> ## Documentation Index
> Fetch the complete documentation index at: https://docs.payfonte.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Environments

> Configure sandbox and production environments, API base URLs, and authentication with client-id and client-secret.

# Environments

Payfonte provides two environments for integration:

| Environment | Use Case           | API Base URL                       | Dashboard                                                            |
| ----------- | ------------------ | ---------------------------------- | -------------------------------------------------------------------- |
| Sandbox     | Development and QA | `https://sandbox-api.payfonte.com` | [https://sandbox-app.payfonte.com](https://sandbox-app.payfonte.com) |
| Production  | Live transactions  | `https://api.payfonte.com`         | [https://app.payfonte.com](https://app.payfonte.com)                 |

<Warning>
  Do not use live provider credentials in sandbox. Keep sandbox and production
  credentials separate.
</Warning>

## API Authentication

All API calls require these headers:

* `client-id`
* `client-secret`

You can find both in:

`Dashboard -> Settings -> Security ->  API Keys and Webhooks`

## Sandbox Example

```bash theme={null}
curl --location 'https://sandbox-api.payfonte.com/payments/v1/checkouts' \
  --header 'client-id: <your-sandbox-client-id>' \
  --header 'client-secret: <your-sandbox-client-secret>' \
  --header 'Content-Type: application/json' \
  --data '{
    "reference": "test-001",
    "amount": 1000,
    "currency": "NGN",
    "country": "NG",
    "user": {
      "phoneNumber": "08012345678"
    }
  }'
```

## Production Go-Live Checklist

<Steps>
  <Step title="Complete testing in sandbox">
    Validate successful, failed, and pending flows, including webhooks.
  </Step>

  <Step title="Complete KYB onboarding">
    Submit your business details using the [KYB onboarding form](https://form.jotform.com/240038360690048).
  </Step>

  <Step title="Switch credentials and base URL">
    Replace sandbox `client-id`/`client-secret` with production keys and update your API base URL to `https://api.payfonte.com`.
  </Step>

  <Step title="Verify webhooks in production">
    Confirm your production webhook URL is configured under `Settings -> Security ->  API Keys and Webhooks`.
  </Step>
</Steps>

## Recommended App Configuration

Use environment variables so secrets stay out of source code:

```bash theme={null}
# Sandbox
PAYFONTE_SANDBOX_BASE_URL=https://sandbox-api.payfonte.com
PAYFONTE_SANDBOX_CLIENT_ID=...
PAYFONTE_SANDBOX_CLIENT_SECRET=...

# Production
PAYFONTE_PRODUCTION_BASE_URL=https://api.payfonte.com
PAYFONTE_PRODUCTION_CLIENT_ID=...
PAYFONTE_PRODUCTION_CLIENT_SECRET=...
```

```javascript theme={null}
const isProduction = process.env.NODE_ENV === "production";

const config = isProduction
  ? {
      baseUrl: process.env.PAYFONTE_PRODUCTION_BASE_URL,
      clientId: process.env.PAYFONTE_PRODUCTION_CLIENT_ID,
      clientSecret: process.env.PAYFONTE_PRODUCTION_CLIENT_SECRET,
    }
  : {
      baseUrl: process.env.PAYFONTE_SANDBOX_BASE_URL,
      clientId: process.env.PAYFONTE_SANDBOX_CLIENT_ID,
      clientSecret: process.env.PAYFONTE_SANDBOX_CLIENT_SECRET,
    };
```

## Security Notes

* Never expose `client-secret` in frontend apps.
* Never commit credentials to git.
* Rotate keys immediately if you suspect exposure.
* Use HTTPS for API and webhook endpoints.
