Sandbox environment & fixtures
Audience: integrations that ship against
https://api.hiobuy.com(Workers gateway) — same base URL as production.
Auth: deterministic fixtures apply only to API keys prefixed with hio_test_* (key_type: test). hio_live_* production keys never read this page’s rules — they always hit upstream marketplaces normally.
Related docs: Authentication · Response format · Errors · Rate limits · Products · Orders · Webhooks
Public API coverage (summary)
| Area | Sandbox |
|---|---|
| Global | response_format: upstream rejected (standard only). currency body field rejected as in prod. sandbox_trigger allowed for test keys (platform fixtures). Channel OAuth treated as authorized for hio_test_*. Quotas & rate limits skipped for test keys. |
/v1/products/* | Search, detail, parse, upload-image, search-by-image, freight estimate, batch-check, 1688 analytics endpoints mocked as documented below. OpenAPI-only extensions not in this site’s handoff set are not mocked. |
/v1/orders/* | Preview, create, detail, pay, cancel, logistics trace, list, purchase query mocked with magic / dynamic ids. |
/v1/fulfillment/* | Not mocked in the gateway today — treat as unavailable in sandbox. |
| Webhooks | Sandbox orders do not emit webhooks. |
Design goals
| Goal | Meaning |
|---|---|
| Repeatable | Same request → same response (no randomness in outcomes). |
| Documented | Every scenario has a stable id or keyword you can grep in this page. |
| Contract aligned | JSON matches standard schema fields from production; values differ. |
| Happy path default | Unknown ids fall back to generic success mocks. |
| Explicit failure | Use sb_* ids or sandbox_trigger to force errors / edge states. |
Naming: sb_{domain}_{scenario}
| Segment | Rule | Examples |
|---|---|---|
| Prefix | Always sb_ | sb_prod_not_found |
domain | Lowercase noun (prod, search, ord, plat, auth, …) | — |
scenario | snake_case | not_found, pay_declined |
Characters: [a-z0-9_], length ≤ ~48. Do not prefix real upstream ids with sb_ unless you intend the fixture.
Two failure layers
Distinguish transport/API errors from HTTP 200 business states:
- API failure → HTTP 4xx/5xx +
error.code(e.g.NOT_FOUND,PAYMENT_DECLINED). - HTTP 200 with state → e.g.
variants[].stock = 0,status: wait_payment.
Product fixtures (high level)
POST /v1/products/detail
See Product detail. upstream format is unsupported in sandbox.
Trigger when product_id, parsed url, mi_id, or tao_password resolves to a sb_* id.
| Fixture id | Result | HTTP |
|---|---|---|
(any non-sb_ id) | Standard mock product | 200 |
sb_prod_not_found | NOT_FOUND | 404 |
sb_prod_offline | PRODUCT_UNAVAILABLE | 422 |
sb_prod_no_stock | Detail ok, stock: 0 | 200 |
curl https://api.hiobuy.com/v1/products/detail \
-H "Authorization: Bearer hio_test_..." \
-H "Content-Type: application/json" \
-d '{"channel":"1688","product_id":"sb_prod_not_found","language":"en"}'POST /v1/products/search
channel, keyword, page, page_size, language apply. 1688 filter / sort / price filters are accepted but ignored for mock rows.
