Everything you need to know about Sandboxes

Sandbox 101


Sandbox in a nutshell

A sandbox is an isolated test environment within a system in which new software can be tested for functionality. Basically, it can be compared to a sandbox for children in a protected environment. This prevents the programme from changing or even damaging the respective operating system or other applications through faulty and thus harmful code during its installation. "Sandboxing" was already used by programmers in the 1970s for testing purposes and simulations.

Nowadays, data is exchanged between many applications via so-called "application programming interfaces" (APIs). API sandboxes can be used for testing such APIs. An API sandbox is an environment in which the attributes of the production environment are imitated and calls to the APIs lead to simulated reactions.


Advantages of an API sandbox

The use of an API sandbox offers the following advantages:

  • Increased quality of the end product through production-related data exchange
  • Shortening of development time through fast and consistent availability
  • Mitigation of risks during development for the production environment,
  • Identification of error scenarios for APIs, such as latency in API response time, error conditions or simulation of a non-responsive API.

An API sandbox is thus an effective option in the development of applications. Thanks to them, functionalities can be tested at an early stage and ultimately the risks and costs of testing applications or their connection via APIs can be reduced.


Characteristics of a sandbox

An API sandbox can possess different properties in addition to its specific range of functions. Three essential characteristics are briefly described below.

  • Accessibility (public, private): type of access of a sandbox for the users; public: free of use, possibly connected with free registration; private: only for a selected group of users.
  • Data storage (persistent, mockup data): handling of data entered by users; persistent: data is stored for a certain period of time and various API calls, thus complex technical tests are possible; mockup: users receive standardised answers, technical tests are possible
  • Security level (production-related, technical): Consideration of the security elements defined in the API (e.g. certificate); production-related: the security elements are used, usually registration and the assignment of individual security elements is necessary; technical: the security elements are not considered, the focus is on technical tests.


Overview of "Open Banking" sandboxes in Switzerland

The following table provides an overview of the sandboxes available in Switzerland in the context of Open Banking. As a rule, such a sandbox is offered in connection with an initiative; these are explained in more detail in the article Initiatives in Switzerland.


Focus and other features


Avaloq One

Own APIs, connected to Avaloq model banks

private, persistent, production-related

Berner Kantonalbank

Swiss NextGen API, based on their Open Banking Plattform

public, persistent, production-related

SIX b.Link

Own APIs

private, persistent, production-related


Swiss NextGen API, based on Ergon Swiss Open Banking Solution

public, mockup, technical


Different APIs (a. o. NextGenPSD2, OpenPK, SIX b.Link, Swiss NextGen API)

private, mockup, technical


Swiss NextGen API

public, persistent, production-related

Open Wealth

Own APIs

private, persistent, technical

Related topics