Sandbox Guide
Test your integration safely with our sandbox environment. No real money, no regulatory approval needed—just realistic test data and full API access.
Overview
The sandbox environment mirrors production functionality with simulated data. Use it to develop, test, and demonstrate your application before going live.
What's Included
- ✓ Full API functionality
- ✓ Test accounts with balances
- ✓ Simulated payment processing
- ✓ Webhook event simulation
- ✓ No rate limiting
Limitations
- • No real money movement
- • Data resets periodically
- • HTTP webhooks allowed
- • Simplified SSA validation
- • Test card numbers only
Environment URLs
| Service | Sandbox URL | Production URL |
|---|---|---|
| API Base URL | https://sandbox.api.hamsterbank.ai | https://api.hamsterbank.ai |
| Authorization | https://sandbox.auth.hamsterbank.ai | https://auth.hamsterbank.ai |
| Token Endpoint | https://sandbox.auth.hamsterbank.ai/token | https://auth.hamsterbank.ai/token |
| Developer Portal | https://sandbox.developer.hamsterbank.ai | https://developer.hamsterbank.ai |
Environment Detection
Your API keys are environment-specific. Sandbox keys (prefixed with 'sk_sandbox_') only work with sandbox URLs.
Test Accounts
The sandbox includes pre-configured test accounts with various scenarios:
Current Accounts
| Account Name | Sort Code | Account Number | Balance | Scenario |
|---|---|---|---|---|
| Main Current | 608371 | 12345678 | £5,432.10 | Standard account |
| Joint Account | 608371 | 87654321 | £12,500.00 | Joint ownership |
| Overdrawn | 608371 | 11111111 | -£250.00 | Negative balance |
| Zero Balance | 608371 | 00000000 | £0.00 | Empty account |
Savings Accounts
| Account Name | Sort Code | Account Number | Balance | Scenario |
|---|---|---|---|---|
| Easy Saver | 608371 | 22222222 | £10,000.00 | Savings with interest |
| Fixed Term ISA | 608371 | 33333333 | £20,000.00 | Restricted withdrawals |
International Accounts
| Account Name | IBAN | Balance | Scenario |
|---|---|---|---|
| Euro Account | GB82HMBK60837144444444 | €2,500.00 | EUR transactions |
| USD Account | GB82HMBK60837155555555 | $8,000.00 | USD transactions |
Test Users (PSUs)
Use these credentials to simulate user authorization flows:
| Username | Password | Accounts | Behavior |
|---|---|---|---|
testuser@example.com | Password123! | All test accounts | Standard approval |
slowuser@example.com | Password123! | Main Current only | 15-second delay |
rejectuser@example.com | Password123! | None | Always rejects consent |
mfauser@example.com | Password123! | All accounts | Requires MFA (code: 123456) |
Authorization Flow
In sandbox, the consent screen auto-approves after 2 seconds for testuser@example.com. Use rejectuser@example.com to test rejection flows.
Simulating Scenarios
Test different scenarios using special values in your requests:
Payment Scenarios
| Amount | Result | Use Case |
|---|---|---|
Any amount | Success | Normal payment processing |
0.01 | Insufficient funds | Test error handling |
0.02 | Payment timeout | Test timeout handling |
0.03 | Bank rejection | Test bank-side rejection |
999999.99 | Limit exceeded | Test amount validation |
Funds Confirmation Scenarios
| Amount Checked | Result | Use Case |
|---|---|---|
< Balance | fundsAvailable: true | Sufficient funds |
> Balance | fundsAvailable: false | Insufficient funds |
0.01 | Always false | Force negative response |
Consent Expiry Scenarios
Set short expiry times in sandbox to test consent renewal flows:
{
"type": "account-access",
"permissions": ["ReadAccounts", "ReadBalances"],
"expirationDateTime": "2024-01-15T10:35:00Z", // 5 minutes from now
"transactionFromDateTime": "2024-01-01T00:00:00Z",
"transactionToDateTime": "2024-01-15T23:59:59Z"
}Webhook Testing
Test webhook integrations without waiting for real events:
Trigger Test Events
Use the sandbox webhook trigger endpoint to simulate events:
curl -X POST "https://sandbox.api.hamsterbank.ai/webhooks/test" \\
-H "Authorization: Bearer {access_token}" \\
-H "Content-Type: application/json" \\
-d '{
"event_type": "payment.completed",
"resource_id": "pay_test123",
"data": {
"amount": "100.00",
"currency": "GBP"
}
}'Local Development
Use a tunneling service for local webhook testing:
# Using ngrok
ngrok http 3000
# Register the tunnel URL as your webhook endpoint
# https://abc123.ngrok.io/webhooksHTTP Allowed
Sandbox webhooks can be delivered to HTTP endpoints for local testing. Production requires HTTPS.
Moving to Production
When you're ready to go live, follow this checklist:
Complete TPP Registration
Obtain regulatory authorization and register with the Open Banking Directory to receive your production SSA.
Generate Production Keys
Create production API keys in the dashboard. These start with 'sk_live_' instead of 'sk_sandbox_'.
Update Environment URLs
Replace all sandbox URLs with production URLs in your application configuration.
Configure HTTPS Webhooks
Update webhook URLs to use HTTPS endpoints with valid SSL certificates.
Implement mTLS
Set up mutual TLS client certificates for FAPI-compliant authentication.
Review Rate Limits
Production has rate limits. Check the documentation and implement appropriate backoff.
Production Checklist
Contact our team at api-support@hamsterbank.ai before going live. We'll review your integration and ensure everything is configured correctly.
Frequently Asked Questions
How long does sandbox data persist?
Sandbox data resets weekly on Sunday at midnight UTC. Transaction history, consents, and webhook subscriptions are all cleared. Test accounts are recreated with default balances.
Can I create custom test accounts?
Currently, sandbox uses pre-configured test accounts. For custom scenarios, contact our team to discuss dedicated test environments.
Are there rate limits in sandbox?
No rate limits are applied in sandbox. This lets you run automated tests and load testing. Production has per-TPP rate limits documented in the API reference.
Can I test mTLS in sandbox?
Yes, sandbox supports optional mTLS for testing your certificate setup. Use the certificates from your sandbox registration.