Keep sandbox and production contracts operationally isolated.
Callaro environments should be treated as separate trust zones, not just separate URLs.Environment matrix
| Area | Sandbox | Production |
|---|---|---|
| Data | Synthetic or masked data only | Real customer and operational data |
| Keys | Dedicated sandbox keys | Dedicated production keys with tighter ownership |
| Webhooks | Test endpoints/request bins | Hardened receiver with SLO and alerting |
| CRM integrations | Staging/sandbox CRM org | Live CRM org with validated mappings |
| Numbers | Test inventory and non-critical routes | Live dialing inventory and number-health controls |
| Incident impact | Low, controlled | Revenue and customer experience impact |
Hard boundaries
- Never reuse API keys across environments.
- Never point sandbox events to production CRM write paths.
- Never load unmasked customer PII in sandbox.
- Never enable production webhook destinations before replay testing.
Validate in sandbox with test data
Run quickstart flow, confirm call outcomes, trace visibility, and webhook ingestion.
Run production-readiness verification
Validate script quality, suppression logic, schedule windows, and fallback handling with business stakeholders.
Promote credentials and endpoints
Provision production keys, configure production webhook URLs, and lock receiver authentication and observability.
Promotion checklist
- Auth scopes reviewed and least privilege confirmed.
- Number pool tested for spam health and region fit.
- Webhook dedupe and retry handling verified.
- CRM field mapping validated against sample calls.
- On-call ownership and rollback plan documented.
- Stakeholder sign-off recorded.
Rollback triggers
Rollback production launch if any of these appear:- sustained webhook processing failure rate above internal threshold
- CRM mismatch between call outcomes and logged records
- abnormal spam flags or carrier rejection on numbers
- critical script regression causing compliance risk