API Reference
Welcome to The Sandbox REST API documentation. Here you’ll find all the information you need to authenticate, interact with our endpoints, and integrate your application with The Sandbox ecosystem.
Introduction
This serves as a comprehensive understanding of The Sandbox Developers API.
Conventions
The base URL for all API requests is: https://developers.sandbox.game/api/
- HTTPS is required for all requests.
- This API follows RESTful conventions using
GET,POST,PATCH, andDELETE. - Request and response bodies are encoded in JSON.
JSON Conventions
- Top-level resources use a UUIDv4
"id"property. - All property names use
snake_case. - Dates and timestamps follow ISO 8601:
- Datetime:
2020-08-12T02:12:33.231Z - Date:
2020-08-12
- Datetime:
Request Limits
To ensure consistent performance, the API enforces rate and size limits.
Rate Limits
Rate-limited requests return a rate_limited error with HTTP status 429.
⏱ Default limit: Average of 3 requests/second per integration. Short bursts are allowed.
WARNING
Rate limits may change in the future. Special rate limits may be introduced for select partners.
Status Codes
We use standard HTTP response codes for success and error responses.
Success
| HTTP Status | Description |
|---|---|
200 | Successfully processed request |
Errors
| HTTP Status | Code | Message |
|---|---|---|
400 | invalid_json | The request body could not be decoded |
invalid_request_url | The request URL is invalid | |
invalid_request | This request is not supported | |
401 | unauthenticated | Invalid or missing bearer token |
403 | unauthorized | Insufficient permissions |
Additional Security Considerations
- Always use HTTPS
- Securely store access tokens
- Handle expiration and use refresh tokens
- Scope tokens properly to limit access