Thank you for using Sandbox APIs, other developer services, and associated software (collectively, "APIs"). By accessing or using our APIs, you are agreeing to the terms below. If there is a conflict between these terms and additional terms applicable to a given API, the additional terms will control for that conflict. Collectively, we refer to the terms below, any additional terms, terms within the accompanying API documentation, and any applicable policies and guidelines as the "Terms." You agree to comply with the Terms and that the Terms control your relationship with us. So please read all the Terms carefully. If you use the APIs as an interface to, or in conjunction with other Sandbox products or services, then the terms for those other products or services also apply.

Under the Terms, "Sandbox" means Sandbox Financial Technologies Private Limited, with offices at B701 Amrapali Lakeview Tower Opp. Lake, Vastrapur, Ahmedabad, Gujarat 380015, unless set forth otherwise in additional terms applicable for a given API. We may refer to "Sandbox" as "we", "our", or "us" in the Terms.

  1. Account and Registration
  2. Using Our APIs
  3. Your API Clients
  4. Prohibitions and Confidentiality
  5. Content
  6. Brand Features; Attribution
  7. Privacy and Copyright Protection
  8. Termination
  9. Liability for our APIs
  10. General Provisions
  11. Responsibility as our API User
  12. Developer Policy
  13. Payments and refunds
  14. Paid APIs
  15. Service Level Objectives(SLO)
  16. Contact


I. Account and Registration

Accepting the Terms

You may not use the APIs and may not accept the Terms if (a) you are not of legal age to form a binding contract with Sandbox, or (b) you are a person barred from using or receiving the APIs under the applicable laws of India or other countries including the country in which you are resident or from which you use the APIs.

Entity Level Acceptance

If you are using the APIs on behalf of an entity, you represent and warrant that you have authority to bind that entity to the Terms and by accepting the Terms, you are doing so on behalf of that entity (and all references to "you" in the Terms refer to that entity).


In order to access certain APIs you may be required to provide certain information (such as identification or contact details) as part of the registration process for the APIs, or as part of your continued use of the APIs. Any registration information you give to Sandbox will always be accurate and up to date and you'll inform us promptly of any updates.


II. Using Our APIs

Your End Users

You will require your end-users to comply with (and not knowingly enable them to violate) applicable law, regulation, and the Terms.

Compliance with Law, Third Party Rights, and Other Sandbox Terms of Service

You will comply with all applicable law, regulation, and third party rights (including without limitation laws regarding the import or export of data or software, privacy, and local laws). You will not use the APIs to encourage or promote illegal activity or violation of third party rights. You will not violate any other terms of service with Sandbox (or its affiliates).

Permitted Access

You will only access (or attempt to access) an API by the means described in the documentation of that API. If Sandbox assigns you developer credentials (e.g. client IDs), you must use them with the applicable APIs. You will not misrepresent or mask either your identity or your API Client's identity when using the APIs or developer accounts.

API Limitations

Sandbox sets a quota on your use of the APIs depending on your subscription plan. We do not limit the requests for our users using our API’s. However, in the event of a request made above the subscription limit, an additional charge will be applicable on an overdraft basis. For every additional call made over and above the plan subscribed, an appropriate tariff per call will be applicable. This tariff will be raised in the invoice of the subsequent subscription cycle. (Eg: If the plan subscribed is for 1000 calls/month for Rs. 999/month, for every additional call made after the 1000 calls are exhausted, you will be charged a tariff of Rs. 0.999/call). Sandbox reserves the right to revise the Fee periodically.

Communication with Sandbox

We may send you certain communications in connection with your use of the APIs. Please review the applicable API documentation for information about opting out of certain types of communication.


If you provide feedback or suggestions about our APIs, then we (and those we allow) may use such information without obligation to you.


The Terms are non-exclusive. This Agreement shall be on a principal-to-principal basis and shall not create any Principal-Agent relationship between the parties.  Nothing in this Agreement shall be deemed to constitute a partnership between the parties nor otherwise entitle the either Party to have any authority to bind the other Party for any purpose. Sandbox shall take necessary steps and/or precautions to ensure that the Services offered by us through our Application, are not misrepresented as being offered by our source.


III. Your API Clients

API Clients and Monitoring

The APIs are designed to help you enhance your websites and applications ("API Client(s)").You agree that Sandbox may monitor use of the API's to ensure Quality, improve Sandbox Products and services and verify your compliance with the terms. This monitoring may include Sandbox accessing and using your API Client, for example to identify security issues that could affect Sandbox or its users. You will not interfere with this monitoring. Sandbox may use any technical means to overcome such interference. Sandbox may suspend access to the APIs by you or your API Client without notice if we reasonably believe that you are in violation of the Terms.


You will use commercially reasonable efforts to protect user-information collected by your API Client, including personally identifiable information ("PII"), from unauthorized access or use and will promptly report to your users any unauthorized access or use of such information to the extent required by applicable law.


Sandbox does not acquire ownership in your API Clients, and by using our APIs, you do not acquire ownership of any rights in our APIs or the content that is accessed through our APIs.

