---
description: >-
  Inyo provides separate sandbox and production environments. Use sandbox for
  development and testing with simulated transactions.
---

# Environments

## URLs

| Resource | Sandbox | Production |
|---|---|---|
| **API Base** | `https://sandbox-gw.simpleps.com` | `https://gw.simpleps.com` |
| **Tokenizer JS** | `https://cdn.simpleps.com/sandbox/inyo.js` | `https://cdn.simpleps.com/production/inyo.js` |
| **OpenAPI Spec** | [sandbox-gw.simpleps.com/q/swagger-ui](https://sandbox-gw.simpleps.com/q/swagger-ui/#/) | — |

## Sandbox Environment

Use the sandbox for development and testing. Transactions are simulated — no real money moves and no card networks are contacted.

**Sandbox features:**
- Full API functionality matching production behavior
- [Test cards](apis/test-data/cards.md) for simulating approvals, declines, 3DS challenges, and AVS results
- Simulation codes via cardholder name (e.g., `REFUSED` triggers a decline)
- Webhook delivery to your configured endpoints

**Sandbox limitations:**
- No real card network authorization
- Some issuer-specific behaviors may differ from production
- Rate limits may be lower than production

## Production Environment

Use production for live, real-money transactions. Ensure all integrations are thoroughly tested in sandbox before going live.

**Before going to production:**
- [ ] All payment flows tested end-to-end in sandbox
- [ ] Webhook endpoints configured and verified
- [ ] Error handling and retry logic implemented
- [ ] 3DS redirect flows tested (success and failure)
- [ ] CORS origin URLs provided to Inyo team
- [ ] Production credentials received and stored securely

## CORS Configuration

During onboarding, provide Inyo with your origin URLs for both environments. The tokenizer library (`inyo.js`) communicates with Inyo's servers from the browser, so your domain must be whitelisted per [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) policy.