Sandbox / Test Mode
Use test keys (prefix spk_test_) to exercise the API without creating real orders, charging cards, or sending emails.
How test keys work
Test keys hit the same production API endpoints as live keys, but with these differences:
- Orders created are flagged
is_test = 1and excluded from revenue reports - Stripe/PayPal calls use sandbox credentials configured on your tenant
- Transactional emails (order confirmations, shipping notifications, gift card emails) are suppressed — only logged, not sent
- Rate limits and scopes behave exactly the same as live keys
Creating a test key
- Go to Commerce → API Keys in admin
- Click Generate Key
- Select Test / Sandbox for the environment
- Choose scopes and rate tier
- Save the generated
spk_test_...key
What data you can see
- Test keys can read both live and test data — useful for comparing behavior
- Live keys only see live data — test orders are invisible to them
Example: safely test order creation
curl -X POST https://api.spectradiag.com/api/v1/orders \
-H "Authorization: Bearer spk_test_xxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"cart_id": "abc-123",
"billing": { "name": "Test Customer", "address1": "123 Main", "city": "Brooklyn", "state": "NY", "zip": "11201", "email": "test@example.com" },
"shipping": { "name": "Test Customer", "address1": "123 Main", "city": "Brooklyn", "state": "NY", "zip": "11201" },
"payment": { "method": "stripe" }
}'Returns a real order response, but:
is_test: trueis set on the order- No confirmation email is sent
- Stripe in sandbox mode — use Stripe's test card numbers (opens in a new tab)
Switching to production
When you're ready to go live:
- Create a new
spk_live_...key with the same scopes - Update your integration to use the live key
- Delete the test key (optional — they're harmless left around)
Tips
- Use clearly labeled keys:
"Staging integration (test)"vs"Production integration" - Test keys never charge real money — safe for CI/CD test runs
- Webhook events from test-flagged orders are not delivered to production webhook URLs (to prevent accidentally processing test data in production). Create a separate webhook subscription pointing at your staging environment.