User Privacy and API Clients

You will comply with all applicable privacy laws and regulations including those applying to PII. You will provide and adhere to a privacy policy for your API Client that clearly and accurately describes to users of your API Client what user information you collect and how you use and share such information (including for advertising) with Sandbox and third parties.


IV. Prohibitions and Confidentiality

 API Prohibitions

When using the APIs, you may not (or allow those acting on your behalf to):

  1. Sublicense and/or resell an API for use by a third party. Consequently, you will not create an API Client that functions substantially the same as the APIs and offer it for use by third parties.
  2. Perform an action with the intent of introducing to Sandbox products and services any viruses, worms, defects, Trojan horses, malware, or any items of a destructive nature.
  3. Defame, abuse, harass, stalk, or threaten others.
  4. Interfere with or disrupt the APIs or the servers or networks providing the APIs.
  5. Promote or facilitate unlawful online gambling or disruptive commercial messages or advertisements.
  6. Reverse engineer or attempt to extract the source code from any API or any related software, except to the extent that this restriction is expressly prohibited by applicable law.
  7. Remove, obscure, or alter any Sandbox terms of service or any links to or notices of those terms.
  8. Reselling of the APIs without prior and explicit consent of Sandbox should not be done. 

 Confidential Matters

  1. Developer credentials (such as passwords, keys, and secret) are intended to be used by you and identify your API Client. You will keep your credentials confidential and make reasonable efforts to prevent and discourage other API Clients from using your credentials. Developer credentials may not be embedded in open source projects.
  2. Our communications to you and our APIs may contain Sandbox confidential information. Sandbox confidential information includes any materials, communications, and information that are marked confidential or that would normally be considered confidential under the circumstances. If you receive any such information, then you will not disclose it to any third party without Sandbox's prior written consent. Sandbox confidential information does not include information that you independently developed, that was rightfully given to you by a third party without confidentiality obligation, or that becomes public through no fault of your own. You may disclose Sandbox's confidential information when compelled to do so by law if you provide us reasonable prior notice unless a court orders that we not receive notice.

V. Content

Content Accessible Through our APIs

Our APIs contain some third party content (such as text, images, videos, audio, or software). This content is the sole responsibility of the person that makes it available. We may sometimes review content to determine whether it is illegal or violates our policies or the Terms, and we may remove or refuse to display content. Finally, content accessible through our APIs may be subject to intellectual property rights, and, if so, you may not use it unless you are licensed to do so by the owner of that content or are otherwise permitted by law. Your access to the content provided by the API may be restricted, limited, or filtered in accordance with applicable law, regulation, and policy.

Submission of Content

Some of our APIs allow the submission of content. Sandbox does not acquire any ownership of any intellectual property rights in the content that you submit to our APIs through your API Client, except as expressly provided in the Terms. For the sole purpose of enabling Sandbox to provide, secure, and improve the APIs (and the related service(s)) and only in accordance with the applicable Sandbox privacy policies, you give Sandbox a perpetual, irrevocable, worldwide, sublicensable, royalty-free, and non-exclusive license to Use content submitted, posted, or displayed to or from the APIs through your API Client. "Use" means use, host, store, modify, communicate, and publish. Before you submit content to our APIs through your API Client, you will ensure that you have the necessary rights (including the necessary rights from your end users) to grant us the license.

Retrieval of content

When a user's non-public content is obtained through the APIs, you may not expose that content to other users or to third parties without explicit opt-in consent from that user.


Prohibitions on Content

Unless expressly permitted by the content owner or by applicable law, you will not, and will not permit your end users or others acting on your behalf to, do the following with content returned from the APIs:

  1. Scrape, build databases, or otherwise create permanent copies of such content, or keep cached copies longer than permitted by the cache header;
  2. Copy, translate, modify, create a derivative work of, sell, lease, lend, convey, distribute, publicly display, or sublicense to any third party;
  3. Misrepresent the source or ownership; or
  4. Remove, obscure, or alter any copyright, trademark, or other proprietary rights notices; or falsify or delete any author attributions, legal notices, or other labels of the origin or source of material.


VI. Brand Features; Attribution

Brand Features

"Brand Features" is defined as the trade names, trademarks, service marks, logos, domain names, and other distinctive brand features of each party. Except where expressly stated, the Terms do not grant either party any right, title, or interest in or to the other party's Brand Features. All use by you of Sandbox's Brand Features (including any goodwill associated therewith) will inure to the benefit of Sandbox.


You agree to display any attribution(s) required by Sandbox as described in the documentation for the API. Sandbox hereby grants to you a non-transferable, non sublicensable, nonexclusive license while the Terms are in effect to display Sandbox's Brand Features for the purpose of promoting or advertising that you use the APIs. You must only use the Sandbox Brand Features in accordance with the Terms and for the purpose of fulfilling your obligations under this Section. You understand and agree that Sandbox has the sole discretion to determine whether your attribution(s) and use of Sandbox's Brand Features are in accordance with the above requirements and guidelines.


