Go Live Checklist
Everything you need to verify before switching from sandbox to production.
Use this checklist to make sure your integration is production-ready before going live.
Integration
- All API calls use production base URL and credentials (not sandbox/UAT).
- Payment create, capture, refund, and enquiry flows tested end-to-end.
- Proper error handling for all API responses (timeouts, 4xx, 5xx).
- Idempotency keys sent on critical requests to prevent duplicate charges.
Webhooks
- Webhook endpoint is publicly accessible over HTTPS.
- Webhook signature verification is implemented and tested.
- Webhook retries are handled gracefully (idempotent processing).
- All relevant event types are subscribed to in the dashboard.
Security
- API keys and secrets are stored securely (environment variables, vault) — never in client-side code.
- All communication happens over TLS 1.2+.
- PCI compliance requirements met for your integration type (SAQ-A for Hosted Checkout, SAQ-A-EP or SAQ-D for Custom Checkout).
Testing
- Tested with real card numbers in production test mode (if available).
- Verified successful payment, failed payment, and refund scenarios.
- Verified callback/redirect URLs work correctly on success and failure.
- Load tested the integration for expected traffic volumes.
Dashboard & Configuration
- Production API keys generated and configured.
- Business details and settlement account verified in the dashboard.
- Webhook URLs updated to production endpoints.
- Notification settings (email, SMS) configured as needed.
Go Live
- Switch API credentials from sandbox to production.
- Perform a low-value live transaction to confirm everything works.
- Monitor the dashboard for the first few live transactions.
- Set up alerts for failed payments and webhook delivery issues.