Environments
Hosts by contract
| Contract | Sandbox host | Production host |
|---|---|---|
| OAuth2 / Token | https://identityhomolog.acesso.io | https://identity.acesso.io |
| Web & SDK | https://api.idcloud.uat.unico.app | https://api.idcloud.unico.app |
| API | https://api.id.uat.unico.app | https://api.id.unico.app |
| Magic Link (Mexico) | https://sandbox.trully.ai | https://api.trully.ai |
When to use sandbox
- Development and integration tests before production go-live.
- Validating new flows or capabilities your tenant is being enabled for.
- Reproducing customer-facing issues without affecting real data.
Credentials are environment-specific
Sandbox and production use different credentials (Client ID, private key, API key). Mixing credentials between environments is one of the most common causes of 401 errors. See Authentication > Common errors.
Behavior differences
The two environments share the same API contract — same endpoints, same payloads. They differ in:
| Aspect | Sandbox | Production |
|---|---|---|
| Credentials | Sandbox-only | Production-only |
| Real biometric data | No (test data only) | Yes |
| Webhook delivery | Real (to your sandbox endpoint) | Real |
| Rate limits | Lower | See Rate limits |
| Persistence | Periodically reset | Permanent |
Webhook origins (Magic Link only)
If you use Magic Link (Mexico), allow the following origins on your webhook server's CORS:
- Sandbox:
https://verification.uat.unico.app - Production:
https://verification.unico.app