You will not make any statement regarding your use of an API which suggests partnership with, sponsorship by, or endorsement by Sandbox without Sandbox's prior written approval.

Promotional and Marketing Use

In the course of promoting, marketing, or demonstrating the APIs you are using and the associated Sandbox products, Sandbox may produce and distribute incidental depictions, including screenshots, video, or other content from your API Client, and may use your company or product name. You grant us all the necessary rights for the above purposes.


VII. Privacy and Copyright Protection

Sandbox Privacy Policies

This Privacy Policy provides you with details about the manner in which your data is

collected, stored & used by us. 


Information Collection

  • We collect basic profile information directly from you when you subscribe with Sandbox to use our APIs (Company Name and other relevant details)
  • We ask & store information such as your name, address, contact details, payment details in order to deliver our products and services to you and
  • We store transactional data (number of calls made, which APIs are called, the plan you subscribe to etc) for business and analysis purposes.


Use of Information

  • We use your basic information to manage your subscription to communicate with you;
  • We may use your basic information to take up or investigate any complaints/claims/disputes;


Sharing of Information

  • We do not share your information to anyone outside of Sandbox for marketing or solicitation purposes;
  • We may share your transactional data information with teams within Sandbox for new product development and customer engagement purposes;
  • We may access and/or disclose your basic information if it is necessary to comply with the law or legal process, to protect or defend Sandbox. For example, we may be required to cooperate with regulators or law enforcement action such as a court order, subpoena or search warrant and
  • We may disclose your information if required by financial institutions to verify, mitigate or prevent fraud or to manage risk or recover funds in accordance with applicable laws/regulations.


Storage and Retention

  • Our APIs are a pass through APIs, hence we store only transactional data (number of calls made, which APIs are called, billing information etc.) which are received from our API subscribers. 
  • Sensitive and personal data of API clients that flow through our platform only passes through our servers and is not retained with Sandbox
  • We retain your billing information to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.


Information Security

  • We take various steps and measures to protect the security of your information from loss, misuse, and alteration of the information under our control. We use industry-standard measures to protect the Personal Information that is stored in our database.
  • We limit access to sensitive information to those employees and contractors who need access to perform their job functions, such as our customer service personnel;
  • We work with leading security experts to review our security procedures;
  • We comply with applicable laws and industry standards and
  • We use encryption to send and receive your information securely


VIII. Termination


You may stop using our APIs at any time with or without notice. Sandbox reserves the right to terminate the Terms with you or discontinue the APIs or any portion or feature or your access thereto for any reason deemed fit. This can include:

  • Breach of Intellectual Property Rights/ Confidentiality/ Data security obligations, 
  • Committing a material breach of any of the terms and conditions
  • Being involved in fraud or other illegal or unethical
  • One of the party enters into liquidation 
  • Fails to adhere to security standards
  • Any other act of willful misconduct

Your Obligations Post-Termination

Upon any termination of the Terms or discontinuation of your access to an API, you will immediately stop using the API, cease all use of the Sandbox Brand Features, and delete any cached or stored content that was permitted by the cache header under Section 5. Sandbox may independently communicate with any account owner whose account(s) are associated with your API Client and developer credentials to provide notice of the termination of your right to use an API.

Surviving Provisions

When the Terms come to an end, those terms that by their nature are intended to continue indefinitely will continue to apply.


IX. Liability for our APIs


Except as expressly set out in the terms, neither Sandbox nor its suppliers or distributors make any specific promises about the APIs. For example, we don't make any commitments about the content accessed through the APIs, the specific functions of the APIs, or their reliability, availability, or ability to meet your needs. We provide the APIs "as is".

Some jurisdictions provide for certain warranties, like the implied warranty of merchantability, fitness for a particular purpose, and non-infringement. Except as expressly provided for in the terms, to the extent permitted by law, we exclude all warranties, guarantees, conditions, representations, and undertakings.

Limitation of Liability

When permitted by law, Sandbox, and Sandbox's suppliers and distributors, will not be responsible for lost profits, revenues, or data; financial losses; or indirect, special, consequential, exemplary, or punitive damages.

To the extent permitted by law, the total liability of Sandbox, and its suppliers and distributors, for any claim under the terms, including for any implied warranties, is limited to the amount you paid us to use the applicable APIs (or, if we choose, to supplying you the APIs again) during the six months prior to the event giving rise to the liability.

In all cases, Sandbox, and its suppliers and distributors, will not be liable for any expense, loss, or damage that is not reasonably foreseeable or more than INR 5,000.


Unless prohibited by applicable law, if you are a business, you will defend and indemnify Sandbox, and its affiliates, directors, officers, employees, and users, against all liabilities, damages, losses, costs, fees (including legal fees), and expenses relating to any allegation or third-party legal proceeding to the extent arising from:

  1. your misuse or your end user's misuse of the APIs;
  2. your violation or your end user's violation of the Terms; or
  3. any content or data routed into or used with the APIs by you, those acting on your behalf, or your end-users.

