Go-Live Checklist

Use this checklist before switching traffic to production. It is designed for engineering, security, and finance teams collaborating on a commercial payments launch.

Credentials and Environment

  • Production keys provisioned and stored in a secrets manager.
  • All callbacks and return URLs switched from sandbox to production domains.
  • Environment key prefixes validated (pk_live_/sk_live_ for production).

Security and Compliance

  • Confirm PCI DSS scope and shared responsibility model with your security team.
  • Do not log full PAN or sensitive authentication data.
  • Webhook signature verification enabled in all environments.

Reliability and Retry Safety

  • Idempotency keys enabled on all write endpoints.
  • Retry strategy implemented for network errors, 429, and transient 5xx.
  • Monitoring and alerting configured for payment failure-rate and webhook failures.

Reconciliation and Finance Ops

  • Payment status query and settlement reconciliation jobs scheduled.
  • Finance exports validated with accounting stakeholders.
  • Refund and dispute response runbook documented and tested.

Sandbox Parity and Launch Controls

  • End-to-end test matrix run in sandbox for success, failure, timeout, and webhook retry scenarios.
  • Feature flags or rollout controls prepared for phased production launch.
  • Rollback path documented in case of elevated failure rates after launch.