Sandbox API keys
A sandbox key is a normal Flightline organization API key that we provision with asandbox claim. You authenticate with it exactly like a live key
(Authorization: Bearer <key>), and every request behaves identically on the
wire; only the processing differs.
Ask us to issue you a sandbox key for your organization. Live and sandbox keys
are separate credentials; a live key never returns canned data, and a sandbox
key never runs real analysis.
What’s different in sandbox
When you call the API with a sandbox key:POST /reviewsingests your documents over the real upload path (so you exercise the genuine multipart / signed-URL flow), then returns immediately withstatus: "completed"andreport_available: true. The review never runs the real (slow, paid) analysis pipeline.GET /reviews/{review_id}andGET /reviews/{review_id}/reportboth carry"sandbox": trueso your code can tell it is in test mode.GET /reviews/{review_id}/reportreturns a deterministic, obviously canned report (see below) instantly; no waiting, no polling loop required.- A real
review.completedwebhook fires to your registered endpoints, so you can test your webhook receiver (signature verification, payload parsing) exactly as in production.
The canned report
Every sandbox report returns the same fixed set of illustrative sample issues. They are not produced by analysis and do not correspond to your uploaded documents:| Code | Severity | Title |
|---|---|---|
SAMPLE-001 | high | Sample: APR tolerance exceeded |
SAMPLE-002 | medium | Sample: Missing income documentation |
SAMPLE-003 | low | Sample: Minor data inconsistency |
outcome is always issues_found and the summary counts match the issues
above. Each issue’s summary text states plainly that it is sample sandbox
data. Treat the SAMPLE-* codes as illustrative only; real reviews carry real
rule codes (for example APR-003).
Sandbox reviews are marked internally and never enter the analysis pipeline, so
they incur no cost and never appear alongside your production results.