Force Majeure

Any delay in or failure of performance by Sandbox under this License Agreement will not be considered a breach of this License Agreement and will be excused to the extent caused by any occurrence beyond its reasonable control, including, but not limited to, acts of God, power outages, failures of the Internet, failures of banking or any other unforeseeable event.


X. General Provisions


We may modify the Terms or any portion to, for example, reflect changes to the law or changes to our APIs. You should look at the Terms regularly. We'll post notice of modifications to the Terms within the documentation of each applicable API, to this website, and/or in the Sandbox API Dashboard. Changes will not apply retroactively and will become effective no sooner than 30 days after they are posted. But changes addressing new functions for an API or changes made for legal reasons will be effective immediately. If you do not agree to the modified Terms for an API, you should discontinue your use of that API. Your continued use of the API constitutes your acceptance of the modified Terms.

General Legal Terms

We each agree to contract in the English language. The Terms do not create any third party beneficiary rights or any agency, partnership, or joint venture. Nothing in the Terms will limit either party's ability to seek injunctive relief. We are not liable for failure or delay in performance to the extent caused by circumstances beyond our reasonable control. If you do not comply with the Terms, and Sandbox does not take action right away, this does not mean that Sandbox is giving up any rights that it may have (such as taking action in the future). If it turns out that a particular term is not enforceable, this will not affect any other terms. The Terms are the entire agreement between you and Sandbox relating to its subject and supersede any prior or contemporaneous agreements on that subject. For information about how to contact Sandbox, please visit our contact page.

Sandbox API Services, including Sandbox Sign-In, are part of an authentication and authorization framework that gives you, the developer, the ability to connect directly with Sandbox users when you would like to request access to Sandbox user data. The policy below, as well as the Sandbox APIs Terms of Service, govern the use of Sandbox APIs when you request access to Sandbox user data. Please check back from time to time as these policies are occasionally updated.


Governing Law and Jurisdiction

The validity, construction and performance of this License Agreement shall be governed by, and construed and enforced in accordance with, the laws of India. Any dispute or difference whatsoever arising between the parties out of or relating to the construction, meaning, scope, operation or effect of this agreement or the validity or the breach thereof shall be settled by arbitration. The seat and venue of arbitration shall be Mumbai, India and shall be governed by the provisions of the Arbitration and Conciliation Act, 1996.


XI. Responsibility as our API User

Accurately represent your identity and intent

If you wish to access Sandbox user data you must provide Sandbox users and Sandbox with clear and accurate information regarding your use of Sandbox APIs. This includes, without limitation, requirements to accurately represent:

  • Who is requesting Sandbox user data? All permission requests must accurately represent the identity of the application that seeks access to user data. If you have obtained authorized client credentials to access Sandbox APIs, keep these credentials confidential.
  • What data are you requesting? You must provide clear and accurate information explaining the types of data being requested. In addition, if you plan to access or use a type of user data that was not originally disclosed in your privacy policy when a Sandbox user initially authorized access, you must update your privacy policy and prompt the user to consent to any changes before you may access that data.
  • Why are you requesting Sandbox user data? Be honest and transparent with users when you explain the purpose for which your application requests user data. If your application requests data for one reason but the data will also be utilized for a secondary purpose, you must notify Sandbox users of both use cases. As a general matter, users should be able to readily understand the value of providing the data that your application requests, as well as the consequences of sharing that data with your application.

Liability of API User: Consent and Reason from the authorised user is compulsory while accessing personal information including but not limited to PAN Data, Income Tax Return Data, GST Data, Bank Account Data and all other relevant data obtained from Tax Compliance APIs. This signifies that the API user entity has consent from the end customer to ensure that their details will be verified and the reason for which the data is being used. You will be solely responsible for obtaining such consent from the customer and we assume that such consent is sought and received by you if you provide such information at any time during the use of the Platform.

If you provide any information that is false, inaccurate or outdated, or we have reasonable grounds to suspect that such information is false, inaccurate or outdated, we will be entitled to suspend or terminate your account and prohibit any and all current or future use of the Platform by you. You are responsible for maintaining the confidentiality of the account and are fully responsible for all activities that occur under your account.

Be transparent about the data you access with clear and prominent privacy disclosures

You must publish a privacy policy that fully documents how your application interacts with user data. You must list the privacy policy URL in your OAuth client configuration when your application is made available to the public.

Your Privacy Policy and all in-product privacy notifications should be accurate, comprehensive, and easily accessible. Your privacy policy and in-product privacy notifications must thoroughly disclose the manner in which your application accesses, uses, stores, or shares Sandbox user data. Your use of Sandbox user data must be limited to the practices explicitly disclosed in your published privacy policy, but you should consider the use of additional in-product notifications to ensure that users understand how your application will handle user data. If you change the way your application uses Sandbox user data, you must notify users and prompt them to consent to an updated privacy policy before you make use of Sandbox user data in a new way or for a different purpose than originally disclosed.

