WSO2 in Hybrid gateway environment always routing to Sandbox URL, even when used with production access token

I am using WSO2 APIM 3.0.0 version & I have published an API in WSO2 using an existing swagger definition.

I am using a hybrid gateway environment, with the "Production" & "Sandbox" URLs configured to different code environments (for testing purposes the "Production" URL hits our qa box and "Sandbox" hits my local environment). I have just noticed that WSO2 is always routing calls to the sandbox environment (my local) even when I use the "Production" access token.

Is there something else I need to do apart from simply generating different access tokens for prod & sandbox from the devportal for it to route to the desired environment?

And does this mean that I MUST always have different gateways for different environments?

I tested this using OAUTH & JWT token types, with different grant mechanisms, and it still does the same thing.

synapse-config attached as requested:

<?xml version="1.0" encoding="UTF-8"?><api xmlns="http://ws.apache.org/ns/synapse" name="admin--XXXBackendPlatform" context="/WSO2/1.0.0" version="1.0.0" version-type="context">
    <resource methods="POST" url-mapping="xxxxx" faultSequence="fault">
        <inSequence>
            <property name="api.ut.backendRequestTime" expression="get-property('SYSTEM_TIME')"/>
            <filter source="$ctx:AM_KEY_TYPE" regex="SANDBOX">
                <then>
                    <send>
                        <endpoint key="XXXBackendPlatform--v1.0.0_APIsandboxEndpoint"/>
                    </send>
                </then>
                <else>
                    <sequence key="_production_key_error_"/>
                </else>
            </filter>
        </inSequence>
        <outSequence>
            <class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtResponseHandler"/>
            <send/>
        </outSequence>
    </resource>
    <handlers>
        <handler class="org.wso2.carbon.apimgt.gateway.handlers.common.APIMgtLatencyStatsHandler">
            <property name="apiUUID" value="6535a4b7-759b-4f0e-8980-eab80aaee847"/>
        </handler>
        <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
            <property name="apiImplementationType" value="ENDPOINT"/>
            <property name="AuthorizationHeader" value="WSO2_Auth"/>
        </handler>
        <handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler">
            <property name="RemoveOAuthHeadersFromOutMessage" value="true"/>
            <property name="APILevelPolicy" value="Unlimited"/>
            <property name="AuthorizationHeader" value="WSO2_Auth"/>
            <property name="CertificateInformation" value="{}"/>
            <property name="APISecurity" value="oauth2,oauth_basic_auth_api_key_mandatory"/>
            <property name="apiUUID" value="6535a4b7-759b-4f0e-8980-eab80aaee847"/>
        </handler>
        <handler class="org.wso2.carbon.apimgt.gateway.handlers.throttling.ThrottleHandler"/>
        <handler class="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtUsageHandler"/>
        <handler class="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtGoogleAnalyticsTrackingHandler">
            <property name="configKey" value="gov:/apimgt/statistics/ga-config.xml"/>
        </handler>
        <handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerExtensionHandler"/>
    </handlers>
</api>