Skip to main content
You’ll integrate with us in two environments: Sandbox for building and testing, and Live for production. Both expose the same API surface, but they run on separate infrastructure with isolated data and different execution behavior. Use Sandbox to validate your integration end-to-end (authentication, onboarding, order placement, webhooks) without real money or market impact. Move to Live when you’re ready to go to production.

Sandbox vs. Live

Sandbox is a safe place to experiment. Order execution is deterministic: you trigger specific outcomes (full fill, partial fill, cancel) by placing orders with particular field values. Webhooks, events, and the rest of the API behave the same way they do in Live, but nothing here involves real trading or regulated production flows. Live is production. Orders route through our real execution infrastructure, prices come from live market feeds, and onboarding and trading are fully regulated. Sandbox and Live are completely isolated. Each environment has its own databases, credentials, accounts, and webhook subscriptions. Data you create in Sandbox never appears in Live, and vice versa.

At a glance

SandboxLive
API base URLhttps://api-sandbox.engine.usesophic.comhttps://api.engine.usesophic.com
CredentialsSandbox client ID and secret (issued at onboarding)Live client ID and secret (issued separately)
DataIsolated test dataProduction customer data
Order executionDeterministic; trigger outcomes with specific order fields. See Testing.Real market routing and execution
PricesSimulated (market quotes where available, otherwise a fallback price)Live market feeds
Webhooks & eventsSame event types and delivery mechanicsSame event types and delivery mechanics
OnboardingFull API flow; compliance integrations use sandbox third-party servicesProduction compliance and KYC

API URLs

All endpoints share the same paths in both environments. Only the host changes.
ResourceSandboxLive
Engine APIhttps://api-sandbox.engine.usesophic.comhttps://api.engine.usesophic.com
Token endpointPOST /auth/tokenPOST /auth/token
OpenAPI spec{base_url}/openapi.json{base_url}/openapi.json
Point your HTTP client at the Sandbox base URL while you’re building, then switch to Live for production. Every code example in these docs uses the Live URL; substitute the Sandbox host when testing.

Authenticating in Sandbox

Obtain a token the same way you would in Live, but call the Sandbox base URL with your Sandbox client credentials:
curl -X POST https://api-sandbox.engine.usesophic.com/auth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id=YOUR_SANDBOX_CLIENT_ID" \
  -d "client_secret=YOUR_SANDBOX_CLIENT_SECRET" \
  -d "grant_type=client_credentials"
Use the returned Bearer token for all subsequent Sandbox requests. Tokens are scoped to Sandbox and won’t work against Live. See Authentication for the full token flow.
Never use Live credentials against the Sandbox API (or Sandbox credentials against Live). Each environment validates tokens independently.

Orders

Order placement works the same in both environments: same endpoints, request shapes, and validation. The difference is what happens after you submit. In Sandbox, we route orders through a deterministic execution simulator. You control the outcome by setting specific values on the order:
  • Buy orders: set cash_amount to "5001" (cancel), "5002" (40% partial fill), or "5003" (full fill).
  • Sell orders: set quantity to "20" (25% partial fill) or "12" or less (full fill).
  • Everything else: default full fill.
See the full Testing reference for terminal statuses, webhook sequences, and code examples. In Live, orders follow real execution routing: venue selection, market rules, and settlement timelines apply. You can’t trigger outcomes with magic field values, and partial fills or cancellations depend on market conditions.
Sandbox execution does not mirror production routing, venue behavior, or FIX lifecycles. Use it to test your integration against predictable order and trade outcomes, not to validate production execution logic.

Events and webhooks

Both environments emit the same webhook events and expose them via GET /events. Delivery mechanics (headers, signatures, retries, deduplication) are identical. Register webhooks separately in each environment. A Sandbox webhook URL receives Sandbox events only; Live webhooks receive Live events only. In Sandbox, order-related events fire in quick succession because execution is simulated. In Live, the timing between events reflects real processing and market conditions. See Order lifecycle for status definitions and Testing for Sandbox-specific event sequences.
1

Build against Sandbox

Authenticate with Sandbox credentials, register a webhook, and walk through onboarding and order flows. Use Testing to exercise every order outcome your integration handles.
2

Verify webhooks and event handling

Confirm signature verification, deduplication, and idempotent processing work correctly. See Verifying signatures and Deliveries & retries.
3

Switch to Live

Update your base URL and credentials, re-register webhooks, and run a controlled end-to-end test before opening to customers.