Disclosures about data use should be prominent and timely. Your privacy policy and any in-product notifications regarding data use should be prominently displayed in your application interface so that users can find this information easily. Where possible, disclosures about data use should be timely and shown in context.

Request relevant permissions

Permission requests should make sense to users and should be limited to the critical information necessary to implement your application.

Don't request access to information that you don't need. Only request access to the minimal, technically feasible scope of access that is necessary to implement existing features or services in your application, and limit access to the minimum amount of data needed. Don't attempt to "future proof" your access to user data by requesting access to information that might benefit services or features that have not yet been implemented.

Request permissions in the context where possible. Request access to user data in context (via incremental auth) whenever you can, so that users understand why you need the data.

Deceptive or unauthorized use of Sandbox APIs is prohibited

You are strictly prohibited from engaging in any activity that may deceive users or Sandbox about your use of Sandbox APIs. This includes without limitation the following requirements:

Do not misrepresent what data is collected or what you do with Sandbox user data. Be upfront with users so that they can make an informed decision to grant authorization. You must disclose all user data that you access, use, store, delete, or share, as well as any actions you take on a user's behalf.

You are not permitted to access, aggregate, or analyze Sandbox user data if the data will be displayed, sold, or otherwise distributed to a third party conducting surveillance.

Overall there should be no surprises for Sandbox users: hidden features, services, or actions that are inconsistent with the marketed purpose of your application may lead Sandbox to suspend your ability to access Sandbox APIs.

Do not mislead Sandbox about an application's operating environment. You must accurately represent the environment in which the authentication page appears. For example, don't claim to be an Android application in the user agent header if your application is running on iOS, or represent that your application's authentication page is rendered in a desktop browser if instead the authentication page is rendered in an embedded web view.

Do not use undocumented APIs without express permission. Don't reverse engineer undocumented Sandbox APIs or otherwise attempt to derive or use the underlying source code of undocumented Sandbox APIs. You may only access data from Sandbox APIs according to the means stipulated in the official documentation of that APIs, as provided on Sandbox's developer site.

Do not make false or misleading statements about any entities that have allegedly authorized or managed your application. You must accurately represent the company, organization, or other authority that manages your application. Making false representations about client credentials to Sandbox or Sandbox's users is grounds for suspension.

Maintain a secure operating environment

You must take reasonable and appropriate steps to protect all applications or systems that make use of Sandbox APIs against unauthorized or unlawful access, use, destruction, loss, alteration, or disclosure.


You must access Sandbox APIs in accordance with the Sandbox APIs Terms of Service. If you are found to be out of compliance with the Sandbox APIs Terms of Service, this Sandbox APIs: User Data Policy, or any Sandbox product policies that are applicable to the Sandbox APIs you are using, Sandbox may revoke or suspend your access to Sandbox APIs and other Sandbox products and services. Your access to Sandbox APIs may also be revoked if your application enables end-users or other parties to violate the Sandbox APIs Terms of Service and/or Sandbox policies.

XII. Developer Policy

This Developer Policy ("Policy") provides rules and guidelines that govern access to or use by our developers (“you” or “your”) of the Sandbox API offered by Sandbox, websites (“Site”), dashboards, related tools, and other products or services (collectively, the "Service") provided by Sandbox Financial Technologies Private Limited. Any violation of this Policy may result in suspension or termination of your access to the Service and/or access to end-users’ personal and financial information ("End User Data").

By accessing and using the Service, you agree to comply with all the terms of this Policy. This Policy will apply each time you access or use the Service. If you are agreeing to the terms of this Policy on behalf of an organization or entity, you represent and warrant that you are so authorized to agree on behalf of that organization or entity. This Policy is important; please read it carefully.

We may update or change this Policy at any time in our discretion. If we make any changes to this Policy that we deem to be material, we will make a reasonable effort to inform you of such change. If you don’t agree with the change, you are free to reject it; unfortunately, that means you will no longer be able to use the Service.



To sign up for the Service, you must create an account ("Account") by registering on our Site and providing true, accurate, and complete information about yourself and your use of the Service. You agree not to misrepresent your identity or any information that you provide for your Account, and to keep your Account information up to date at all times. It is your responsibility to maintain access to your Account; you may never share your Account information, including your Sandbox API Dashboard password, as well as your API authentication credentials, including your API Key (“Key”) and secret, with a third party or allow any other application or service to act like you.

If you become aware of any unauthorized use of your Account or any other breach of security, please immediately notify us via email to

Compliance with Applicable Law

When using the Service, you must abide by all applicable local, state, national, and international laws. You also confirm that you, your business, your employees, your service providers, and any others acting on your behalf adhere to all applicable laws, especially those pertaining to financial data and to data protection, privacy, and data security.

