What are the phases of the sandbox-to-production pipeline?

Sandbox, In Review, and Production. A subscription starts in Sandbox, moves to In Review when the developer submits, and reaches Production when your team approves. A rejected submission is marked Rejected.

How does a developer move a sandbox subscription forward?

The developer builds against sandbox credentials, then clicks Submit for Review. The subscription moves to In Review. Submitting requires that sandbox credentials have been created first.

What can your team do with a submission in review?

Approve it, which unlocks Production, reject it with notes, or request changes with notes, which returns it to Sandbox marked Changes Requested for the developer to resubmit.

When does a developer get production credentials?

After your team approves the submission. The subscription enters the Production phase, the production credential card unlocks, and the developer creates production credentials.

Is the submission form always required?

No. The submission form is optional and defined on the plan. When a plan has one, Submit for Review opens a multi-step form. When it does not, Submit for Review submits the subscription directly.

Partner & Developer onboarding

From sandbox to production

The sandbox-to-production pipeline in your API Portal: a developer builds against sandbox credentials, submits for review, your team approves or requests changes, and production credentials unlock. The phases are Sandbox, In Review, and Production.

A plan with a sandbox runs a developer through a review pipeline before production. The developer builds against sandbox credentials, submits the subscription for review, your team approves it, and production credentials unlock. The phases are Sandbox, In Review, and Production.

What are the phases of the pipeline?

A sandbox subscription holds one pipeline phase at a time. The subscription's stepper shows three phases, and a submission that is turned down is marked separately.

Phase	What it means
Sandbox	The developer is building and testing against sandbox credentials.
In Review	The developer has submitted, and your team is reviewing.
Production	Your team approved. Production credentials can be created.
Rejected	The submission was turned down. The stepper marks the review step as rejected.

When your team requests changes, the subscription returns to Sandbox and is flagged Changes Requested, with your reviewer's notes shown to the developer.

How does a developer get started in sandbox?

A sandbox subscription opens on the sandbox lane. The developer creates sandbox credentials, optionally generates a token, and reviews the provider's sandbox test data, then builds against the sandbox endpoints.

The developer opens the subscription and finds the Sandbox Credentials card.
They create the credentials. The card shows the full value once, with a warning to save it.
They open View Test Data to see the Sandbox Test Data the provider configured.
They build and test, using the explorer's sandbox documentation where the plan provides it. See Trying endpoints in the explorer.

The production credential card stays locked through the sandbox and review phases. It explains that production credentials become available once an API provider has reviewed and approved the request.

What is sandbox test data?

Sandbox test data is a read-only set of custom properties the provider configures on the sandbox. The developer opens the Sandbox Test Data view to read them while testing.

Each entry shows a type, a name, a description, and a value. The view is read-only, so the developer copies the values they need rather than editing them.

How does a developer submit for review?

When sandbox credentials exist, the Submit for Review action becomes available. If the plan defines a submission form, the developer completes it first. If not, the submission goes straight through. Either way the subscription moves to In Review.

With the subscription in Sandbox, the developer clicks Submit for Review.
If the plan has a submission form, a multi-step form opens, ending in a review step before the developer submits.
The subscription moves to In Review, and the button reads Submitted for Review.

Submitting requires that credentials were created first. A subscription with no sandbox credentials cannot be submitted for review.

What does your team do with a submission?

Your team reviews the submission and takes one of three actions. Each is recorded on the subscription, and the developer sees the result on the subscription page.

Action	Effect	What the developer sees
Approve	The subscription moves to Production.	An Approved notice, then an unlocked production credential card.
Reject	The subscription is marked Rejected.	A Submission Rejected notice with your reviewer's notes.
Request changes	The subscription returns to Sandbox, flagged Changes Requested.	A Changes Requested notice with your reviewer's notes, so they can fix and resubmit.

Requesting changes requires notes. The developer reads the notes, adjusts the integration in sandbox, and submits for review again.

How does a developer reach production?

After your team approves, the subscription enters the Production phase and the production credential card unlocks. The developer creates production credentials and switches their integration to them.

Your team approves the submission. The subscription moves to Production.
The production credential card unlocks. It confirms the integration was approved.
The developer creates production credentials. The full value is shown once.
On a paid plan, the production card stays locked until payment is complete. See Subscribing to a plan.

See API credentials for the credential types and the difference between Regenerate and Rotate Secret, which apply to both the sandbox and production credentials.

Where to next

Trying endpoints in the explorer

How the explorer injects a subscription's credentials and defaults to sandbox documentation while a subscription is in the pipeline.

API credentials

The sandbox and production credential lanes, and how a developer creates, regenerates, or rotates each one.