Go-live API Checklists

If you are a developer, or had a developer perform an integration for you, you should also consider the following items before going live.

  • Run test scenarios in Test Mode
  • Run test scenarios in Live Mode. Data in Test Mode are not usable in Live Mode
  • Setup Webhook URL
  • Validate x-callback-token header for webhook events
  • Add your server IPs to IP Allowlist
  • Handle edge cases such as idempotent requests, incomplete or invalid data, etc
  • Review Error Handling
  • Review Your Logging
  • Rotate API keys after concluded your testing
  • Store API keys in safe vault such as chamber or other secret management system
  • Set reminder to rotate your API keys periodically ie every 3 months

Last Updated on 2023-09-04