In addition, you certify that you, your officers, directors, shareholders, direct and indirect parent entities, subsidiaries, and affiliates:

  • are and will remain in compliance with all applicable import, re-import, sanctions, anti-boycott, export, and re-export control laws and regulations (including all such laws and regulations that apply to an Indian company);
  • are not subject to, or owned by parties that are subject to, sanctions or otherwise identified on any sanctions-related list, including but not limited to lists maintained by the Indian government, the United Nations Security Council, the United Kingdom, the European Union or its Member States, or other applicable government authority; and
  • are not engaging, and will not engage, in activities which may require or permit any applicable government authority to pursue an enforcement action against, or impose economic sanctions on you or us.

You are solely responsible for ensuring that your use of the Service is in compliance with all laws applicable to you, including without limitation, the rules and guidelines of any system or network that facilitates payments and any security requirements, including under the Payment Card Industry Data Security Standards (PCI-DSS), as may be applicable to you.


You are responsible for securely maintaining your Sandbox API Dashboard username and password, as well as your API authentication credentials, including your key and secret. You must notify us immediately in the event of any breach of security or unauthorized use of your Account or any End User Data. You must never publish, distribute, or share your key and secret, and must encrypt this information in storage and during transit.

Your systems and application(s) must handle End User Data securely. With respect to End User Data, you should follow industry best practices but, at a minimum, must perform the following:

  • Maintain administrative, technical, and physical safeguards that are designed to ensure the security, privacy, and confidentiality of End User Data.
  • Use modern and industry-standard cryptography when storing or transmitting any End User Data.
  • Maintain reasonable access controls to ensure that only authorized individuals that have a business need have access to any End User Data.
  • Monitor your systems for any unauthorized access. Patch vulnerabilities in a timely fashion. Log and review any events suggesting unauthorized access.
  • Plan for and respond to security incidents.
  • Comply with relevant rules and regulations with regard to the type of data you are handling, such as the Safeguards Rule.

Data Storage

Any End User Data in your possession must be stored securely and in accordance with applicable laws.

Account Deactivation

Once you stop using the Service in accordance with any applicable agreement you may have with us, you may deactivate your Account by following the instructions on the Site. We may also deactivate your Account if your applicable agreement with us terminates or expires, or as reasonably necessary under applicable law. After your Account deactivation, we will de-provision your access to all End User Data associated with your integration.

Even after your Account deactivation, and to the extent permitted under applicable law, we may still retain any information we collected about you for as long as necessary to fulfill the purposes outlined in our privacy policy/statement, or for a longer retention period if required or permitted under applicable law.

If any provision of this Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Policy shall otherwise remain in full force and effect and enforceable.

Dispute Resolution

  • Any dispute arising out of or in connection with these Terms of Use shall be referred by written notice first to the authorized representative of each Party who shall meet and endeavor to resolve the dispute between them within 5 business days of such notice.
  • Failing resolution of the dispute, the matter shall be referred to a Senior Representative of the Client and a Senior Representative of Service Provider (together with the “Senior Representatives”), who shall meet and endeavor to resolve the dispute between them within 10 business days of such notice.
  • All disputes and differences that may arise between the parties hereto in respect of any of the covenants of this Terms of Use or any interpretation thereof and that are not resolved amicably shall be resolved by arbitration of a sole arbitrator appointed mutually by the Parties, who shall conduct the proceedings in accordance with the Arbitration and Conciliation Act, 1996 including any modification and re-enactment thereof in force from time to time.
  • The venue of arbitration shall be MUMBAI and the governing laws shall be the laws prevailing in India.
  • Subject to this Clause, the Courts in MUMBAI shall have exclusive jurisdiction to try any matter arising out of the Agreement.

XIII. Payments and refunds

In consideration of services rendered by Sandbox, you may pay a fee. Sandbox reserves the right to revise the Fee periodically.

The payment method for the different types of subscription are as follows: 

Standard Subscription: 

  • This subscription can be opted directly from the dashboard by setting up a recurring payment on Credit/Debit Card or UPI Autopay. Wherein, at the beginning of the subscription cycle, the amount will be automatically debited from the Debit/Credit Card provided by you. This will be done through a third-party electronic payment gateway service provider regulated by the Reserve Bank of India.
  • Receipt of payment is deemed as acceptance of the subscription, delivery, and terms & conditions.
  • The subscription can be cancelled at your discretion at any time from your dashboard. However, there will be no refunds upon cancellation. 
  • In case of credit payment, the amount can be added to your Wallet through the dashboard under "Wallet" section. 

Prepaid Subscription: 

  • This subscription will be available to the customer only on specific discretion by the Sandbox team. This subscription is created by the Sandbox support team only on request.
  • Under prepaid subscription, the customer is required to set up a recurring payment of an amount of INR 1. Upon completion of the set up of recurring payment, the payment action will be generated for the customer under the payment section on their dashboard to pay the remainder of the subscription amount due. When the subscription is due for renewal, an amount of INR 1 will be auto debited from your selected payment method and a payment action will be generated. The payment that is generated in your dashboard needs to be completed within 3 Working days of payment initiation. In case of non-payment, Sandbox Reserves the right to halt your subscription until the payment due has been cleared.
  • Receipt of payment is deemed as acceptance of the subscription, delivery, and terms & conditions.
  • In case of credit payment, the amount can be added to your Wallet through the dashboard under "Wallet" section 
  • This subscription can only be cancelled by contacting the Sandbox Support Team. However, there will be no Refunds upon cancellation. 

