Tonder provides two distinct environments for your integration:
- Sandbox for development and testing
- Production for processing live transactions
Each environment has its own set of base URLs and API credentials.
Use the correct base URL and API keys for each environment. Using production keys in the sandbox environment (or vice-versa) will result in authentication errors.
Environment Overview
| Environment | Purpose | Dashboard |
|---|
| Sandbox | Development, testing, and integration validation | Tonder Sandbox Dashboard |
| Production | Live transactions with real funds | Tonder Production Dashboard |
API Endpoints by Integration Type
Tonder uses different base URLs depending on your integration type. The table below provides a complete reference for all endpoints.
Payment Processing Endpoints
| Purpose | Endpoint |
|---|
| Process Payment (Tokenized Flow) | POST https://stage.tonder.io/api/v1/process/ |
| Process Payment (Raw Card Data) | POST https://process-sandbox.tonder.io/raw-data |
| Get Transaction Status | GET https://stage.tonder.io/api/v1/transactions/{id}/ |
| Purpose | Endpoint |
|---|
| Process Payment (Tokenized Flow) | POST https://app.tonder.io/api/v1/process/ |
| Process Payment (Raw Card Data) | POST https://process.tonder.io/raw-data |
| Get Transaction Status | GET https://app.tonder.io/api/v1/transactions/{id}/ |
Authentication & Tokenization Endpoints
| Purpose | Endpoint |
|---|
| Get Access Token | POST https://stage.tonder.io/tokenization/auth |
| Tokenize Card Data | https://token-sandbox.tonder.io/v1/gateway/inboundRoutes/f6eb7af640b041b590a0b2f095a83fa4/token |
| Purpose | Endpoint |
|---|
| Get Access Token | POST https://app.tonder.io/tokenization/auth |
| Tokenize Card Data | https://token.tonder.io/v1/gateway/inboundRoutes/a8b7f317c49f40a18770dc95ef8be3dc/token |
Your route_id for the tokenization endpoint is provided in your Tonder dashboard after onboarding. Contact support if you don’t have one. Choosing the Right Endpoint
The endpoint you use depends on your integration approach:
| Integration Type | Auth Endpoint | Processing Endpoint | Guide |
|---|
| Tokenized Card Payments | tokenization/auth | stage.tonder.io/api/v1/process/ | Tokenized Flow |
| Raw Card Data (PCI L1) | tokenization/auth | process-sandbox.tonder.io/raw-data | Raw Card Data Flow |
| Non-Card Payments (APMs) | Not required | stage.tonder.io/api/v1/process/ | Non-Card Payments |
API Credentials
Each environment uses a separate set of API credentials (API Key and Secret Key).
| Credential Type | Sandbox | Production |
|---|
| API Key | Found in Sandbox Dashboard → Developers | Found in Production Dashboard → Developers |
| Secret Key | Found in Sandbox Dashboard → Developers | Found in Production Dashboard → Developers |
Security Best Practices
- Never use production API keys in your testing environment
- Never expose API keys in client-side code
- Store credentials securely on your server
- Rotate keys immediately if compromised
Quick Reference: Base Domains
| Domain | Environment | Usage |
|---|
stage.tonder.io | Sandbox | Standard API, Auth |
app.tonder.io | Production | Standard API, Auth |
token-sandbox.tonder.io | Sandbox | Card tokenization service |
token.tonder.io | Production | Card tokenization service |
process-sandbox.tonder.io | Sandbox | Raw card data processing (PCI L1) |
process.tonder.io | Production | Raw card data processing (PCI L1) |
Next Steps
