Skip to main content
This guide shows you how to authenticate and make your first API call to Sandbox. You’ll generate API credentials, get an access token, and call an endpoint.
Prerequisites: You need a Sandbox account. Sign up here if you don’t have one.

Send your first API request

1

Get your API credentials

Navigate to Sandbox Console and go to SettingsAPI Keys to retrieve your API Key and API Secret.You’ll see two sets of credentials:
  • Test environment: Keys prefixed with key_test for development
  • Live environment: Keys prefixed with key_live for production
Follow this guide to generate your keys: Generate your API Keys.
Save your API key and secret immediately when they appear—you won’t be able to view the secret again.
2

Authenticate to get an access token

Use the Authenticate API to generate an access token. Pass your API Key and API Secret in the request headers.
curl -X POST 'https://api.sandbox.co.in/authenticate' \
     -H 'x-api-key: YOUR_API_KEY' \
     -H 'x-api-secret: YOUR_API_SECRET' \
     -H 'x-api-version: 1.0.0' \
     -H 'Content-Type: application/json'
Response
{
  "code": 200,
  "data": {
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGc..."
  },
  "timestamp": 1750687659809,
  "transaction_id": "3a31716a-6a4d-4670-83fe-849d8209e35a"
}
Access tokens are valid for 24 hours. Regenerate a new token when it expires.
3

Make your first API call

Use your access token to call any Sandbox API. This example searches for GST information using a GSTIN.Headers
x-api-key
string
required
Your API Key from the Sandbox Console
authorization
string
required
Your access token (without “Bearer” prefix)
x-api-version
string
API version (e.g., “1.0”)
curl -X POST 'https://api.sandbox.co.in/gst/compliance/public/gstin/search' \
     -H 'x-api-key: YOUR_API_KEY' \
     -H 'authorization: eyJ0eXAiOiJKV1QiLCJhbGc...' \
     -H 'x-api-version: 1.0' \
     -H 'Content-Type: application/json' \
     -d '{
       "gstin": "05ABNTY3290P8ZB"
     }'
Don’t include “Bearer” prefix in the authorization header. Pass only the access token value.
You are all set to use Sandbox APIs

Environment host URLs

EnvironmentHost url
Testhttps://test-api.sandbox.co.in
Productionhttps://api.sandbox.co.in
The same workflow works for both test and production environments. Use the appropriate host url based on your environment.

Next steps

Error handling

Understand error codes and how to handle them

Rate limits

Learn about API rate limits and best practices

Webhooks

Set up webhooks for real-time notifications