# Production checklist

Before enabling live transactions, merchants should complete all required production readiness checks to ensure secure, stable, and reliable payment and payout operations.

This checklist helps validate:

* API integration readiness
* Security implementation
* Webhook configuration
* Transaction monitoring
* Reconciliation workflows
* Operational stability

Completing the production checklist helps reduce:

* Failed transactions
* Security risks
* Reconciliation mismatches
* Duplicate processing
* Downtime issues

***

## API Configuration Checklist

Ensure the following are completed:

| Requirement                       | Status   |
| --------------------------------- | -------- |
| Production API keys configured    | Required |
| Production secret keys configured | Required |
| Sandbox credentials removed       | Required |
| Production base URLs updated      | Required |
| HTTPS enabled for all APIs        | Required |
| Signature generation verified     | Required |

***

## Authentication Validation

Verify:

* `X-API-KEY` is correct
* `X-SIGNATURE` generation is accurate
* `X-TIMESTAMP` is generated dynamically
* Signatures are generated server-side only

Required headers:

```http
Content-Type: application/json
Accept: application/json
X-API-KEY: pk_live_xxxxxxxxx
X-SIGNATURE: GENERATED_SIGNATURE
X-TIMESTAMP: GENERATED_TIMESTAMP
```

## Webhook Checklist

Verify webhook setup carefully before going live.

| Requirement                                | Status      |
| ------------------------------------------ | ----------- |
| Production webhook URL configured          | Required    |
| HTTPS webhook endpoint enabled             | Required    |
| Webhook signature verification implemented | Required    |
| Duplicate webhook handling implemented     | Required    |
| Webhook retry handling implemented         | Required    |
| Webhook logging enabled                    | Recommended |

***

## Payment Gateway Checklist

Validate:

* Order creation flow
* Hosted checkout redirects
* Payment success handling
* Payment failure handling
* Order status verification
* Reconciliation workflows

***

## Payout Checklist

Validate:

* Wallet balance verification
* Payout initiation flow
* Payout status tracking
* UTR/reference handling
* Failed payout handling
* Retry logic implementation

***

## Security Checklist

Before production activation:

| Security Requirement                | Status      |
| ----------------------------------- | ----------- |
| Secret keys stored securely         | Required    |
| HTTPS enforced                      | Required    |
| Webhook signatures validated        | Required    |
| Replay attack protection enabled    | Recommended |
| IP whitelisting configured          | Recommended |
| Access control policies implemented | Recommended |

***

## Retry Handling Checklist

Verify:

* Processing transaction retries
* Exponential backoff handling
* Duplicate transaction prevention
* Idempotent transaction IDs
* Webhook retry processing

***

## Transaction Monitoring Checklist

Production systems should monitor:

* API failures
* Payment success rates
* Payout processing
* Webhook delivery failures
* Retry attempts
* Reconciliation mismatches
* Duplicate transactions

***

## Logging Checklist

Enable logging for:

* API requests
* API responses
* Webhook payloads
* Signature verification
* Retry attempts
* Error responses
* Transaction references

Logs are critical for:

* Debugging
* Compliance audits
* Reconciliation
* Issue investigation

***

## Recommended Testing Before Go-Live

Before enabling production traffic:

* Complete end-to-end testing
* Validate payment success flow
* Validate payment failure flow
* Test payout workflows
* Verify webhook delivery
* Confirm signature validation
* Test retry logic
* Validate reconciliation workflows

***

## Operational Readiness Checklist

Ensure:

* Support teams are informed
* Monitoring systems are active
* Incident response plans exist
* Transaction alerts are configured
* Operational escalation flows are ready

***

## Common Production Mistakes

Avoid:

* Using Sandbox credentials in production
* Exposing secret keys publicly
* Ignoring webhook verification
* Blind retry loops
* Duplicate payout requests
* Missing reconciliation workflows

***

## Best Practices

* Validate all transactions server-side
* Use idempotent transaction references
* Monitor webhook failures continuously
* Store audit logs securely
* Implement retry-safe workflows
* Maintain reconciliation systems

***

## Important Notes

* Production APIs process real financial transactions
* Banking confirmations may take time
* Webhook timing may vary
* Final settlement verification should always happen server-side

***

## Final Go-Live Validation

Before accepting live traffic:

✅ Security validation completed\
✅ Webhook verification working\
✅ Retry handling implemented\
✅ Reconciliation workflows validated\
✅ Monitoring enabled\
✅ Production credentials configured\
✅ UAT testing approved


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developers.kwikpaisa.com/v3-guide/going-live/production-checklist.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.