0Bit Documentation

Sandbox vs production

Move a 0Gate integration from sandbox testing to live mode without mixing keys, records, capabilities, or support assumptions.

Sandbox mode proves that your integration shape works. It does not prove that a live product, country, asset, method, fee, support tier, or compliance statement is approved for production. Treat production as a controlled cutover with separate keys, origins, webhooks, capabilities, and support runbooks.

Cutover model

Sandbox checklist

AreaPass condition
Session creationYour server creates sessions with sk_test_* and idempotency keys.
Embed or redirectBrowser/mobile uses only pk_test_* and client_secret.
Webhook verificationRaw-body signature verification works and duplicate event ids are ignored.
Return pagesSuccess/cancel routes read backend state rather than trusting navigation.
Failure handlingPending, failed, cancelled, and expired attempts are visible to users and support.
LogsNo secret keys, webhook secrets, raw identity payloads, bank details, or provider payloads.

Production checklist

AreaRequirement
Live keysStore sk_live_*, pk_live_*, and whsec_* separately from test values.
Allowed originsRegister exact production origins before launch.
Webhook URLUse a stable HTTPS endpoint with monitoring and alerting.
CapabilitiesConfirm country, currency, asset, method, payout, and eligibility behavior for live mode.
Product copyUse approved wording for availability, KYC/KYB, fees, spreads, support, and settlement.
SupportPrepare escalation with session id, event id, transaction ref, request id, and support@0bit.io.

Do not assume

  • Sandbox success means live money movement is enabled.
  • Test quote values are production pricing.
  • A code path means every partner or region can use it.
  • A browser success callback means settlement is complete.
  • Internal docs, tests, or fixtures are approved public product claims.

Go-live smoke test

  1. Create a live-mode session from the production backend.
  2. Open the hosted flow from a production allowed origin.
  3. Confirm webhook signature verification on the live endpoint.
  4. Confirm duplicate event handling.
  5. Confirm return and cancel pages render backend state.
  6. Confirm support can search by order id, 0Gate session id, event id, and request id.

On this page