# Sandbox Access

{% hint style="info" %}
💬 **Need help?** If you're stuck, ask Eva on ATRIP for instant diagnostics.

<a href="https://www.atriptech.com/" class="button primary" data-icon="comments">Ask Eva</a>
{% endhint %}

Use this page to get sandbox access and prepare your first API calls.

{% hint style="info" %}
After you get sandbox credentials, run the [Sandbox Validation Test Kit](/api-document/readme/quick-start/sandbox-development/sandbox-validation-test-kit.md).

Use it to confirm credentials, network access, and the no-code booking happy path before development starts.
{% endhint %}

### Goal of this phase

Complete the initial access setup for sandbox.

You should finish this phase before building the booking flow.

### Generate sandbox credentials

Get your sandbox credentials in ATRIP:

1. Open `Profile`.
2. Open `My Profile`.
3. Open `Company Information`.

<figure><img src="/files/kMKR3ogQ7yQIC5YlbLsh" alt=""><figcaption></figcaption></figure>

In `Sandbox Info`, you can find:

* `x-atlas-client-id`
* `x-atlas-client-secret`

Use these values on every sandbox API call.

### Sandbox base URL

Use this base URL for sandbox API calls:

`https://sandbox.atriptech.com/`

Combine it with the endpoint path for each request.

### Standard headers

Send these headers by default:

* `Content-Type: application/json`
* `Accept: application/json`
* `Accept-Encoding: gzip`
* `x-atlas-client-id: <your-client-id>`
* `x-atlas-client-secret: <your-client-secret>`

### Request basics

Use these request defaults:

```
POST /<endpoint>.do
```

* Use `POST` for Atlas API calls.
* Send a JSON body on every call.

### Identifiers used later

You will capture these identifiers in later steps.

Reuse them across the booking flow:

* `routingIdentifier`
* `sessionId`
* `orderNo`

### Response and compression basics

Atlas responses can be large.

If you send `Accept-Encoding: gzip`, handle gzip responses correctly.

Most HTTP clients decompress gzip automatically.

Use these rules in every integration:

* Treat `status == 0` as success.
* Do not use `msg` for business logic.
* Check returned identifiers before moving to the next step.
* Handle compressed responses when `Content-Encoding: gzip` is returned.

### Security basics

Keep both credential values server-side.

Do not expose them in client apps.

Use sandbox for integration and testing.

Use production only after validation is complete.

### Complete this phase when

You can do all of these in sandbox:

* send authenticated requests successfully
* use the standard headers correctly
* know which identifiers are reused later
* handle gzip responses correctly

### Output of this phase

* sandbox client ID and client secret
* working request configuration
* ready-to-start sandbox environment

### Next step

Continue with [Sandbox Development](/api-document/readme/quick-start/sandbox-development.md).

### Related pages

* [Quick Start](/api-document/readme/quick-start.md)
* [Sandbox Validation Test Kit](/api-document/readme/quick-start/sandbox-development/sandbox-validation-test-kit.md)
* [Sandbox Development](/api-document/readme/quick-start/sandbox-development.md)
* [Booking Overview](/api-document/readme/booking-overview.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://resources.atriptech.com/api-document/readme/quick-start/making-requests.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.