For more information about how to manage a prepaid subscription, click here.

The User cannot use or permit the use of the payment gateway or any related services for any illegal or improper purposes. The User shall utilize the payment gateway at their own risk. These risks would include but not be limited to the following risks and Sandbox disclaims all liability and responsibility for any claims, losses, damages, costs of whatsoever nature arising due to such risks:

  1. Misuse of Password: If any third party obtains access to the user password of the Account, such third party would be able to transact on Platform.
  2. Internet Frauds: In case of frauds, misuse, hacking and other actions, we shall aim to provide security to prevent the same, however, there cannot be any guarantee against such internet frauds, hacking and other actions. The User shall separately evolve/evaluate all risks arising out of the same.
  3. Technology Risks: The technology for enabling the transfer of funds and the other services offered by the electronic payment gateway and we could be affected by virus or other malicious, destructive or corrupting code, program or macro. We disclaim all and any liability, whether direct or indirect, whether arising out of loss or profit or otherwise arising out of any failure or inability by payment gateway/banks to process any transaction/payment instructions for whatsoever reason. We shall not be responsible for any of the aforesaid risks.
  4. Indemnity: The User shall indemnify Sandbox from and against all losses and damages that may be caused as a consequence of breach by them of any of the terms specified by the electronic payment gateway service provider and the terms and conditions mentioned herein above.
  5. Authentication of the Transaction: The Users are authorized to make transaction(s) only with and from the bank account(s) registered on the Platform. Banks have all the right to cancel, reject and/or unauthorize the transaction made by the User, from any other account, details of which are neither registered nor provided to the us. 

All Sandbox fees and charges are quoted and billed in Indian Rupees (INR) unless otherwise specified. Service fees are due at the time of order or on the day of renewal. All fees must be paid in full. Your order will be processed only after you make the payment.

Sandbox may take any reasonable time and action to validate your payment, registration information and collect all payments due. Invoices and order confirmation for all Sandbox's services will be sent to your registered email address.

In case the invoice has not been cleared within 30 days from the invoice issued to you, an interest of 1% shall be levied from the date the pending invoice had been generated.

In case of order cancellation from Sandbox's end, your refund will be processed within 5 working days. The completion of the refund procedure is subject to agencies such as banks, payment gateways.


Refunds & Cancellations:

  1. Any Questions about refunds and cancellations should be addressed to
  2. In the event, you want to Cancel your existing subscription, you will not receive any refund. Upon cancellation, the subscription will end immediately.
  3. In case of exceptional circumstances you can reach out to us at, and we will resolve your query on a case by case basis.
  4. Refund of wallet credits shall be made to the user once the subscription is cancelled.
  5. If we notice any fraudulent activity ((Fraud means dishonestly obtaining a benefit, or causing a loss, by deception or other means, and includes allegedattempted, suspected or detected fraud) or any malpractice by you, we may cancel your subscription, without issuing a refund for the same.


XIV. Paid APIs

Sandbox APIs, in some cases, act as a bridge and use third-party APIs to pull data that has been requested by our service client(eg. in case of Compliance APIs, etc.). This is only possible using third parties which is why Sandbox helps its clients get access to this data by creating a bridge between the client and the respective third party.

We recommend you continue using Sandbox APIs to access this third party data for the following reasons:

  1. We have already spent time on understanding these third-party APIs, Private key infrastructure and created integrations, ensuring our customer does not have to go through the hassle
  2. We provide an easy self-served Onboarding, seamless API integration, simple subscription plans, well-defined API docs and a better UI/UX suitable for our clients
  3. We do not charge over and above the cost, we incur from these third parties, therefore you get access to this data at the same cost as you would if you were  to approach the source directly. 
  4. Sandbox APIs ensure immediate access to this data with easy to use RESTful APIs
  5. You do not have to pay the one time set up cost, Onboarding/ application fees to the source party as Sandbox pays for it as an add-on benefit for its customers. 


While Business APIs are free to use with the subscription, an additional cost may be incurred for Compliance APIs. Once you subscribe to our service you can also access these third-party APIs through us. We have done all the groundwork of tying up with multiple institutes in order to provide resilience & fault tolerance. However, when we call these third-party APIs a cost is incurred for APIs called. We ensure that the price you pay to Sandbox for these API calls is the same as what you would pay to the source directly. This cost will be deducted in a prepaid manner from your Sandbox Account credits. You will be required to maintain sufficient balance to make such Paid API calls. This can be done via various payment methods including but not limited to credit/debit cards, UPI and NetBanking.

