For API publishers and the agents they enable

A working copy of any REST API, on demand.

Replace shared staging with isolated, reproducible sandboxes for every consumer — human or AI agent. Spec in. Live, traced, resettable API out — with stateful mocks, scope enforcement, and full request replay.

Why Sandbox

Three things your consumers actually need.

Spec → live in seconds.

Upload an OpenAPI spec. We compile an immutable release and deploy it to Cloudflare Workers — your sandbox URL is live in under a minute.

OpenAPI 3.0 / 3.1 · Cloudflare Workers

Stateful mocks, deterministic by design.

Five execution modes — static mock, dynamic mock, stateful mock. Snapshots, scenarios, deterministic clock advance, signed webhook delivery. Reset to a known seed in a single call.

Snapshots · Clock · Webhooks · Read deeper →

Trace and replay every request.

Every request is traced with auth decisions, policy results, and response provenance. Replay any traced request in a single CLI command.

Auth · Policy · Lineage

Three strategies, one platform

Pick the level of realism each test actually needs.

Mock

Static example response.

Deterministic example payload pulled straight from your spec. Same input, same output, every time — perfect for auth and scope checks, scripted demos, and the 80% of tests that don’t need state.

When the contract is the test.

Dynamic mock

Schema-driven, varied per call.

Responses generated from your schema on every request. Shape matches the contract exactly; values vary so consumers don’t hard-code fixtures. Same release plus same request fingerprint still returns the same body.

Partner onboarding, contract demos, exploratory testing.

Stateful mock

Mocks that remember.

A JSON state model behind every operation. POST creates, GET reads, PATCH mutates, DELETE removes. Snapshots, scenarios, deterministic clock advance, signed webhook delivery. Reset to seed in one call.

Workflows, webhooks, agent loops, regulated reproductions.

Three commands

From spec to sandbox.

Publisher flow Consumer flow

# Define the auth contract (sandbox-native, no real IdP needed) sdb auth create-profile payments-sim --mode simulated --scheme BearerAuth=bearer # Compile + deploy an immutable release behind the bank-sim sandbox sdb publish ./payments.yaml --sandbox bank-sim --auth-profile payments-sim # Watch every request your partners make, in real time sdb trace tail bank-sim --limit 10

# Connect to a sandbox a publisher invited you to sdb connect <CONNECT_URL> # Exchange your client credential for a runtime session sdb auth login --client-id <ID> --client-secret-stdin # Hit the sandbox like it's the real API sdb sandbox request GET /refunds/ref_123

Install the CLI: pipx install api-sandbox · or brew tap digitalapicraft/api-sandbox-cli && brew install api-sandbox

Stateful mocks

Mocks that remember.

Static mocks fall over the moment your test needs to read what it just wrote. Stateful mocks keep a JSON state model behind every operation — POST creates, GET reads, PATCH mutates, DELETE removes — and respond from that state on every request.

State is deterministic and replayable. Seed it from your simulation pack, snapshot it before a test, advance the clock to fire a webhook timer, restore the snapshot, and run again — same outcome every time.

Reset returns the sandbox to its seed in one call. No shared staging drift, no cross-team data corruption, no “who deleted my fixtures” Monday morning.

SeedStart from a known JSON state defined in your simulation pack.

Snapshot & RestoreCapture the live state at any moment; restore it later for replay.

Clock advanceMove simulated time forward to fire scheduled webhooks and timers.

ResetDrop everything back to seed in one CLI call or HTTP request.

POST /refunds { "amount": 1200 } → 201 { "id": "ref_123", ... } GET /refunds/ref_123 → 200 { "id": "ref_123", ... } POST /sandboxes/bank-sim:reset → 204 GET /refunds/ref_123 → 404 not found

Same release, same auth, same scopes — only the state changes between the calls.

Beyond seed and reset

Scenarios, timers, and webhooks — the rest of the simulation surface.

Stateful mocks come with the primitives a real workflow needs: named state transitions you can apply on demand, a deterministic clock that fires scheduled events, and signed webhook delivery your partners can subscribe to.

Scenarios

Flip into a known shape, by name.

Apply credit-ladder, nsf, expired-card, or any scenario you’ve packed. The sandbox jumps to that state immediately. Reusable across teams and CI runs.

Timers

Advance the clock. Watch state move.

Schedule a transition at simulated T+5m. Advance the clock past it. The transition fires deterministically — same as on a real clock, just faster.

Webhooks

Signed events, traced, replayable.

Register a destination. The sandbox emits signed events on every state change. Each delivery is traced; failed ones retry on schedule and stay replayable.

Snapshots

Save state. Restore later. Bit-perfect.

Capture the live state at any moment. Run a destructive test. Call restore — the sandbox returns to that exact JSON, byte-for-byte. Branch your tests without forking your stack.

Where stateful mocks earn their keep

Workflows your partners run, end to end.

Banking & payments authorize → capture → refund → dispute

Run partners through the full money-movement lifecycle. Reset between integration tests so balances and ledgers start clean every time.

Insurance quote → bind → claim → settlement

Loop the policy lifecycle deterministically against scenario packs. Replay the exact path that broke a partner’s integration last week.

Order & fulfillment place → reserve → ship → cancel → refund

Snapshot the cart, run the agent through checkout, restore the snapshot, run again. Same outcome, every time, no shared staging cleanup.

Telco & metered billing provision → consume → invoice → adjust

Advance the clock, watch the meter, fire the invoice webhook on schedule. Test usage-based billing without waiting a real billing cycle.

Healthcare workflows eligibility → authorization → claim

PHI-shaped fixtures with no live PHI. Reproduce eligibility edge cases and 837/835 transitions deterministically against scoped credentials.

Incident reproduction restore → replay → fix → verify

Restore a production-shaped state, replay the failing trace exactly as the partner saw it, ship the fix, and verify against the same recording.

Built for the agent era

Designed for AI-agent integrations from day one.

Agents need APIs that respond the same way today as they did in last week’s evaluation. Sandbox is deterministic by default — and the whole platform is shaped for automation.

Every CLI action is one command with structured output. Agents drive Sandbox the same way humans do, just faster.
Snapshot before risky tool calls. Replay the exact trace an agent saw last Tuesday. Reset between runs.
No production data, no rate-limit roulette, no surprises — agents loop on stateful mocks until they get it right.
Scope-bounded client credentials per agent or per task. Revoke without paging anyone.

On Cloudflare’s edge

Every sandbox runs on Cloudflare Workers.

Sandboxes inherit the runtime your production gateway probably already trusts. Geo-distributed, instant scale, isolated per partner.

Geo-distributed at Cloudflare’s edge — sub-50ms cold start, scales to zero between tests.
Per-partner isolation. One tenant’s traffic never touches another’s runtime or state.
DDoS protection and WAF inherited from Cloudflare’s edge — same posture as production.
Logs, metrics, and traces emitted from the edge straight back into the control plane.