Skip to main content

Production Readiness Checklist

Moving from sandbox to production is not only a wallet and chain change. The application code can stay largely the same, but credentials, custody, policy, approval, webhook, monitoring, and incident controls must be production-ready before live funds are enabled.

1. Ownership and custody

  • Record the production owner for the Conto organization, each agent, and each funded wallet.
  • Select and document managed, external, or smart-contract custody for every payment path.
  • Confirm who can fund, withdraw, freeze, and unfreeze each wallet.
  • Start with a deliberately small live balance and transaction limit.

2. Credentials

  • Create separate sandbox and production keys; never promote a sandbox secret.
  • Grant only the scopes required by the runtime.
  • Store secrets in a secret manager rather than source files or CI output.
  • Test key expiry, rotation, revocation, and emergency access removal.
  • Log Conto request IDs without logging credentials or full sensitive payloads.

3. Policy and approvals

  • Configure per-transaction, daily, and monthly spend limits.
  • Configure counterparty, category, geography, and time-window rules where applicable.
  • Route exceptions to named approvers and test unavailable-approver behavior.
  • Run expected-allow, expected-deny, and approval-required test cases.
  • Confirm a policy denial cannot fall through to payment execution.

4. Safe payment execution

  • Supply and persist a stable idempotency key for authorization and record writes that support one.
  • Retry a mutating request only when its API contract supports idempotency and the same key is reused.
  • Never automatically retry payment execution or confirmation; reconcile the known payment status first.
  • Treat timeouts and network disconnects as ambiguous until payment status is reconciled.
  • Exercise insufficient-funds, rate-limit, policy-denial, and provider-outage paths.
  • Reconcile Conto payment IDs, provider references, and onchain transaction hashes.

5. Webhooks and downstream systems

  • Verify signatures against the unmodified request body.
  • Reject stale timestamps and deduplicate event IDs.
  • Return success only after durable receipt or queueing.
  • Test retries, out-of-order events, duplicate delivery, and replay recovery.
  • Document whether ERP, accounting, and CRM connections use your webhook consumer or the REST API; do not assume a native connector.

6. Monitoring and incident response

  • Monitor Conto readiness, payment failure rate, approval backlog, wallet balance, and webhook lag.
  • Alert on repeated policy denials, credential failures, and reconciliation gaps.
  • Verify freeze controls and the human authority to use them.
  • Record primary and backup incident contacts for both organizations.
  • Rehearse disabling keys, stopping payment execution, and restoring service safely.

7. Go-live evidence

  • Capture the approved policy configuration and test results.
  • Capture credential scopes and rotation date without storing secret values.
  • Capture webhook replay and reconciliation test results.
  • Record the initial funding cap and expansion criteria.
  • Obtain explicit authorization from the wallet and business owners to enable live funds.
Only enable production after every applicable item has an owner and evidence. Expand limits in stages after reviewing real payment, approval, webhook, and reconciliation behavior.