Sandbox (Test) Mode
Sandbox Mode is a project-level setting that turns a project into a safe, fully isolated test environment. No real money moves, no real verification codes are sent, and destructive operations that would be too risky in production are unlocked so you can build and test with confidence.
Overview
When you enable Sandbox Mode on a project, that project becomes a test double of your production environment. Everything works the same way — users can authenticate, services respond to requests, payments are processed — but none of it has real-world consequences.
Sandbox projects are ideal for:
- End-to-end and integration testing — Run automated test suites against a real API without touching production data or spending real money.
- QA environments — Give your QA team a full-fidelity environment where they can reproduce edge cases, reset state freely, and test payment flows without needing real card numbers.
- Demos and onboarding — Let new developers or prospects explore the platform without any risk to production data.
- Fixture and seed scripts — Directly inject users with pre-verified contact methods, skipping the verification-code flow entirely.
How to Enable
Sandbox Mode is configured at project creation time in the Forte Console. When creating a new project, toggle Sandbox (Test) Mode before clicking Create.
Sandbox Mode is permanent. Once a project is created as a sandbox project, it cannot be converted to a live project, and a live project cannot be converted to a sandbox project. Create a separate project for each environment you need.
What's Different in a Sandbox Project
Hard-Delete Users
In a live project, hard-deletion is not available — users can only be suspended (deactivated with their record retained). In a sandbox project, deletion is immediate and permanent: the user record and all associated data are removed with no possibility of recovery.
This makes it easy to reset state between test runs without manually tracking which users to clean up.
See Administration for details on user states and how to delete users via the Console or API.
Override Contact Methods and Verification
In a live project, adding a contact method (email address or phone number) to a user triggers a real verification flow — a code is sent and the user must confirm it before the contact method is marked verified.
In a sandbox project, you can change an existing contact method's value or mark it as verified — without sending a real verification code. This is useful for:
- Seeding test users with pre-verified contact methods in fixture scripts
- Reproducing edge cases that require specific email or phone values
- Automated tests that need a verified contact method without standing up an SMS or email inbox
See Contact Methods for the full contact method API.
Request/Response Body Logging
Forte can capture the full request and response bodies for every HTTP request to your services, making it easier to debug exactly what was sent and received.
In sandbox projects, body capture is enabled by default. In live projects, it is disabled by default to avoid inadvertently logging sensitive production data.
You can toggle body capture per service at any time in the service settings, regardless of the project type.
See Monitoring for more on request logs and how to use them.
Payments
Payments processed through a sandbox project route through a fully sandboxed payment environment — no real money moves.
Forte uses Stripe as its payments provider. In sandbox mode, all payment transactions hit Stripe's test environment. You can use Stripe's published test cards to simulate a full range of payment scenarios: successful charges, card declines, insufficient funds, 3D Secure challenges, and more.
No real money moves through sandbox projects. Use Stripe test cards to simulate payment scenarios.
When NOT to Use Sandbox Mode
Sandbox projects are a parallel environment — live and sandbox data are fully isolated from each other. Do not use a sandbox project for:
- Production user traffic — Real users should always authenticate against a live project.
- Real billing — Payment methods and charges in sandbox are test-only and will never result in actual transactions.
- Real compliance data — KYC and other compliance information submitted in a sandbox project is not treated as legally binding and is not used for real verification.
- Personal information about real customers — Because sandbox projects offer fewer safeguards (hard-delete, direct overrides), they are not appropriate for storing real customer PII.
Live vs. Sandbox Summary
| Capability | Live Project | Sandbox Project |
|---|---|---|
| Hard-delete users | ❌ (suspend only) | ✅ |
| Override contact methods & verification | ❌ | ✅ |
| Request/response body logging default | Off | On |
| Payments | Real money | Stripe test mode (fake money) |
| Immutable after creation | — | ✅ |
Next Steps
- Create a project with Sandbox Mode enabled
- Administration — manage users and understand user states
- Contact Methods — set and verify contact methods in your test environment
- Monitoring — use request/response body logs to debug your services