Going Live

Checklist for launching your payment integration to production.

Before Going Live

1. Switch to Live API Keys

Replace test API keys with live keys:

const salam = new Salam({
  apiKey: process.env.SALAM_LIVE_API_KEY, // sk_live_xxx
  sandbox: false, // Important!
});

DANGER

Never commit API keys to version control. Use environment variables.

2. Set Up Production Webhooks

1. Go to Dashboard → Developers → Webhooks
2. Add your production webhook endpoint (must be HTTPS)
3. Select all relevant events
4. Save the webhook secret securely

3. Test in Production

Test with small amounts first:

• Create a real payment for RM 1.00
• Complete the payment flow
• Verify webhook is received
• Check order fulfillment works

4. Security Checklist

• [ ] API keys stored securely (environment variables)
• [ ] Webhook signatures verified
• [ ] HTTPS enabled on all endpoints
• [ ] No sensitive data in logs
• [ ] Rate limiting implemented
• [ ] Input validation on all endpoints

5. Error Handling

• [ ] All errors caught and logged
• [ ] User-friendly error messages
• [ ] Failed payments handled gracefully
• [ ] Retry logic for transient failures
• [ ] Error monitoring set up (Sentry, etc.)

6. Performance

• [ ] Database queries optimized
• [ ] Webhooks processed asynchronously
• [ ] Caching implemented where appropriate
• [ ] Load tested for expected traffic

7. Business Requirements

• [ ] Terms of service updated
• [ ] Privacy policy includes payment processing
• [ ] Refund policy defined
• [ ] Customer support email configured

Production Configuration

Environment Variables

# .env.production
SALAM_API_KEY=sk_live_xxx
SALAM_WEBHOOK_SECRET=whsec_xxx
SALAM_SANDBOX=false

# Your URLs
APP_URL=https://yoursite.com
WEBHOOK_URL=https://yoursite.com/api/webhooks/salam

# Optional
SENTRY_DSN=https://xxx@sentry.io/xxx

Webhook URL Requirements

Your webhook endpoint must:

• Use HTTPS (required)
• Return 200 status within 5 seconds
• Verify webhook signatures
• Handle duplicate events

API Rate Limits

Production rate limits:

Limit	Value
Requests per second	10
Requests per minute	100
Requests per hour	1000

Monitoring

Key Metrics to Track

1. Payment Success Rate

   const successRate = (successful / total) * 100;

2. Webhook Delivery Rate

   • Monitor in dashboard
   • Set up alerts for failures

3. Average Processing Time

   • Payment creation to capture
   • Webhook delivery time

4. Error Rates

   • By error type
   • By payment method

Logging

Set up comprehensive logging:

import winston from 'winston';

const logger = winston.createLogger({
  level: 'info',
  format: winston.format.json(),
  transports: [
    new winston.transports.File({ filename: 'error.log', level: 'error' }),
    new winston.transports.File({ filename: 'combined.log' }),
  ],
});

// Log payment events
logger.info('Payment created', {
  payment_id: payment.id,
  amount: payment.amount,
  customer: payment.metadata.customer_email,
});

Alerting

Set up alerts for:

• High error rates (>5%)
• Failed webhook deliveries
• Payment processing delays
• API downtime

Testing Checklist

Before launch, test:

• [ ] Create payment
• [ ] Complete payment successfully
• [ ] Cancel payment
• [ ] Expired payment
• [ ] Failed payment
• [ ] Webhook received and processed
• [ ] Create refund
• [ ] Partial refund
• [ ] Success page displayed correctly
• [ ] Cancel page displayed correctly
• [ ] Error messages shown appropriately

Post-Launch

First 24 Hours

• Monitor payment success rate closely
• Check webhook delivery rate
• Review error logs
• Test a few transactions yourself

First Week

• Analyze payment patterns
• Review error types
• Optimize based on metrics
• Gather customer feedback

Ongoing

• Monitor dashboard daily
• Review weekly reports
• Update integration as needed
• Stay updated with API changes

Common Issues

Webhook Not Received

1. Check webhook URL is correct
2. Verify HTTPS is enabled
3. Check firewall rules
4. Review webhook logs in dashboard

Payment Stuck in Pending

1. Check webhook is configured
2. Verify webhook signature validation
3. Review webhook processing logs

High Failure Rate

1. Check bank connectivity
2. Review error types in dashboard
3. Verify payment amounts are correct
4. Check customer bank details format

Support

Need help going live?

• 📧 Email: support@salamgateway.com
• 💬 Discord: Join community
• 📞 Phone: +60 3-1234-5678 (Business hours)

Go Live Checklist

Print this checklist:

Setup
[ ] Live API keys configured
[ ] Production webhooks set up
[ ] HTTPS enabled
[ ] Environment variables set

Security
[ ] Webhook signatures verified
[ ] No keys in source code
[ ] Input validation implemented
[ ] Rate limiting enabled

Testing
[ ] Small test transaction completed
[ ] Webhook received successfully
[ ] Refund tested
[ ] Error scenarios tested

Monitoring
[ ] Error tracking set up
[ ] Logging configured
[ ] Alerts configured
[ ] Dashboard bookmarked

Documentation
[ ] Terms of service updated
[ ] Privacy policy updated
[ ] Refund policy documented
[ ] Support email configured

Launch
[ ] All tests passed
[ ] Team briefed
[ ] Support ready
[ ] Monitoring active

Ready to Go Live?

Once you've completed this checklist, you're ready to start accepting real payments! 🚀