From efb714a74466c4b836dc8249fe11f9f982606967 Mon Sep 17 00:00:00 2001 From: Peng Ying Date: Tue, 28 Apr 2026 00:04:38 -0700 Subject: [PATCH] docs: drop sandbox magic-values callout from Global Account overview The dedicated sandbox-testing page covers all four magic values (EMAIL_OTP, OAUTH, PASSKEY, Grid-Wallet-Signature) with curl examples and the exact 401 reasons; the trimmed callout on the overview was incomplete (only mentioned EMAIL_OTP and the signature header) and risked drift as the sandbox set evolved. Co-Authored-By: Claude Opus 4.7 (1M context) --- mintlify/snippets/global-accounts/overview.mdx | 9 --------- 1 file changed, 9 deletions(-) diff --git a/mintlify/snippets/global-accounts/overview.mdx b/mintlify/snippets/global-accounts/overview.mdx index 7678a091..404a9acd 100644 --- a/mintlify/snippets/global-accounts/overview.mdx +++ b/mintlify/snippets/global-accounts/overview.mdx @@ -61,15 +61,6 @@ export GRID_CLIENT_ID="YOUR_SANDBOX_CLIENT_ID" export GRID_CLIENT_SECRET="YOUR_SANDBOX_CLIENT_SECRET" ``` - - **Testing in sandbox.** Sandbox accepts two fixed magic values so you can exercise the auth + signing flow without managing real OTP delivery or device-side keys: - - - **Email OTP code:** always `000000` for any `EMAIL_OTP` credential's `verify` call. - - **Wallet signature:** the `Grid-Wallet-Signature` header accepts the literal string `sandbox-valid-signature` for any signed account action. The `encryptedSessionSigningKey` returned by `/verify` in sandbox is a stub and is not meant to decrypt — skip the HPKE decrypt step entirely. - - These shortcuts apply only on sandbox platforms. Production runs the real OTP, HPKE, and ECDSA flows described below. - - ## Quickstart The walkthrough below is the happy path: create a customer, find the auto-provisioned account, register a passkey, fund it, and withdraw to a bank account. Each step shows the HTTP request your integrator backend makes on behalf of the client.