How Onboarding Works
From first contact to production, the process is five short steps. You'll have a named point of contact at Andy from day one.
1 Request Access
Email partners@theandyapp.com with the information in the “What We Need From You” section below. Our partnerships team will review your application and respond within two business days.
2 Sign the Partner Agreement
Once your application is approved, you'll receive our standard Partner Agreement and Data Processing Addendum (DPA) for electronic signature. Both must be executed before any credentials are issued.
3 Receive Sandbox Credentials
After the agreement is signed, we provision your sandbox account and send a single onboarding email with your partner_id, a sandbox API key (prefix andy_sk_sbx_…), the technical reference, and the Postman collection. The API key is shown only once — store it in a secure secret manager immediately.
4 Build and Test in Sandbox
Use the sandbox base URL to complete the full estimate → submit → status loop. The sandbox mirrors production with realistic test data; submissions are not filed with any real appraisal district.
5 Apply for Production Access
When your integration is ready, email us a short demo or screenshots, your expected go-live date, and projected monthly volume. We'll review and issue a production API key (prefix andy_sk_prd_…) with rate limits tuned to your volume.
6 Go Live
Switch your client to the production base URL and key. Our team stays on standby during your first week in production, and our on-call engineers are available 24/7 for critical incidents.
What We Need From You
To provision your partner account, please include the following in your application email.
✓ Company Information
- Legal company name and “doing business as” / display name
- Company website
- EIN or tax identification number
- Registered business address
✓ Primary Contact
- Full name
- Business email
- Phone number
- Role at the company
✓ Integration Details
- One-paragraph description of your use case
- US states in which you will operate
- Estimated monthly request volume
- Static outbound IPs / CIDR ranges (optional, for allowlisting)
- Webhook callback URL, if you want status updates (optional)
✓ Compliance Confirmation
- You have a process to obtain and record the property owner's consent and electronic signature before calling
POST /submit - You will store owner PII (name, email, phone, signature) in line with applicable privacy laws
- Your team is prepared to sign the Partner Agreement and DPA
Sandbox vs. Production
All partners start in sandbox. Production access is granted after your integration has been demonstrated and reviewed.
| Sandbox | Production | |
|---|---|---|
| Base URL | https://api-andyv2.andyreach.com/api/partner | https://api.theandyapp.com/api/partner |
| API key prefix | andy_sk_sbx_… | andy_sk_prd_… |
| Real filings? | No — submissions are simulated | Yes — submitted to the relevant appraisal district |
| Rate limits | Lower default (60 requests/min) | Sized to your committed monthly volume |
| Data retention | 30 days | Per Partner Agreement |
| Required to access | Signed agreement | Approved sandbox integration + production review |
Security Expectations
Partners are required to handle credentials and owner data responsibly. The bar is the same bar we hold ourselves to.
✓ API Key Handling
- Store API keys in a dedicated secret manager (AWS Secrets Manager, Vault, GCP Secret Manager, 1Password, etc.)
- Never commit keys to source control, mobile apps, or browser code
- Rotate immediately if compromise is suspected — contact us to re-issue
✓ Transport & Network
- Use TLS for every API call; reject any redirect to a non-TLS endpoint
- Restrict outbound traffic from your servers to Andy hostnames where feasible
- Use IP allowlisting if you have static egress IPs
✓ Owner PII
- Treat name, email, phone, and signature as confidential
- Store in accordance with your privacy policy and applicable laws
- Minimize retention — delete when no longer needed
✓ Incident Response
- Notify Andy within 24 hours of any suspected key compromise or data incident
- Contact: techsupport@theandyapp.com
- We will coordinate rotation and remediation with your team
Support
We're here to help you integrate quickly and run reliably.
| Channel | Contact | Purpose |
|---|---|---|
| Onboarding & accounts | partners@theandyapp.com | Applications, contracts, production access |
| Technical support | techsupport@theandyapp.com | API errors, integration help, Postman questions |
When opening a support ticket, please include: the environment (sandbox or production), the endpoint and HTTP method, the HTTP status code, the code field from the response body, the approximate UTC timestamp, and any estimate_id or reference_id involved. Never include a raw API key in any email or ticket.
Support hours: Monday–Friday, 9:00 AM – 6:00 PM US Central. Critical production issues are paged 24/7 once you are live.
Ready to get started?
Send us your application and we'll reply within two business days.
Apply Now