Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.sandbox.co.in/llms.txt

Use this file to discover all available pages before exploring further.

This guide shows you how to authenticate and make your first API call to Sandbox. You’ll generate API credentials, get an access token, and call an endpoint.
Prerequisites: You need a Sandbox account. Sign up here if you don’t have one.

Send your first API request

1

Get your API credentials

Navigate to Sandbox Console and go to SettingsAPI Keys to retrieve your API Key and API Secret. Sandbox provides separate credentials for test and production environments.Follow this guide to generate your keys: Generate your API Keys.
Save your API key and secret immediately when they appear—you won’t be able to view the secret again.
2

Authenticate to get an access token

Use the Authenticate API to generate an access token. Pass your API Key and API Secret in the request headers.
curl -X POST 'https://api.sandbox.co.in/authenticate' \
     -H 'x-api-key: YOUR_API_KEY' \
     -H 'x-api-secret: YOUR_API_SECRET' \
     -H 'x-api-version: 1.0.0' \
     -H 'Content-Type: application/json'
Response
{
  "code": 200,
  "data": {
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGc..."
  },
  "timestamp": 1750687659809,
  "transaction_id": "3a31716a-6a4d-4670-83fe-849d8209e35a"
}
Access tokens are valid for 24 hours. Regenerate a new token when it expires.
3

Make your first API call

Use your access token to call any Sandbox API. This example searches for GST information using a GSTIN.Headers
x-api-key
string
required
Your API Key from the Sandbox Console
authorization
string
required
Your access token (without “Bearer” prefix)
x-api-version
string
API version (e.g., “1.0”)
curl -X POST 'https://api.sandbox.co.in/gst/compliance/public/gstin/search' \
     -H 'x-api-key: YOUR_API_KEY' \
     -H 'authorization: eyJ0eXAiOiJKV1QiLCJhbGc...' \
     -H 'x-api-version: 1.0' \
     -H 'Content-Type: application/json' \
     -d '{
       "gstin": "05ABNTY3290P8ZB"
     }'
Don’t include “Bearer” prefix in the authorization header. Pass only the access token value.
You are all set to use Sandbox APIs

Next steps

Error handling

Understand error codes and how to handle them

Rate limits

Learn about API rate limits and best practices

Webhooks

Set up webhooks for real-time notifications

Test environment

Set up Postman collections and run test requests