Skip to main content
Sandbox mode lets you test the LimitGuard API without using real data sources, making USDC payments, or consuming your monthly quota.

How to Activate

Two methods — both produce the same behavior:

Sandbox Behavior

PropertyBehavior
Data sourcesNo real sources called (KVK, sanctions, VIES, etc.)
ResponsesDeterministic mock data — same input always gives same output
PaymentsNo USDC payment required — x402 is skipped
QuotaNot consumed
Rate limit10 requests per minute per IP

Mock Data Examples

/v1/entity/check (sandbox)

{
  "trust_score": 75,
  "trust_level": "medium",
  "cluster": "established_eu_sme",
  "recommendation": "review",
  "confidence": 0.80,
  "top_factors": [
    {"source": "mock", "signal": "Sandbox mock data", "impact": "neutral", "weight": 1.0}
  ],
  "sources_checked": ["mock"],
  "processing_time_ms": 5
}

/v1/risk/score (sandbox)

{
  "risk_score": 25,
  "risk_level": "medium",
  "recommendation": "review",
  "top_factors": [],
  "processing_time_ms": 5
}

Rate Limit Response

When the sandbox rate limit is exceeded:
HTTP 429

{
  "error": "Sandbox rate limit exceeded (10 req/min). Use a real API key for higher limits."
}
The response includes a Retry-After: 60 header.

Use Cases

ScenarioRecommendation
First-time integrationHeader sandbox + any API key
CI/CD automated testslg_test_ prefix key in env vars
Frontend developmentHeader sandbox to avoid quota
Load testingSandbox — never load test production
Demo / prototypeHeader sandbox

Middleware Execution Order

Sandbox detection runs before x402 payment verification in the middleware stack:
Request → Logging → Security → Size Limit → Rate Limit → Tenant → Sandbox → x402 → Router
This means sandbox mode skips payment verification entirely. The x402 middleware sees the sandbox flag and passes through without checking for payment.

Transitioning to Production

When ready to use real data:
  1. Remove X-LimitGuard-Mode: sandbox header, or
  2. Switch from lg_test_ key to a lg_live_ key
No other code changes required. The same endpoints, request format, and response structure apply in both modes.