Introduction & Access


Customate provides a separate, isolated environment for clients. This environment, so-called sandbox, should serve as an excellent tool for developing and testing integration flow.

Clients operate with virtual money during work in the sandbox, this eliminates risk of unintended payment and makes it easier to test different complex scenarios. It’s also important to remember that processing time for all operations (Direct Debit validation, payments processing) is significantly decreased.

Customate provides a set of special, predefined data that can be used for testing specific responses and errors.

In the sandbox section on our knowledge base, we have provided details of test Data which should be used to trigger different flows in clients integration and ensure they are handled accordingly.

Access to sandbox

Switching to sandbox requires several simple steps:

  1. change Api url to:


  2. use sandbox’s key and secret that were provided to you by Customate staff. For example:- Your API key (e.g.  5997e99c-0b96-4019-9f88d-47770999194c)
    – Your API secret (e.g. 4099da9afc699577267af23a2990277f1301ca34a30599b180).

HMAC signature – sandbox

We have enabled HMAC signature verification for sandbox as this enables Public Api clients the opportunity to test authentication in their integration, but we have also made the signature optional.

To access the sandbox, you have a choice to either :

1 – use HMAC, in which case Authorization header is “Signature <API key>: <token>” using the token you have calculated.

2 – not use HMAC, in which case Authorization header is “Signature <dummy API key>:”

These keys will just apply to the sandbox and not to production. Customate staff will activate the keys to work in production environment as a separate manual step.

Code examples with HMAC authentication

We have provided code examples in GitHub here to help you to get the status of the API, how to create/get/delete a profile in sandbox and get all profiles in sandbox. In doing so, this code shows you how to access the Sandbox with HMAC authentication.

This will enable you to run the code samples as they are – you just need to replace <YOUR API KEY> and <YOUR API SECRET> with the values of the key and secret that were provided to you by Customate staff.

Table of Contents