Skip to main content
Yuno has two fully isolated environments on every account. Pick the right base URL and the matching credentials for the environment you are calling. Sandbox keys never authenticate against production and vice versa.

Base URLs

# Sandbox    test integrations, simulated funds
https://api-sandbox.y.uno

# Production  live traffic, real money
https://api.y.uno

Sandbox

Build and test against simulated providers without moving real money. Sandbox credentials. All funds are simulated. Use the Yuno Testing Gateway and test cards to reproduce specific behaviors.

Production

Live traffic with real customers, real money, and real settlement. Production credentials. Every call moves real money. Treat changes here with the same care as a production database migration.
Sandbox and production keys are not interchangeable. Sending one environment’s keys to the other’s base URL returns an authentication error. Store them in separate secret manager entries with environment scoping.

Sandbox

The sandbox mirrors the production API surface against test providers, so you can exercise flows end to end without moving real money. Use it for every phase of integration: first payment, edge cases, provider cascading, decline recovery, webhook delivery, and signature verification. Pair sandbox with these resources to reproduce specific behaviors like 3DS challenges, soft declines, and async confirmation.

Test cards

Card numbers that trigger approval, decline, 3DS challenge, and CVV mismatch.

Sandbox guide

End to end walkthrough of testing your integration in sandbox.

Test scenarios

Reproducible scenarios for declines, async flows, and webhook delivery.

Sandbox limitations

  1. Some payment methods are gated behind production enablement. Contact Yuno if a method you need is missing from sandbox.
  2. Test provider credentials can behave differently from production credentials (different error codes, different latency, different 3DS behavior).
  3. GET /v1/currency-conversion may return 404 in sandbox. The feature requires explicit enablement. Contact support if you need to test it.

Production

Production processes real transactions with real funds against real acquirers, with real risk, real fees, and real settlement. Everything that worked in sandbox should work in production with no behavioral surprises (see Sandbox and production parity). What changes is the credentials, the base URL, and how seriously you treat operational hygiene.

Go live checklist

Walk this list in order. Each step is mandatory, not optional.
1

Swap credentials

Replace your sandbox keys with production keys from Dashboard > Developers in your secret manager or environment variables. Confirm your server reads the production values at startup, not lazily at first request.
- public-api-key=sandbox_pk_…
- private-secret-key=sandbox_sk_…
+ public-api-key=prod_pk_…
+ private-secret-key=prod_sk_…
The Dashboard also exposes an account_id value. Use it as the account_id field in request bodies that require it. See Authentication.
2

Update the base URL

Change every caller from sandbox to production. Grep the codebase for the sandbox host so a stale URL in a config file or a forgotten test harness does not leak production traffic to sandbox.
- https://api-sandbox.y.uno
+ https://api.y.uno
3

Register the production webhook

Register your production webhook endpoint in the Dashboard and verify signatures end to end. Sandbox webhooks pointing at staging are fine, but a forgotten staging URL in production drops every event silently. See webhook setup and signature verification.
4

Confirm provider and method availability

Check that every payment method, provider, and country you need is enabled for production. Sandbox has access to test providers that may not exist in production for your account. See Dashboard connections.
5

Enable monitoring

Turn on provider monitors, error alerting, and latency dashboards before you take traffic. Provider blips are normal in production; sustained spikes are not. You need to know when a provider is degraded before customers do. See monitors and insights.
6

Run a low value canary payment

Place a small real payment through production to validate credentials, webhook delivery, and reconciliation end to end before opening the gate to all traffic. A canary catches misconfigurations that no amount of sandbox testing will surface.
Do not flip the sandbox-to-production switch incrementally over several days unless you can run both stacks in parallel. The cleanest cutover is atomic: deploy with both credentials and base URL changed in the same release.

Sandbox and production parity

API behavior is identical between sandbox and production, with the exception of the sandbox limitations called out above. If a flow works in sandbox, it should work in production. Request timeouts and async settlement behavior are documented on the API overview since they apply to both environments equally.

What next

Authentication

The three headers, key rotation, and security rules.

Quickstart

Run your first payment end to end in sandbox.

Webhooks

Register endpoints, verify signatures, and test locally.

Dashboard

Configure providers, routing, risk, and monitoring without code.