keyword (exact) | Result |
|---|---|
| ordinary text | Mock list with hits |
sb_search_empty | items: [], total: 0 |
sb_search_not_found | Alias of empty |
Parse / upload-image / search-by-image / freight / analytics
| Endpoint | Sandbox note |
|---|---|
| Parse URL | URL query/path containing sb_* mirrors detail behavior. |
| Upload image | Always { "image_id": "img_sandbox_mock" } after validations pass. |
| Image search | Optional keyword: sb_search_empty yields empty list; pair with upload-image for flow tests. |
| Advanced — freight estimate | Default domestic freight mock 800 minor units aligned with preview. |
| Advanced — batch-check | Returns upstream-style envelope with mock mpProducts; use sb_prod_not_found in mi_id/item_id to populate exclusion lists. |
| Advanced — top keywords/list / daily-sales-trend | Use sb_search_empty on category_id / rank_id where documented to empty lists or 404 detail cases. |
Order & payment fixtures (magic ids)
POST /v1/orders/detail
order_id | Typical status | Notes |
|---|---|---|
sb_ord_unpaid | wait_payment | — |
sb_ord_paid | wait_shipment | — |
sb_ord_shipped | wait_receive | — |
sb_ord_completed | completed | — |
sb_ord_cancelled | cancelled | — |
sb_ord_refunding | wait_shipment (refund_status in progress) | — |
sb_ord_not_found | — | 404 |
POST /v1/orders/pay
order_id | Result | HTTP |
|---|---|---|
sb_ord_unpaid | Pays successfully → logical paid state | 200 |
sb_ord_pay_declined | PAYMENT_DECLINED | 402 |
sb_ord_pay_insufficient | PAYMENT_INSUFFICIENT_FUNDS | 402 |
sb_ord_paid | ORDER_ALREADY_PAID | 409 |
sb_ord_cancelled | ORDER_CANCELLED | 409 |
sb_ord_upstream_timeout | CHANNEL_UPSTREAM_ERROR | 502 |
Preview / create
Preview returns fixed illustrative totals (sample line ~4500 + freight ~800 in minor units). Create emits dynamic order_id values prefixed sbo_* persisted in sandbox storage — lines referencing offer_id: sb_prod_offline / sb_prod_no_stock return 422 like production semantics.
Cancel / logistics / list / purchase query
Per cancel, trace, detail list: unpaid sb_ord_* and dynamic sbo_* unpaid orders cancel; paid/shipped/etc. fixtures return ORDER_NOT_CANCELLABLE. Logistics returns packages for sb_ord_shipped / completed mocks; unpaid/paid-await-shipment return packages: []. Buyer list respects product_name: sb_ord_list_empty for empty mocks. Purchase query returns upstream envelopes; omit not-found pseudo ids accordingly.
Platform triggers: sandbox_trigger
Allowed only on hio_test_*; production keys ignore the field quietly.
sandbox_trigger | HTTP | error.code |
|---|---|---|
sb_plat_quota_exceeded | 429 | QUOTA_EXCEEDED |
sb_plat_rate_limited | 429 | RATE_LIMIT_EXCEEDED |
sb_plat_upstream_error | 502 | CHANNEL_UPSTREAM_ERROR |
Combine with benign ids so realistic bodies still validate:
{
"channel": "1688",
"product_id": "123456",
"language": "en",
"sandbox_trigger": "sb_plat_quota_exceeded"
}Special auth fixture sb_auth_channel_required paired with triggers can produce CHANNEL_AUTH_REQUIRED (403) for UI regressions despite the normal “authorized by default” rule.
Implementation status snapshot
| Phase | Coverage | Notes |
|---|---|---|
| Shipped | Product + procurement APIs above | Mirrors Public API subset published on this site. |
| Not yet | Full /v1/fulfillment/*, webhooks, unpublished OpenAPI-only routes | Do not rely on them in sandbox CI until announced. |
Quick copy cheat sheet
sb_prod_not_found → 404 product missing
sb_prod_offline → 422 unavailable
sb_prod_no_stock → 200 detail with zero stock
sb_search_empty → empty search/items
sb_ord_list_empty → empty buyer order list filter
img_sandbox_mock → stable upload-image id
sb_ord_unpaid → detail wait_payment • pay succeeds • cancel ok
sb_ord_pay_declined → pay 402 PAYMENT_DECLINED
sb_ord_paid → pay 409 ALREADY_PAID • trace maybe empty until shipped fixtures
sb_ord_shipped → detail wait_receive • trace populated
sb_ord_cancelled → cancelled state • pay conflicts
sb_plat_quota_exceeded → sandbox_trigger → 429 QUOTA_EXCEEDEDWhen you add fixtures internally, mirror this numbering scheme in regression tests — never mutate standard JSON shapes inside mocks.