Skip to main content

Requesting Sandbox credentials

Meridian provisions Sandbox access on request. To get started, contact your Solutions Engineer and provide the following:
  • Your organization’s name and country of operation
  • A technical point of contact with name and email
  • The webhook URL you want Meridian to use for payout origination processing status events
  • The sender or program identifiers Meridian should associate with your Sandbox traffic
  • Any IP addresses Meridian should expect if your network policy requires allowlisting
Once Meridian receives this information, it provisions your Sandbox environment and delivers your credentials securely.

What you’ll receive

Upon provisioning, Meridian securely provides:
  • API Key — used in the X-Meridian-Api-Key header on all Payout Origination API requests
  • API Secret — used to compute the HMAC SHA-256 request signature
  • Webhook API Key and Secret — used exclusively for authenticating inbound webhook events
  • Sandbox base URL — for the Payout Origination API
These credentials are specific to your Sandbox environment. Meridian issues production credentials separately as part of the go-live process.

What to validate in Sandbox

Before requesting production access, validate that your integration can:
  • Base64-encode the full source payload without changing its contents
  • Use the correct {format} path slug for the payload you submit
  • Sign requests with the correct HMAC headers
  • Submit a message to POST /v1/payout-origination/{format} successfully
  • Store the returned messageId, then reconcile the resulting transaction in your own system
  • Accept and verify webhook notifications for transaction processing status changes
  • Look up transactions with GET /v1/transactions?messageId=... or GET /v1/transactions/{id}