diff --git a/src/Managing.Api/appsettings.Sandbox.json b/src/Managing.Api/appsettings.Sandbox.json
index 405256da..9c21afba 100644
--- a/src/Managing.Api/appsettings.Sandbox.json
+++ b/src/Managing.Api/appsettings.Sandbox.json
@@ -39,5 +39,68 @@
     "LogSlowQueriesOnly": false
   },
   "RunOrleansGrains": true,
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "Cors": {
+    "AllowedOrigins": [
+      "https://kaigen-web-kaigen-stage.up.railway.app/",
+      "https://dev-managing-api.apps.managing.live/health",
+      "https://web-ui.kai.managing.live"
+    ]
+  },
+  "Authentication": {
+    "Schemes": {
+      "Bearer": {
+        "ValidIssuer": "https://dev-managing-api.apps.managing.live/health",
+        "ValidAudiences": [
+          "https://kaigen-web-kaigen-stage.up.railway.app/",
+          "https://web-ui.kai.managing.live"
+        ]
+      }
+    }
+  },
+  "Jwt": {
+    "ValidateIssuer": true,
+    "ValidateAudience": true,
+    "ClockSkewSeconds": 0
+  },
+  "IpRateLimiting": {
+    "EnableEndpointRateLimiting": true,
+    "StackBlockedRequests": false,
+    "RealIpHeader": "X-Real-IP",
+    "ClientIdHeader": "X-ClientId",
+    "HttpStatusCode": 429,
+    "IpWhitelist": [],
+    "EndpointWhitelist": [],
+    "ClientWhitelist": [],
+    "GeneralRules": [
+      {
+        "Endpoint": "*",
+        "Period": "1m",
+        "Limit": 100
+      },
+      {
+        "Endpoint": "POST:/user/create-token",
+        "Period": "1m",
+        "Limit": 5
+      },
+      {
+        "Endpoint": "POST:*",
+        "Period": "1m",
+        "Limit": 30
+      }
+    ]
+  },
+  "IpRateLimitPolicies": {
+    "IpRules": [],
+    "ClientRules": [],
+    "EndpointRules": []
+  },
+  "Kestrel": {
+    "Limits": {
+      "MaxRequestBodySize": 10485760,
+      "MaxRequestHeadersTotalSize": 32768,
+      "MaxConcurrentConnections": 100,
+      "MaxConcurrentUpgradedConnections": 100
+    }
+  }
 }
\ No newline at end of file