📘 Public beta · Endpoints are stable; OpenAPI specs and SDKs ship monthly. See changelog →
Getting started
Sandbox vs production

Environments

Quantum Elixir has two environments. They share no data and have separate keys.

EnvironmentBase URLKey prefixPurpose
Sandboxhttps://sandbox.quantumelixir.techqe_sk_sandbox_…Build, test, demo
Productionhttps://api.quantumelixir.techqe_sk_live_…Real traffic, real money, real audit log

Per-product hostnames also work and are recommended for clarity:

ProductSandboxProduction
Identitysandbox.quantumelixir.tech/identityidentity.quantumelixir.tech
AMLsandbox.quantumelixir.tech/amlaml.quantumelixir.tech
Anti-Fraudsandbox.quantumelixir.tech/anti-fraudantifraud.quantumelixir.tech
Document Intelligencesandbox.quantumelixir.tech/document-intelligencedocuments.quantumelixir.tech
Bank Statementsandbox.quantumelixir.tech/bank-statementbankstatement.quantumelixir.tech
Orchestrationsandbox.quantumelixir.tech/orchestrationorchestration.quantumelixir.tech
AI Automationsandbox.quantumelixir.tech/ai-automationautomation.quantumelixir.tech

Sandbox behaviour

Sandbox is a real instance of every product — same code, same response shapes, same webhook deliveries. It only differs in three places:

  1. Test data only. Customers, alerts, documents you create in sandbox never appear in production.
  2. Watchlists are real lists, sandbox-isolated. Sandbox AML watchlists are seeded with real public UN-SC and OFAC entries plus Indonesia-relevant PPATK PEP entries — but the data lives only in the sandbox database, never mixed with your live customer hits. Reliable test names: Pak Chol Ryong (UN-SC sanctions, name-only match), Umar Patek (UN-SC, Indonesia context), Vladimir Putin and Wagner Group (OFAC), Bambang Setiawan Hartono with NIK 3171010101710001 (PPATK PEP, NIK exact-match), Joko Widodo Pratama (PPATK PEP). Use these to force confirmed hits in your integration tests.
  3. No regulator reporting. SAR filings in sandbox generate the goAML XML but the connector to PPATK is mocked — nothing is actually transmitted.

Otherwise: rate limits, latency, error behaviour, async timing — everything mirrors production.

What sandbox does NOT do

  • No charge. Sandbox is free. You don't get billed for sandbox calls.
  • No persistence guarantees. We may reset sandbox data with 7 days' notice during major upgrades.
  • No production webhooks. A sandbox key cannot register a webhook that points to your production callback URL — we block by hostname.

Switching to production

When you're ready to go live:

  1. Sign the Master Service Agreement (Sales sends it).
  2. We provision your production org and a production admin key.
  3. You issue production API keys with the scopes you need.
  4. You point your service to api.quantumelixir.tech (or the per-product hostname).
  5. You re-register webhooks under the production org — sandbox subscriptions don't migrate.

Use a hostname switch, not key-sniffing

Don't write code that branches on the key prefix to decide which base URL to call. Use QE_BASE_URL and QE_API_KEY environment variables so the same code runs in both environments and the deploy decides which env to use. We've seen too many bugs from "smart" detection.

Going to staging?

We don't ship a third "staging" tier. If you need a staging environment of your own, use a second sandbox org — sandbox supports unlimited orgs per email.

ConventionsClient libraries