xpendB2B
Going live

Go-live checklist

Use this checklist before switching production traffic to live credentials.

1. Credentials and access

  1. Create live API credential in merchant console.
  2. Store live key in your production secret manager.
  3. Confirm live key with /v1/merchant/principal.
  4. If using IP allowlists, add all production egress IPs/CIDRs and test from each environment.
  5. Enroll payout security (email OTP and/or payout authenticator) and verify a canary payout.

2. Webhooks

  1. Create live webhook endpoint under /v1/webhooks/endpoints.
  2. Store the one-time signing secret.
  3. Enable signature verification on raw body.
  4. Deploy idempotent webhook consumer with duplicate protection.

3. Core flow validation

  • Create, read, and observe payment intent lifecycle.
  • Confirm balance and ledger visibility in dashboards.
  • Validate payout creation flow and status updates.
  • Test cancel path for cancellable payouts.

4. Observability and operations

  • Log API request IDs and your idempotency keys.
  • Alert on webhook failure rate and payout failure statuses.
  • Create runbooks for retries and partial incident handling.

Cutover strategy

Run a short canary window in live with low-risk transactions first, then ramp traffic after webhook and reconciliation stability is confirmed.
Ready to build?
Get an API key

Sandbox-only credentials, no card required.

Stuck on something?
Talk to a human

DevRel responds in office hours.

PreviousRetries & idempotencyNextFiat & auto-payouts