Test in sandbox
Prove product-object creation, hosted surfaces, webhooks, retries, and reconciliation before using live credentials.
Sandbox testing should exercise the same architecture you use in production: server-created 0Gate sessions or approved product objects, browser-safe values where applicable, verified webhooks, idempotent workers, and support-ready records.
Sandbox is not just a UI preview
Do not go live after only loading the widget. Test raw-body webhook verification, duplicate event handling, failed states, rate limits, replay, and support investigation.
Sandbox loop
Test plan
| Area | What to prove |
|---|---|
| Credentials | Sandbox keys are used only with sandbox environment. |
| Product-object creation | Idempotency key prevents duplicate sessions, checkouts, quotes, or writes on retry. |
| Embed | Allowed origin and browser-safe values work. |
| Return URLs | Outcome pages read server state, not query strings. |
| Webhooks | Raw-body signature verification passes. |
| Event log | Duplicate events do not duplicate fulfillment. |
| Failure states | Failed, cancelled, expired, and delayed states show correct UX. |
| Support | Request id, product object id, event id, and local attempt id are available. |
Smoke test record
type SandboxEvidence = {
attemptId: string;
productObjectId: string;
tested: Array<
| 'object_create'
| 'embed_mount'
| 'webhook_verify'
| 'duplicate_event'
| 'failed_state'
| 'reconciliation'
>;
passedAt: string;
};Related pages
Respect compliance review gates
Keep product availability, KYC/KYB, regional support, liquidity, and settlement behavior inside the surfaces enabled for your account.
Prepare production launch
Confirm credentials, domains, webhooks, idempotency, monitoring, support, and account enablement before live traffic.