Skip to main content
Sandbox APIs accept JSON payloads, query parameters, and path parameters, and return standard JSON responses.

Request methods

  • GET: Retrieve data using path or query parameters
  • POST: Create or submit data with JSON body
  • PUT: Update existing data with JSON body
  • DELETE: Remove data using path or query parameters
Some endpoints may have exceptions to these patterns—check the specific API reference documentation.

Headers

All API requests to Sandbox require specific http headers for authentication and configuration:
x-api-key
string
required
Your API key from the Sandbox ConsoleExample: key_live_SIethxxxxxxxx
authorization
string
required
Your JWT access token (without “Bearer” prefix)Example: eyJhbGcxxxxx.eyJhdJxxxx.Si29xxxxx
x-api-secret
string
Your API secret. Required only for the Authenticate API to generate access tokensExample: secret_live_xxxxxxxxxxx
x-api-version
string
API version. Uses latest stable version if omittedExample: 1.0
x-source
string
Specify the data source. Defaults to primary if not specifiedExample: secondary
Cache-Control
string
Set to no-cache to bypass cache and get latest dataExample: no-cache
Content-Type
string
The Content-Type of the request bodyExample: application/json

Request example

Here’s a complete example showing how to make an API request with all required headers: 
curl -X POST 'https://api.sandbox.co.in/gst/compliance/public/gstin/search' \
     -H 'x-api-key: key_live_SIethxxxxxxxx' \
     -H 'authorization: eyJhbGcxxxxx.eyJhdJxxxx.Si29xxxxx' \
     -H 'x-api-version: 1.0' \
     -H 'Content-Type: application/json' \
     -d '{
       "gstin": "05ABNTY3290P8ZB"
     }'

Response structure

All Sandbox API responses follow a consistent JSON structure with these fields: 
{
  "code": 200,
  "data": {
    // Response data
  },
  "timestamp": 1750687659809,
  "transaction_id": "3a31716a-6a4d-4670-83fe-sc9d8209e35a"
}
code
number
http status code indicating success or error
data
object
Response payload containing the requested data or error details
timestamp
number
Unix timestamp (in milliseconds) indicating when the server generated the response
transaction_id
string
Unique identifier for tracking the request across systems

Special formats

Sheet structure

Some APIs accept data in a sheet structure format for bulk operations. The JSON body represents tabular data similar to a spreadsheet. See Sheet JSON format for details.