For information on pricing contact us here. The pricing is based on the basis of your requirement, use case and volume


Additional calls

In case of any additional calls, a request can be made above the subscription limit, an additional charge will be applicable on an overdraft basis. For every additional call made over and above the plan subscribed, an appropriate tariff per call will be applicable. This tariff will be raised in the invoice of the subsequent subscription cycle. Sandbox reserves the right to revise the Fee periodically. (Eg: If the plan subscribed is for 1000 calls/month for Rs. 999/month, for every additional call made after the 1000 calls are exhausted, you will be charged a tariff of Rs. 0.999/call).

Overdraft Policy

An Overdraft fee will be applicable on calls made beyond the subscribed limit. Upon failure to pay the  Overdraft fees within reasonable time, the client will not be able to continue using the services and a reasonable interest per month will be applied on the Overdraft fee. The Client should ensure payment of the entire amount Overdraft Fees as well as the accrued Interest amount within reasonable time so as to avoid an increase in amount due. Once the arrears have been cleared by you, your services will be reactivated.

Upgrades & Downgrades

Upgrades and Downgrades to an existing subscription become a business need at one or other point. All the actions pertaining to Upgrades and Downgrades can be carried out on the dashboard or by contacting us directly. 


Standard Subscription  : 

  • In cases you want to Upgrade your existing standard subscription plan, subscriptions that  are set up using Credit/Debit Cards as the mode of recurring payment, can be upgraded or downgraded at any time. All upgrades take place immediately and all downgrades take place at the end of cycle
  • Subscriptions set up using UPI Autopay as the recurring payment method cannot be upgraded or downgraded. You will be required to cancel the current subscription and start a new subscription with the desired plan. 
  • The following table provides a clear indication of upgrades and downgrades in the case of Standard subscription:

Following table can serve as an example for the same:


  • In cases you want to Upgrade your existing subscription plan, you will have to make a request from dashboard. 
  • All upgrades will be carried out immediately after opting for it and depending on the usage in the current cycle, some amount will be charged immediately(subscription charge) and some in the upcoming cycle (overdraft/outstanding). 
  • The upgrade will be activated immediately after the payment for the Upgrade is received by us. Following table can serve as an example for the same:

  • In case you want to downgrade your subscription plan, you will have to make a request for the existing subscription, the requested downgrade will be carried out at the end of the current cycle. As a result, no refund/changes will be made for the current cycle

Prepaid Subscription: 

  • Prepaid subscriptions cannot be upgraded/downgraded. In case you wish to upgrade or downgrade, please contact us here.
  • Upgrades and Downgrade requests will be carried out at the end of cycle by cancelling the current subscription and creating a new prepaid subscription for the customer to authenticate the payment method.

For more information about how to manage a prepaid subscription, click here.


XV. Service Level Objectives(SLO)

SLO category

Relevant SLO

Service Domain





Uptime Level

 API(Application Programmable Interface)

Shows the availability of a service at a certain period of time, over the aggregated feasible available time(%)


Successful requests percentage

 API(Application Programmable Interface) 

Indicates the number of error free requests processed by the service upon the collected number of submitted reports(%)


Timely provisioning service request rate


 API(Application Programmable Interface)

Indicates the number of provisioning service requests accomplished in a certain period of time over the total number of provisioning request service(%)


Response Time


Average Mean response


 API(Application Programmable Interface)

The statistical mean upon a set of observed response time service set for a particular type of request

2 seconds

Maximum response time


 API(Application Programmable Interface)

The maximum response time goal for a particular and specific type of request

30 seconds



Maximum resource capacity

 API(Application Programmable Interface) 

The highest and available amount of all allocated resources to an instance of the service for a special service client. Example of a resource includes storage memory, number of CPU etc

on demand up to 100 concurrency

Simultaneous Service users number


 API(Application Programmable Interface)

The maximum number of individuals that can be utilising the service at the same time

on demand

Simultaneous connection number

 API(Application Programmable Interface) 

The maximum number of individual connections to the service at the same time

 on demand

Service throughput


 API(Application Programmable Interface)

The minimum number of specific requests that can be processed by the service in an offered period of time like the number of requests per second

1000 requests per second 

Capability Indicators

External connectivity


 API(Application Programmable Interface)

Explains the service capabilities to connect to external systems and or services

on demand 




Support Hours


 API(Application Programmable Interface)

Indicated the period of time in hours that SP provides support interface that allows requests and general inquiries from the service client

business hours 

Support responsiveness


 API(Application Programmable Interface)

The maximum period of time that the SP will take to acknowledge a service client’s request or inquiry

same business day 

Support Responsiveness to ticket raised by Client:
3 Hours
1 Business Day
3 Hours 
1 Business Day
8 Hours
2 Business Days
1 Business Day
3 Business Days


API(Application Programmable Interface)

The maximum period of time that the SP will take to resolve a service client’s request or inquiry

 3 business days



 API(Application Programmable Interface)

Defines the nightly maintenance schedule for updates and other changes

 12am-5am (IST)



 API(Application Programmable Interface)

Defines the timings of communication for planned maintenance 

 72 hours

*Note that our API uptime does not include any downtime from our source. 

XVI. Contact

For any queries or questions, you can contact us at