Skip to main content

​
Understanding App Modes

On Civic Auth, apps can be in either Sandbox or Production mode. When you create a new app, it starts in Sandbox mode to allow you to develop and test your integration.

​
Sandbox Mode Limitations

While in Sandbox mode, your app has the following limitations:
  • Uses Civic’s SSO credentials: Your app uses Civic’s OAuth credentials for providers like Google, rather than your own
  • No billing required: Payment information is not required during development
  • Domain restrictions may not be enforced: Production-level domain security is not fully enforced

​
Production Mode

Once you launch your app to production:
This action is permanent. Once an app is launched to production, it cannot be returned to Sandbox mode. Apps also cannot currently be deactivated or deleted by customers.
About Client IDs: Your app’s clientId remains the same whether your app is in Sandbox or Production mode (unless you choose to duplicate your app during launch). The app mode is a setting of your app, not a separate infrastructure environment. There is only one Civic Auth infrastructure that serves both Sandbox and Production apps.
Once you’ve configured your App using the Civic Auth Dashboard, here are the steps you need to take to promote your app to production.

​
Configure SSO credentials

In Sandbox mode, your app uses Civic’s credentials for SSO providers such as Google. However, for a live app you need to provide your own credentials for your chosen providers. For each provider, you need to set the clientId and clientSecret that will be provided to you when you set up your OAuth app. You also need to add the Civic Auth domains to the OAuth whitelisted URLs

​
Example: Google

You will need to add the following domains: https://auth.civic.com and https://auth.civic.com/login/api/callback/google. For other providers, the callback URL will have a different ending.

​
Set a domain

To ensure that your app is only usable by your website, you need to add the Domain that your website will be hosted on. You need to define at least one Domain, and a secure https site is recommended.
Note that you can add localhost domains while testing but it’s recommended that you remove localhost values when you bring your App to production as anyone running a localhost app could then potentially use your clientId.

​
Add payment information

You need to add payment information using our Billing page. Click here for more details on Auth Pricing.

​
Converting or duplicating your app

Once you have fulfilled all the steps, you can click on the ‘Sandbox’ header and select the option ’+ Launch to production’. You now have two options of bringing your existing App to production: Convert and Duplicate

​
Convert

Choose this option to promote your existing app to Production mode. Your app keeps the same clientId and all settings - only the app mode changes from Sandbox to Production.
Use this option if you’ve been testing with the same clientId that you want to use in your live application.

​
Duplicate

This option creates a new app (with a new clientId) in Production mode, copying all settings from your Sandbox app. Your original Sandbox app remains unchanged.
Use this option if you want to keep a separate Sandbox app for continued testing while having a distinct Production app with its own clientId.

​
Enabling Crypto Wallets (Web3 Apps only)

If you want your users to have access to embedded wallets, make sure to enable the ‘Enable embedded wallets’ setting in the Crypto Wallets dashboard page.