Sandbox & Testing

Creatorlayer provides a full sandbox environment for integration development and automated testing — backed by synthetic creator data, no real OAuth connections required.

Sandbox endpoint

All sandbox requests go to:

https://api-sandbox.creatorlayer.eu

The sandbox behaves identically to production (same endpoints, same error codes, same Risk Tape schema) but uses synthetic creator data instead of live platform connections.

SDK

const cl = new Creatorlayer({
  apiKey: process.env.CREATORLAYER_SANDBOX_KEY!,
  sandbox: true,
});

curl

curl https://api-sandbox.creatorlayer.eu/api/v1/verifications \
  -H "Authorization: Bearer cl_demo_api_key" \
  ...

Demo API key

For local development and CI, a shared demo key is available:

cl_demo_api_key

This key is pre-seeded in the sandbox database and authenticated against a known SHA-256 hash. It maps to lender ID 77a8b79e and has the lender role.

caution

cl_demo_api_key is public and shared. Never use it for production data or any sensitive test. Request a private sandbox key from hello@creatorlayer.eu for your own isolated sandbox environment.

Synthetic creators

The sandbox includes a set of pre-built synthetic creator profiles covering the full range of risk outcomes. Use the creator_id as the obligor_reference when creating a verification — the sandbox skips the OAuth consent flow and builds the Risk Tape directly from the synthetic data.

`creator_id`	Profile	Risk tier
`demo_prime_multi`	Multi-platform, stable revenue, 24+ months history	prime
`single_platform_95`	YouTube-only, high concentration, good track record	standard
`volatile_subprime`	High volatility, short history, drawdown events	subprime
`short_history_5mo`	Only 5 months of data	subprime
`seasonal_spikes`	Seasonal revenue pattern	standard
`demo_subprime_multi`	Multi-platform but declining trend	subprime
`demo-yt-mid`	Mid-tier YouTube creator	standard
`demo-stripe-micro`	Stripe-only, micro revenue	standard
`demo-yt-nano`	Nano YouTube creator, minimal history	subprime

Create a verification against a synthetic creator

curl -X POST https://api-sandbox.creatorlayer.eu/api/v1/verifications \
  -H "Authorization: Bearer cl_demo_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "obligor_reference": "demo_prime_multi",
    "creator_platforms": ["youtube", "patreon"],
    "lender_name": "Acme Finance",
    "product_type": "rbf"
  }'

The response includes a verification_id. Because this is a synthetic creator, the verification reaches completed status immediately — no consent URL interaction needed.

Retrieve the Risk Tape

curl https://api-sandbox.creatorlayer.eu/api/v1/verifications/{verification_id}/tape \
  -H "Authorization: Bearer cl_demo_api_key"

Interactive API Explorer

The Sandbox API Explorer is the full Creatorlayer app running against the sandbox API. Use it to test the complete consent flow, creator portal, and lender portal without touching production data.

Endpoint browser with search
Request body editor (JSON with syntax highlighting)
Live response display with headers
One-click cURL command copy
Pre-filled demo verification ID (demo_prime_multi)

Local development

To run the API locally against the sandbox database:

1. Start the database and Redis

cd creatorlayer-api
docker compose up -d

This starts:

PostgreSQL 16 on localhost:5432
Redis 7 on localhost:6379

2. Configure environment

cp .env.example .env
# Edit .env — the Docker defaults are pre-filled

Key variables for local development:

DATABASE_URL=postgresql://creatorlayer:creatorlayer_dev@localhost:5432/creatorlayer_dev
REDIS_URL=redis://localhost:6379
API_KEYS=77a8b79e536a1b3f238d7a5a9ad0ffc39d0b38c98f09528bd0cdb9134c7df906  # hash of cl_demo_api_key

3. Run migrations and seed demo data

npm run migrate          # apply all DB migrations
npm run seed:demo        # load synthetic creators and demo verifications

4. Start the API

npm run dev              # ts-node-dev with hot reload on port 3000

Automated testing

The test suite uses in-memory mocks — no running database required.

npm test                 # run all tests
npm run test:watch       # watch mode
npm run test:coverage    # with coverage report

Test fixtures

Test DB state is controlled via the __setDbFixtures helper injected by test/jest.setup.ts:

(global as any).__setDbFixtures({
  verifications: [
    { verification_id: 'ver-test-001', status: 'completed' },
  ],
  riskTapes: [
    { verification_id: 'ver-test-001', tape_json: JSON.stringify(myTape) },
  ],
});

This sets the responses returned by all pool.query() calls for the duration of the test, with no network or database required.

Testing webhook signature verification

import { createHmac } from 'crypto';

const secret = 'test-webhook-secret';
const payload = JSON.stringify({ event: 'verification.completed', data: { verification_id: 'ver-001' } });
const signature = createHmac('sha256', secret).update(Buffer.from(payload)).digest('hex');

// Pass to your webhook handler as req.headers['x-creatorlayer-signature']

Sandbox limitations

Feature	Sandbox	Production
Synthetic creator data	Yes	No
Real platform OAuth	No	Yes
Webhook deliveries	Yes (to your registered URL)	Yes
GDPR erasure	Yes (synthetic data only)	Yes
IP allowlist enforcement	No	Yes
Rate limits	Relaxed (1000 req/min)	Enforced (see Rate Limits)

Sandbox endpoint​

SDK​

curl​

Demo API key​

Synthetic creators​

Create a verification against a synthetic creator​

Retrieve the Risk Tape​

Interactive API Explorer​

Local development​

1. Start the database and Redis​

2. Configure environment​

3. Run migrations and seed demo data​

4. Start the API​

Automated testing​

Test fixtures​

Testing webhook signature verification​

Sandbox limitations​