When developing and testing your Rainforest integration, you will use our sandbox environment. In sandbox, you can simulate creating merchants and payments, but without needing to send sensitive personal or payment information, and without actually triggering money to move.
When you launch your code to your production environment, where real customers want to send real payments, you need to use the Rainforest production environment.
This guide walks you through all the changes you need to make to work in both sandbox and production.
Because sandbox and production are different environments, be aware that all the data in them is separate:
- If you use the Rainforest Portal, you will have a different URL and potentially a different set of users in the sandbox and production Portals. Be sure that the right users have access to sandbox and production and know when to use which. (For example, developers will usually want to log in to the sandbox portal, unless they are trying to debug a production issue. Payment Operations staff will generally want to log in to the production portal to see customers' real transactions.)
platform_idand other ids will be different in sandbox and production. Note that you can usually distinguish these easily because sandbox ids are prefixed with
sbx_, whereas production ids are not.
In most cases, you want to use Rainforest's production environment only from your own production environment, and otherwise use Rainforest's sandbox for all of your development, testing, and staging environments.
You may want to set an environment variable, secret, or configuration option on your application to ensure that it uses the right Rainforest environment. The rest of this guide assumes your code already has a way to know whether it wants to use Rainforest sandbox or production. Based on that, you can build the logic to use sandbox or production in each of your environments.
The first change to make is the base url you use to make API calls. The base urls for the sandbox and production environments differ:
If your environment has security restrictions on network egress, be sure that you have added both the sandbox and production APIs to your allowlist so that the API calls will not be blocked by your security controls.
You will need to use a separate API key in production and sandbox. You can create a production API key in the production portal. Then use your secret management system or environment variables to make sure that you use the production API key in your production environment, and the sandbox API key elsewhere.
Be careful with production API keys
Because production API keys have the ability to create real transactions and view sensitive data, they should be stored securely. Never store your production API keys in code, share them via email, or embed them in your frontend codebase.
<script> tag to use the production version, by removing the
sandbox from the file name:
Once the changes above have been made, your integration is ready to work against the Rainforest production environment. Contact your Technical Lead to do final production transaction testing before taking payments from your end customers.
Updated 3 months ago