Understanding sandbox vs. production
Two Environments
ComplianceGrid provides two fully isolated environments for different stages of your development workflow:
| Feature | Sandbox | Production |
|---|---|---|
| Host | `sandbox.api.compliancegrid.ai` | `api.compliancegrid.ai` |
| API Key Prefix | `cg_sk_` | `cg_pk_` |
| Data | Mock/sample responses | Live government data |
| Rate Limit | 60 req/min | 300 req/min (Self-Serve) |
| Cost | Free | Metered per plan |
| SLA | Best effort | 99.9% uptime |
Environment Enforcement
The API gateway strictly enforces environment matching. A sandbox key only works on sandbox.api.compliancegrid.ai, and a production key only works on api.compliancegrid.ai. Sending a sandbox key to the production host returns a 403 environment_mismatch error.
Sandbox Behavior
Sandbox endpoints return realistic mock data that mirrors the structure of production responses. This lets you build and test your integration without consuming production quota or querying live government databases.
Key sandbox behaviors:
- Responses use static sample data — they won't change between calls
- All API verticals are available without a paid subscription
- Rate limits are lower (60 req/min vs. 300+ req/min)
- No billing charges are incurred
- Webhook events are simulated
When to Switch to Production
Move to production when you:
- Have completed integration testing against the sandbox
- Need live, up-to-date government data
- Are ready to handle real compliance decisions
- Have configured error handling and retry logic
Switching Environments
The only changes needed are:
1. Replace your API key from cg_sk_... to cg_pk_...
2. Change the base URL from sandbox.api.compliancegrid.ai to api.compliancegrid.ai
3. Request a new Bearer token from the production OAuth endpoint
Was this article helpful?