Skip to main content

Keep sandbox and production contracts operationally isolated.

Callaro environments should be treated as separate trust zones, not just separate URLs.

Environment matrix

AreaSandboxProduction
DataSynthetic or masked data onlyReal customer and operational data
KeysDedicated sandbox keysDedicated production keys with tighter ownership
WebhooksTest endpoints/request binsHardened receiver with SLO and alerting
CRM integrationsStaging/sandbox CRM orgLive CRM org with validated mappings
NumbersTest inventory and non-critical routesLive dialing inventory and number-health controls
Incident impactLow, controlledRevenue and customer experience impact

Hard boundaries

  • Never reuse API keys across environments.
  • Never point sandbox events to production CRM write paths.
  • Never load unmasked customer PII in sandbox.
  • Never enable production webhook destinations before replay testing.
1

Validate in sandbox with test data

Run quickstart flow, confirm call outcomes, trace visibility, and webhook ingestion.
2

Run production-readiness verification

Validate script quality, suppression logic, schedule windows, and fallback handling with business stakeholders.
3

Promote credentials and endpoints

Provision production keys, configure production webhook URLs, and lock receiver authentication and observability.
4

Launch in controlled ramp

Start with a limited campaign cohort and monitor delivery, call outcomes, and CRM write quality.

Promotion checklist

  • Auth scopes reviewed and least privilege confirmed.
  • Number pool tested for spam health and region fit.
  • Webhook dedupe and retry handling verified.
  • CRM field mapping validated against sample calls.
  • On-call ownership and rollback plan documented.
  • Stakeholder sign-off recorded.

Rollback triggers

Rollback production launch if any of these appear:
  • sustained webhook processing failure rate above internal threshold
  • CRM mismatch between call outcomes and logged records
  • abnormal spam flags or carrier rejection on numbers
  • critical script regression causing compliance risk
Knowledge bases, prompts, and action tools are environment-scoped artifacts. Never allow draft sandbox content to serve live production callers.