Boletos issued in Sandbox aren't registered with banks or the official registry. Real banks can't pay them.
- Card payments simulate authorization. No real card is ever charged.
- Webhook target URLs must be public HTTPS endpoints. For local development, use ngrok or a similar tunnel.
- Our Sandbox may fit some load testing. For intense load tests, reach out to us first.

## Same code in both environments

Production and Sandbox use separate credentials — each environment has its own API ID and private key. To switch, change the "environment" parameter (or the base URL, if you call the REST API directly) and load the credentials for that environment. The resources, schemas, and error codes are identical between environments.

```python
import starkbank

# Example key only — replace with your own.
# Never hardcode private keys in source. Store them in an HSM,
# or at minimum in an encrypted KMS.
private_key_content = """
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIMCwW74H6egQkTiz87WDvLNm7fK/cA+ctA2vg/bbHx3woAcGBSuBBAAK
oUQDQgAE0iaeEHEgr3oTbCfh8U2L+r7zoaeOX964xaAnND5jATGpD/tHec6Oe9U1
IF16ZoTVt1FzZ8WkYQ3XomRD4HS13A==
-----END EC PRIVATE KEY-----
"""

# To go live: change environment to "production" and use your production project id + private key.
# The project id is best loaded from an environment variable, not hardcoded in source.
user = starkbank.Project(
    environment="sandbox",
    id="5656565656565656",
    private_key=private_key_content
)

starkbank.user = user
```

- **Production** — `https://api.starkbank.com`
- **Sandbox** — `https://sandbox.api.starkbank.com`

## Going to production

When you're ready, the switch from Sandbox to live takes a handful of steps.

1. Open a production account in Web Banking (production also requires CNPJ verification).
2. Generate a fresh ECDSA key pair for production — never reuse Sandbox keys.
3. Register the production public key in the production Web Banking.
4. Switch your code to production. In the SDK: change the environment from "sandbox" to "production" and load the production Project's id and private key. If you call the REST API directly: swap the base URL from sandbox.api.starkbank.com to api.starkbank.com and use the production signing key.
5. Update webhook target URLs to production-reachable HTTPS endpoints and re-create the subscriptions in production.
6. Smoke-test with a small Pix amount before scaling traffic.

## What's next

Now that your Sandbox account is open, the integration takes about 2 days end-to-end.

- [Generate your ECDSA keys](https://docs.starkbank.com/how-to-create-ecdsa-keys.md) — Create the key pair you will use to sign every API request.
- [Get Started](https://docs.starkbank.com/get-started.md) — Make your first authenticated request in about 5 lines of code.
- [API Reference](https://docs.starkbank.com/api.md) — Browse every endpoint, request body, and response schema.

---

## Other Languages

- [Python](https://docs.starkbank.com/sandbox-python.md)
- [Node.js](https://docs.starkbank.com/sandbox-node.md)
- [PHP](https://docs.starkbank.com/sandbox-php.md)
- [Java](https://docs.starkbank.com/sandbox-java.md)
- [Ruby](https://docs.starkbank.com/sandbox-ruby.md)
- [Elixir](https://docs.starkbank.com/sandbox-elixir.md)
- [.NET](https://docs.starkbank.com/sandbox-dotnet.md)
- [Go](https://docs.starkbank.com/sandbox-go.md)
- [Clojure](https://docs.starkbank.com/sandbox-clojure.md)
