Sandbox vs production
Separate 0Base sandbox object testing from approved production merchant checkout.
Sandbox and production are different operational environments. A good 0Base integration uses sandbox to validate object lifecycles, webhook signatures, idempotency, status mapping, reports, and recovery paths, then treats production as account-gated with its own keys, capabilities, settings, and launch review.
0Base availability is account-gated. Build against capabilities, merchant status, environment mode, and settlement settings instead of assuming that every payment method, asset, network, cadence, or refund path is enabled for every merchant.
0Base product docs and API details
These pages are public product guidance for merchant and platform developers. 0Base endpoint-level API pages are not published for partners yet; use this product documentation to understand the workflow, records, and launch boundaries.
End-to-end picture
This flow is intentionally shown as product infrastructure: Sandbox keys -> Build lifecycle -> Test failures -> Review settings -> Production keys -> Controlled launch. The merchant application can make the customer experience simple, but the backend should keep each step visible enough for retries, support, and finance closeout.
Production contract
| Boundary | What to build | Why it matters |
|---|---|---|
| Key separation | Use sk_test_* and sk_live_* only in the correct environment. | Prevents accidental live/test mixing. |
| Capability separation | Read capabilities from the active environment. | Sandbox coverage is not a live promise. |
| Webhook separation | Use environment-specific webhook endpoints/secrets where applicable. | Prevents test events changing live orders. |
| Data separation | Never reconcile sandbox rows with production finance. | Protects reporting. |
| Launch separation | Promote after review, not by changing a URL in the browser. | Production needs operational signoff. |
Status and state handling
| State | What it means | Developer action |
|---|---|---|
| Sandbox draft | Flow is being built and tested. | No customer promise. |
| Sandbox passed | Lifecycle and failures pass. | Ready for launch review. |
| Production enabled | Account and settings approved. | Controlled exposure. |
| Production paused | Issue or missing gate. | Rollback/hide checkout. |
Status handling should be strict even when the customer UI is friendly. Store raw 0Base statuses, map them to customer-safe labels at the edge, and keep the merchant order state separate from the payment object state. That separation lets you change customer copy without corrupting reconciliation.
Example implementation record
This is an application-side record shape for sandbox and production. Keep exact request and response fields aligned with your enabled account contract when 0Base API access is released for your partner account; the point of this record is to keep product, support, and finance joined in your system.
{
"sandbox_base_url": "https://base-api-sandbox.0bit.app/v1",
"production_base_url": "https://base-api.0bit.app/v1",
"test_key_prefix": "sk_test_",
"live_key_prefix": "sk_live_",
"webhook_test": "passed",
"production_launch_state": "pending_review"
}Operational scenario
Sandbox proves that the integration code handles the lifecycle; it does not prove the merchant is approved for every live asset, network, settlement currency, or cadence. Production launch should re-read capabilities and settings from production.
In practice, production 0Base integrations make the happy path fast while keeping exceptions predictable: retries return the same object, delayed notifications can be repaired, expired sessions do not become mystery payments, and finance exports can be traced back to the original merchant order.
Before and after
| Before 0Base | With 0Base |
|---|---|
| Sandbox success was treated as live approval. | Production requires account-gated enablement and capability checks. |
| Test webhooks hit live handler. | Handlers and secrets are environment-specific. |
| Reports mixed test and live data. | Finance exports are environment-isolated. |
| Launch happened by swapping keys. | Launch happens after review and controlled exposure. |
Evidence to keep
| Evidence | What to store |
|---|---|
| Environment record | Base URL, key prefix, merchant id, webhook endpoint. |
| Sandbox test matrix | Success, failure, expiry, duplicate, replay, report tests. |
| Production capability snapshot | Payment methods, networks, settlement currencies. |
| Launch approval | Reviewer, date, scope, rollback path. |
| Incident guard | How to disable production checkout quickly. |
This evidence is what makes the integration supportable at institutional scale. A developer should not need private operational knowledge to answer basic questions such as what the customer saw, which object owns the state, which event announced the change, and which ledger or report row closed the money movement.
Failure modes and recovery
| Failure mode | Recovery |
|---|---|
| Mode mismatch returns auth errors | Check key prefix, base URL, and merchant id. |
| Sandbox webhook updates live order | Separate endpoints/secrets and reject wrong environment. |
| Production capability missing sandbox option | Hide option and update launch scope. |
| Test data appears in exports | Fix environment tagging and regenerate reports. |
Recovery should be idempotent and explainable. When the system is uncertain, preserve the current raw status, read the latest object state, attach a support reference, and avoid changing fulfillment or finance state until a trusted terminal condition is present.
API adjacency
| API area | Use it for |
|---|---|
POST /webhooks/test | Validate sandbox/live signature handling. |
GET /capabilities/payment_methods | Read per-environment capabilities. |
GET /reports/transactions | Verify report environment. |
GET /webhooks/deliveries | Debug delivery by environment. |
For endpoint-level implementation, use the API reference as the source of truth for fields, enums, authentication, idempotency behavior, pagination, and response examples.
Why this matters for merchants and customers
Sandbox proves the integration code; production proves account enablement, capabilities, settings, and operations. Separating the two protects merchants from test assumptions becoming live customer promises.
At scale, the value of 0Base is not only that a payment can be created. The value is that the payment can be explained later: what the customer saw, which account capabilities allowed it, which backend state changed, which notification delivered it, and which ledger or report row closed it.
Worked API path
The example below shows the implementation shape for this page. Use merchant-specific capabilities, account settings, and API responses in production; the ids and values here are illustrative.
curl -X POST https://base-api-sandbox.0bit.app/v1/webhooks/test \
-H "Authorization: Bearer $OBIT_SECRET_KEY" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: ord_100045:base:v1" \
-d '
{
"eventType": "payment_intent.succeeded",
"intentId": "pi_test_456"
}'Example response shape:
{
"object": "webhook_delivery",
"id": "whd_test_launch",
"event_id": "evt_test_launch",
"event_type": "payment_intent.succeeded",
"intent_id": "pi_test_456",
"status": "pending",
"attempts": 0
}Implementation checkpoints:
- Read account and environment state before rendering or launching the product surface.
- Attach the returned object id to the same business record.
- Record the request id, idempotency key, raw status, and environment.
- Use webhook and report reads to repair delayed or missed state changes.
Data join map
This join map is the reason 0Base is infrastructure rather than a payment button. A merchant can change checkout UX, support tooling, or finance exports without losing the chain from customer action to backend state and settlement evidence.
Operator runbook
| Signal | Check first | Action |
|---|---|---|
| Customer reports payment not updating | Look up merchant order id, 0Base object id, raw status, and latest webhook delivery. | Read current object state before changing fulfillment. |
| Webhook delivery failed | Check delivery id, event id, attempts, last error, and handler logs. | Fix the handler, replay once, and dedupe by event id. |
| Finance cannot match a row | Compare client reference, intent id, settlement id, report period, and export row. | Move the item to reconciliation queue instead of closing by amount/date. |
| Launch test fails | Identify whether the failure is capability, key, webhook, status, or report related. | Block launch for that scope until the failing layer has a passing evidence record. |
The runbook should be available to support and finance teams before launch. A developer integration is not complete if only engineering can explain the state of a customer payment.
Developer checklist
- Keep test and live keys separate.
- Use environment-specific webhook endpoints.
- Run failure tests in sandbox.
- Re-read production capabilities before launch.
- Never mix sandbox and production reports.
- Document rollback before enabling production traffic.