Skip to main content
The Mandate sandbox gives you a complete simulation of the production payment flow. Everything works the same way — agent identity checks, mandate policy evaluation, proof issuance, and seller verification — except that proofs are HMAC-SHA256 signatures instead of on-chain USDC transfers. You can test every success path, every policy denial, and every error condition without moving real money.

Getting a sandbox API key

Sandbox keys are issued automatically when you create an account at usemandate.xyz. You can also generate additional sandbox keys from the dashboard under Settings → API Keys. Sandbox keys always start with ky_sand_:
The KyaPaymentsClient detects the key prefix and sets client.sandbox = true automatically. You do not need to configure the sandbox environment separately.
POST /v1/payments/proof returns 400 if you send a production API key. Proof issuance is environment-scoped — sandbox keys generate sandbox proofs and production keys generate production proofs.

How sandbox proofs work

In production, a payment proof represents a verified USDC transaction on Base mainnet. In the sandbox, proofs are HMAC-SHA256 signatures computed by the Mandate platform using a dedicated signing key. The payload that gets signed follows this format:
For example:
The platform signs this string with HMAC-SHA256 using its sandbox signing key and returns the signature as the proof value. Replay protection — Each proof includes a single-use nonce. The platform rejects any proof presented with a nonce it has already seen. Proofs are also time-bounded: they expire 5 minutes after issuance. Presenting an expired proof returns a 401 from the seller’s verification endpoint.

Generating a proof

Call POST /v1/payments/proof to request a sandbox proof directly. In normal SDK usage the SDK does this for you, but you can call the endpoint manually to inspect the proof format or build a custom client.

Verifying a proof

Sellers call POST /v1/payments/verify to validate a proof presented by an agent. The endpoint checks the HMAC signature, confirms the nonce has not been used before, and verifies the proof has not expired.
Never use sandbox proofs in a production environment. The kya-sandbox payment scheme is rejected by any seller running production verification. Attempting to present a sandbox proof against a production endpoint results in a 402 rejection.

Dashboard sandbox tester

The Mandate dashboard includes a built-in sandbox tester under Sandbox → Payment Tester. Use it to:
  • Generate a proof for any agent and mandate without writing code
  • Verify a proof manually to inspect the decoded payload
  • Trigger deliberate policy denials (over-budget, expired mandate, blocked seller) to test your error handling
  • View the full audit log entry produced by each sandbox transaction
The tester is useful for confirming your mandate configuration before wiring up the SDK.

Sandbox limitations

The sandbox is a full functional simulation, but it has intentional constraints:
  • No blockchain interaction — Proofs are HMAC signatures, not on-chain transactions. The sandbox never touches Base or any other network.
  • No real USDC — Budget tracking in the sandbox counts simulated spend. Your real USDC balance is never affected.
  • Sandbox keys are environment-scoped — Agents and mandates created with a sandbox key are sandbox-only. You must re-register agents and re-create mandates with a production key before going live.
  • Proof expiry is fixed at 5 minutes — You cannot extend or disable proof expiry in the sandbox.
When you’re ready to go live, switch your API key from ky_sand_... to a production key. The SDK and middleware detect the key prefix automatically and switch to the kya-usdc scheme on Base mainnet. Everything else in your integration stays the same.