Getting Started
Adoption Sandbox
How adopter teams use sandbox, staging, or supervised checks before relying on a platform capability.
Build From A Known Starting Point
Use this guide when a route, request, response, permission model, integration, or deployment behavior needs to be understood before people rely on it. In this guide, Adoption Sandbox narrows that work to numbered workflow for running partners-api locally and verifying routes before integration. Because this is a getting started page, read it as part of the Platform adoption learning path rather than as an isolated checklist.
An API is a contract between systems. Even technical changes can affect attendee records, dashboard behavior, notifications, payments, files, or staff tools. Read the page for the decision it helps a person make, then use the steps and checks as a steady path from context to action to proof.
What You Need Before The First Step
This page helps an adopter or adoption lead get to a working baseline. Follow it in order so later support review starts from a known-good environment. The intended readers are partner administrators, event leads, adoption leads, and integration owners. If the guide names a dashboard screen, service area, export, or record type, treat that name as a pointer to real operational responsibility.
- Primary surface or service: partners-api.
- Records or contracts involved: API service expectations, Auth state, and Platform records.
- Main care point: Watch for using a service route with the wrong actor, changing a response another app depends on, leaking a secret, or triggering the same side effect twice.
- Proof worth keeping: route inventory, method and path, auth model, request and response shape, platform owner confirmation, test result, consumer note, and deployment evidence.
Move From Setup To A Verified Result
- Confirm the tool, account, environment, and source branch: Begin by naming the Platform adoption situation, the owner, and the exact item involved in Adoption Sandbox.
- Run the smallest check that proves setup works: Use partners-api to connect the words on the page to the screen, file, route, or service trail that people actually use.
- Make one request or change at a time: Keep API service expectations, Auth state, and Platform records in view so the work stays tied to the records or contracts it can affect.
- Record the command, route, or result that verified the baseline: Before handing off, save proof such as route inventory, method and path, auth model, request and response shape, platform owner confirmation, test result, consumer note, and deployment evidence so an adoption lead and a non-specialist reviewer can understand what the route does and how it was verified.
You Can Continue When
You are ready to use the rest of this page when the purpose, owner, affected information, and proof are all clear enough for a second person to review.
- Scope is named: The work is tied to the correct page, event, report, route, file, person, or record.
- Impact is understood: The operator can explain the effect on callers, records, permissions, secrets, side effects, and downstream apps.
- Proof is findable: The handoff points to evidence that an adoption lead and a non-specialist reviewer can understand what the route does and how it was verified.
End-to-end adoption runbook
- Step 1 - Name the API workflow and owner: Identify the product area, organization owner, service path, and relying team before adopting a workflow or integration.
- Step 2 - Read the contract in human terms: Check who can use it, what information is exchanged, what can fail, what records change, and what proof the adopting team must keep.
- Step 3 - Prepare auth and input deliberately: Confirm the right role, account, partner, event, and approved data before depending on the workflow.
- Step 4 - Use or request the route in the right environment: Use the approved dashboard, rego, LAN, or integration environment and keep credentials out of notes, screenshots, and exports.
- Step 5 - Check returned data and real side effects: Confirm the visible result, affected records, external action, and review evidence in plain language.
- Step 6 - Record tests, docs, and handoff notes: Record the owner, expected behavior, adoption evidence, and escalation path before relying on it in production.
Local workflow
- Step 1 - Install dependencies: Run the package manager used by
partners-api/package.json. - Step 2 - Prepare local variables: Use local secret files and Worker bindings. Do not copy production secrets into browser-accessible code.
- Step 3 - Start the Worker: Run the repo’s Wrangler development command and note the local API origin.
- Step 4 - Call a health or harmless GET route: Verify CORS, JSON responses, and logs before mutating records.
- Step 5 - Test from the real consumer: Call from dashboard or rego local origins so cookie and CORS behavior is proven.
- Step 6 - Record evidence: Keep command output, route, payload, response, and affected record IDs in the task notes.
Common mistakes
- Action 1 - Wrong origin: CORS allows configured origins plus localhost development ports only when request URL is local.
- Action 2 - Wrong auth family: Dashboard and rego auth are not interchangeable.
- Action 3 - Missing side-effect suppression: Stress or test runs must not send real email, Discord, Telegram, wallet, or deployment side effects unless explicitly intended.