Go Live Checklist

Everything you need to verify before switching from sandbox to production.

Use this checklist to make sure your integration is production-ready before going live.

Integration

  • All API calls use production base URL and credentials (not sandbox/UAT).
  • Payment create, capture, refund, and enquiry flows tested end-to-end.
  • Proper error handling for all API responses (timeouts, 4xx, 5xx).
  • Idempotency keys sent on critical requests to prevent duplicate charges.

Webhooks

  • Webhook endpoint is publicly accessible over HTTPS.
  • Webhook signature verification is implemented and tested.
  • Webhook retries are handled gracefully (idempotent processing).
  • All relevant event types are subscribed to in the dashboard.

Security

  • API keys and secrets are stored securely (environment variables, vault) — never in client-side code.
  • All communication happens over TLS 1.2+.
  • PCI compliance requirements met for your integration type (SAQ-A for Hosted Checkout, SAQ-A-EP or SAQ-D for Custom Checkout).

Testing

  • Tested with real card numbers in production test mode (if available).
  • Verified successful payment, failed payment, and refund scenarios.
  • Verified callback/redirect URLs work correctly on success and failure.
  • Load tested the integration for expected traffic volumes.

Dashboard & Configuration

  • Production API keys generated and configured.
  • Business details and settlement account verified in the dashboard.
  • Webhook URLs updated to production endpoints.
  • Notification settings (email, SMS) configured as needed.

Go Live

  • Switch API credentials from sandbox to production.
  • Perform a low-value live transaction to confirm everything works.
  • Monitor the dashboard for the first few live transactions.
  • Set up alerts for failed payments and webhook delivery issues.