Go-Live Checklist

Complete this checklist before production traffic. Your signed agreement, account configuration, and Legal Center documents remain the source of truth.

Access And Environment

Confirm the organisation has completed onboarding.
Confirm the products and environments enabled for the account.
Separate sandbox and live credentials.
Store production secrets in a backend secret manager.
Assign one owner for production credential rotation.

API Safety

Use stable idempotency keys for every mutating request.
Persist your own reference and the SenteRail reference together.
Handle 401, 403, 409, 429, and 5xx responses safely.
Keep API keys out of frontend code and mobile apps.

Webhooks

Verify X-SenteRail-Signature before processing.
Reject stale timestamps and malformed signatures.
Store event IDs for dedupe.
Return success only after durable persistence.
Test retry, duplicate, timeout, and out-of-order scenarios.

Reconciliation And Support

Define who reconciles SenteRail events against your records.
Define what evidence your team stores for each payment or member workflow.
Document the escalation path and support owner.
Prepare rollback or disablement steps for failed launches.

Legal And Commercial Readiness

Review the Legal Center and signed agreement.
Confirm customer disclosures, refund handling, tax mapping, and complaint pathways for your use case.
Do not publish regulated claims about SenteRail, providers, settlement, identity, or licensing without written approval.

Launch Decision

Launch only when technical, operational, commercial, and legal owners agree that the integration is ready for production traffic.

Go-Live Checklist ​

Access And Environment ​

API Safety ​

Webhooks ​

Reconciliation And Support ​

Legal And Commercial Readiness ​

Launch Decision ​