AXIRU
Sign in
Reviewer access

Sandbox access for procurement, security review, and Marketplace evaluation.

Axiru is passwordless by design — Stripe Connect, magic links, or zero-account CSV preview. For procurement teams and auditors who need a shared credential to evaluate the UI, this page documents the dedicated reviewer identity and the sandbox workspace it sees.

Request reviewer access →Try the CSV preview →
Why this page exists

Passwordless breaks the procurement workflow. We fixed that without weakening live security.

Live tenants don't expose a password field — Stripe Connect OAuth or magic link only. That's the right default for production. But security auditors, SOC-2 evaluators, and Stripe Marketplace reviewers regularly need a shared credential to walk a UI without asking the seller for a meeting. This page is how we close that gap.

For procurement

Walk the UI before a sales call.

The sandbox shows the dashboard, policy editor, approval queue, and decision ledger populated with realistic fixture data — enough to evaluate UX, controls, and audit evidence without scheduling time with a human.

For security review

Inspect the actual surfaces.

Same code path as production. The kill-switch panel, the merchant-freeze controls, the SIEM export endpoints, and the policy-version diff view all behave exactly as they would for a paying tenant. Real money is never at risk.

For Marketplace reviewers

Stripe app submission ready.

Stripe Marketplace certification submissions include this page as the documented review path. The reviewer identity maps to a sandbox Stripe Connect account that the reviewer can poke at without affecting any real merchant.

How it works

Three steps. About two minutes end-to-end.

1.

Request access on the contact form

Use the contact form with topic = reviewer-access and include your procurement or audit context. We pre-approve Stripe Marketplace reviewer requests, SOC-2 auditor requests from a corporate email, and named enterprise procurement contacts.

2.

Get a magic link to reviewer@axiru.com

We forward the reviewer magic link to the email you supplied. The link drops you into the sandbox tenant — a workspace tagged reviewer-sandbox with fixture data and the full set of UI surfaces enabled. The link expires in 24 hours; you can request a fresh one any time.

3.

Walk the surfaces. Sign-off doc at the end.

Sandbox loads showing a yellow banner ("Demo mode — no data is written to a real Stripe account"). When you're done, the same banner has a "Generate review packet" button that bundles the policy-version diff, the kill-switch demonstration, the audit ledger sample, and the SOC-2 control narrative into a single PDF for your files.

What's available

Same code path as production. Different data.

Reviewer sandbox runs the production codebase against fixture data, with a few specific affordances designed for review:

  • All marketing-public surfaces dashboard, policy editor, approval queue + replay, decision ledger, audit export, SIEM endpoints.
  • Kill switch + merchant freeze — fully wired. Pressing the button actually halts the sandbox's fixture outflows so the freeze semantics are observable.
  • Policy editor with shipped policy packs — refund-volume cap, country blocklist, goodwill-credit limit, velocity check. Edit them; the diff view shows the before/after.
  • Decision ledger sample — 90 days of fixture decisions with full hash-chained audit trail. The ledger inspector shows the SHA-256 chain link between records.
  • Cross-rail surfaces — Stripe DAA shadow events and x402 authorization examples are visible in the ledger with rail badges, matching the cross-rail spec.
  • SOC-2 control narrative + GDPR DPA — downloadable from the sandbox in their current form. We also surface the audit window for the in-progress SOC-2 Type II observation period.

What's not in the sandbox: real Stripe API keys, real customer data, and the production billing meter. None of those are relevant to review and including them would introduce risk you don't need to evaluate.

Why not just give out a password?

Because the live-tenant attack surface matters more than the convenience.

A shared password on the production sign-in form is a credential-stuffing target the day it leaks — and shared passwords always leak. The reviewer path above is functionally identical for the auditor (one click from email → inside the UI) but the underlying token is short-lived, tenant-scoped to the sandbox, and revocable from the operator dashboard without code changes.

If your security team has a hard requirement for a password-form login, we can issue a per-engagement time-limited credential as a one-off. Note the request when you fill out the contact form and we'll route it to the on-call engineer.

Next step

Need access today?

If you're an active Stripe Marketplace reviewer, a SOC-2 auditor on a paid engagement, or a procurement contact at a Fortune 1000, we expedite. Mention the urgency on the form.

Start in shadow mode first. Move to live enforcement later.

Request reviewer access →See how it works →

We use cookies for product analytics and marketing measurement. Nothing non-essential runs until you choose.

Privacy policy