I'm curious how other Hosting companies test 3rd party integration in their webapp code. We have separate environments (e.g. dev, test, pre-production, production), but have kept our dev and test environments private as the code being tested isn't always necessarily secure and don't want those environments open to the world. With the need to test 3rd party integration though, developers don't want to wait to test that integration until the code is pushed to production. One idea was secure it at the perimeter and whitelist the IP's of the 3rd parties, but not all of the 3rd parties publish the IP's being used or if they do, they change enough where managing the whitelist can become a real pain in the butt.
What sort of security precautions do other people take to make sure their test environments are kept secure while still being able to test 3rd party integration?