> ## Documentation Index
> Fetch the complete documentation index at: https://docs.alterscope.org/llms.txt
> Use this file to discover all available pages before exploring further.

# Environments

> The production and sandbox hosts, and how they differ.

Alterscope serves the Developer API from two hosts. Both speak the same API — the same versioned paths, the same response envelope, and the same `sk_live_` bearer authentication.

| Environment | Base URL                     | Use for                                                      |
| ----------- | ---------------------------- | ------------------------------------------------------------ |
| Production  | `https://api.alterscope.org` | Live integrations and anything that depends on current data. |
| Sandbox     | `https://dev.alterscope.org` | Pre-launch smoke testing and exploring the API shape.        |

`https://api.alterscope.org` is the production base URL used throughout these docs and in the [API reference](/api-reference/overview).

## Authentication

Both hosts use the same scheme — an API key (prefixed `sk_live_`) sent as a bearer token:

<Snippet file="auth-header.mdx" />

Browser WebSocket clients, which can't set custom headers, pass the key via the `?token=` query parameter instead. See [Authentication](/develop/get-started/authentication) for the full contract.

<Note>
  Whether a key issued for one environment is accepted on the other is **not something to assume** — confirm with the team before pointing a production key at the sandbox, or a sandbox key at production.
</Note>

## What the sandbox is for

The sandbox at `dev.alterscope.org` exists for pre-launch smoke testing — checking that your client connects, authenticates, and parses responses before you run against production.

Treat it as a non-production environment:

* **Data may be less fresh.** The sandbox can serve dev-indexed data, so values and timestamps may lag production. Branch on the `meta._agentic` freshness signal (see [Freshness & staleness](/develop/concepts/freshness-and-staleness)) rather than assuming a number is current.
* **No production SLA.** Availability and latency on the sandbox are relaxed or best-effort. Don't build anything that depends on its uptime.

Use the [WebSocket Playground](/develop/realtime/playground), which lets you pick the **Sandbox** host, to try streams without touching production.

## Next steps

<CardGroup cols={2}>
  <Card title="Authentication" icon="lock" href="/develop/get-started/authentication">
    Keys, headers, rotation, and revocation.
  </Card>

  <Card title="Scopes" icon="list-check" href="/develop/get-started/scopes">
    The permissions a key can hold.
  </Card>
</CardGroup>
