Sandbox Testing

Use the staging environment to test your integration without hitting production watchlists.

Staging Environment

	Value
Base URL	`https://api.korastratum.com/api/v1`
API Key	Use your staging API key from the dashboard

The staging environment mirrors the production API but uses test data for screening results.

Test Scenarios

Clean Subject (No Matches)

Screen a subject that won't match any watchlist entries:

curl -X POST https://api.korastratum.com/api/v1/screenings \
  -H "Authorization: Bearer YOUR_STAGING_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "mode": "SYNC",
    "purpose": "ONBOARDING",
    "subject": {
      "type": "INDIVIDUAL",
      "name": "Test Clean User",
      "date_of_birth": "1990-01-15",
      "nationality": "US"
    },
    "checks": ["SANCTIONS", "PEP"]
  }'

Expected: risk_band: "LOW", decision.outcome: "APPROVE"

Sanctions Match

Use a known sanctioned entity name to trigger a sanctions match:

curl -X POST https://api.korastratum.com/api/v1/screenings \
  -H "Authorization: Bearer YOUR_STAGING_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "mode": "SYNC",
    "purpose": "ONBOARDING",
    "subject": {
      "type": "ENTITY",
      "name": "Test Sanctioned Entity",
      "country": "IR"
    },
    "checks": ["SANCTIONS"]
  }'

Expected: risk_band: "CRITICAL", decision.outcome: "BLOCK", matches array populated

PEP Match

curl -X POST https://api.korastratum.com/api/v1/screenings \
  -H "Authorization: Bearer YOUR_STAGING_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "mode": "SYNC",
    "purpose": "ONBOARDING",
    "subject": {
      "type": "INDIVIDUAL",
      "name": "Test PEP Person",
      "nationality": "NG"
    },
    "checks": ["PEP"]
  }'

Expected: risk_band: "HIGH", decision.outcome: "REVIEW_REQUIRED", PEP match in results

Async Mode with Webhook

Test the full async flow:

# 1. Create async screening
curl -X POST https://api.korastratum.com/api/v1/screenings \
  -H "Authorization: Bearer YOUR_STAGING_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "mode": "ASYNC",
    "purpose": "ONBOARDING",
    "callback_url": "https://your-server.com/webhooks/compliance",
    "subject": {
      "type": "INDIVIDUAL",
      "name": "Test Async User",
      "nationality": "US"
    },
    "checks": ["SANCTIONS", "PEP"]
  }'

# 2. Poll for results
curl https://api.korastratum.com/api/v1/screenings/SCREENING_ID \
  -H "Authorization: Bearer YOUR_STAGING_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID"

Batch Screening

curl -X POST https://api.korastratum.com/api/v1/screenings/batch \
  -H "Authorization: Bearer YOUR_STAGING_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "purpose": "BATCH",
    "checks": ["SANCTIONS", "PEP"],
    "subjects": [
      {"external_id": "test_1", "type": "INDIVIDUAL", "name": "Test User One", "nationality": "US"},
      {"external_id": "test_2", "type": "INDIVIDUAL", "name": "Test User Two", "nationality": "GB"},
      {"external_id": "test_3", "type": "ENTITY", "name": "Test Company", "country": "US"}
    ]
  }'

Transaction Monitoring

curl -X POST https://api.korastratum.com/api/v1/monitoring/evaluate \
  -H "Authorization: Bearer YOUR_STAGING_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "transaction_id": "test_txn_001",
    "subject_id": "test_subj_001",
    "type": "TRANSFER",
    "amount": 50000.00,
    "currency": "USD",
    "direction": "OUTBOUND",
    "counterparty": {
      "name": "Test Counterparty",
      "country": "KY"
    }
  }'

Testing Webhooks

With a Test Subscription

# Create a test subscription pointing to your webhook endpoint
curl -X POST https://api.korastratum.com/api/v1/webhooks/subscriptions \
  -H "Authorization: Bearer YOUR_STAGING_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Test Webhook",
    "url": "https://your-server.com/webhooks/compliance",
    "events": ["screening.completed", "case.created"]
  }'

# Send a test event
curl -X POST https://api.korastratum.com/api/v1/webhooks/subscriptions/SUBSCRIPTION_ID/test \
  -H "Authorization: Bearer YOUR_STAGING_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID"

With a Local Tunnel

For local development, use a tool like ngrok to expose your local server:

# Terminal 1: Start your server
node server.js  # listening on port 3000

# Terminal 2: Expose via ngrok
ngrok http 3000

# Use the ngrok URL as your webhook URL
# e.g., https://abc123.ngrok.io/webhooks/compliance

Staging vs Production

Feature	Staging	Production
Watchlist data	Test fixtures	Live data (826,000+ entries)
Rate limits	Same tiers	Same tiers
Webhooks	Full support	Full support
API surface	Identical	Identical
Screening results	Deterministic	Real matching

Staging Environment​

Test Scenarios​

Clean Subject (No Matches)​

Sanctions Match​

PEP Match​

Async Mode with Webhook​

Batch Screening​

Transaction Monitoring​

Testing Webhooks​

With a Test Subscription​

With a Local Tunnel​

Staging vs Production​