Production Readiness Checklist
Moving from sandbox to production is not only a wallet and chain change. The application code can stay largely the same, but credentials, custody, policy, approval, webhook, monitoring, and incident controls must be production-ready before live funds are enabled.1. Ownership and custody
- Record the production owner for the Conto organization, each agent, and each funded wallet.
- Select and document managed, external, or smart-contract custody for every payment path.
- Confirm who can fund, withdraw, freeze, and unfreeze each wallet.
- Start with a deliberately small live balance and transaction limit.
2. Credentials
- Create separate sandbox and production keys; never promote a sandbox secret.
- Grant only the scopes required by the runtime.
- Store secrets in a secret manager rather than source files or CI output.
- Test key expiry, rotation, revocation, and emergency access removal.
- Log Conto request IDs without logging credentials or full sensitive payloads.
3. Policy and approvals
- Configure per-transaction, daily, and monthly spend limits.
- Configure counterparty, category, geography, and time-window rules where applicable.
- Route exceptions to named approvers and test unavailable-approver behavior.
- Run expected-allow, expected-deny, and approval-required test cases.
- Confirm a policy denial cannot fall through to payment execution.
4. Safe payment execution
- Supply and persist a stable idempotency key for authorization and record writes that support one.
- Retry a mutating request only when its API contract supports idempotency and the same key is reused.
- Never automatically retry payment execution or confirmation; reconcile the known payment status first.
- Treat timeouts and network disconnects as ambiguous until payment status is reconciled.
- Exercise insufficient-funds, rate-limit, policy-denial, and provider-outage paths.
- Reconcile Conto payment IDs, provider references, and onchain transaction hashes.
5. Webhooks and downstream systems
- Verify signatures against the unmodified request body.
- Reject stale timestamps and deduplicate event IDs.
- Return success only after durable receipt or queueing.
- Test retries, out-of-order events, duplicate delivery, and replay recovery.
- Document whether ERP, accounting, and CRM connections use your webhook consumer or the REST API; do not assume a native connector.
6. Monitoring and incident response
- Monitor Conto readiness, payment failure rate, approval backlog, wallet balance, and webhook lag.
- Alert on repeated policy denials, credential failures, and reconciliation gaps.
- Verify freeze controls and the human authority to use them.
- Record primary and backup incident contacts for both organizations.
- Rehearse disabling keys, stopping payment execution, and restoring service safely.
7. Go-live evidence
- Capture the approved policy configuration and test results.
- Capture credential scopes and rotation date without storing secret values.
- Capture webhook replay and reconciliation test results.
- Record the initial funding cap and expansion criteria.
- Obtain explicit authorization from the wallet and business owners to enable live funds.