Skip to main content

Going Live Checklist

Complete checklist for moving your Anton Payments integration from sandbox to production.

Written by Ryan O
Updated today

Overview

Moving from sandbox to production is a structured process. Anton processes real money across regulated corridors, so going live requires completing onboarding, building a tested integration, passing a certification call, funding your account, and switching to production credentials.

The Path to Production

  1. Onboarding -- Complete the merchant application and get approved (3-7 business days)

  2. Sandbox Development -- Build and test your integration against the sandbox environment (1-3 weeks)

  3. Certification Call -- Walk through your integration with our team (30-60 minutes)

  4. Fund Your Account -- Wire funds and confirm balances via the API (1-2 business days)

  5. Move to Production -- Switch to production credentials and go live

Integration Checklist

Every item below is validated during your certification call.

  • Idempotency keys on all mutations -- Every POST request that creates or modifies a resource must include an Idempotency-Key header. Use a unique, deterministic key per operation.

  • Webhook integration -- Register a webhook subscription, verify HMAC-SHA256 signatures on every delivery, and handle duplicate events by tracking processed event IDs. Polling alone is not sufficient.

  • Error handling and retries -- Implement exponential backoff with jitter for 5xx errors. Respect Retry-After headers on 429 responses. Never retry 4xx errors (except 429).

  • Proper amount handling -- Amounts are strings, never floating-point. Use decimal or string arithmetic for all money operations.

  • Payout lifecycle handling -- Handle every payout status: screening, pending_approval, processing, sent, completed, failed, returned, and cancelled.

  • Balance checks before payouts -- Query your balance before submitting payouts to ensure sufficient funds.

  • Payee and instrument management -- Create payees and attach instruments before creating payouts.

  • Cursor-based pagination -- Handle pagination correctly using limit, cursor, has_more, and next_cursor.

Security Checklist

  • API keys in environment variables or secrets manager -- Never hardcode keys. Use your platform's secrets management solution.

  • Server-side only -- API keys must only be used from backend servers. Never expose them in browser JavaScript, mobile apps, or client-side code.

  • TLS everywhere -- All API calls must use HTTPS. Your webhook receiver must also use HTTPS with a valid certificate.

  • Webhook signature verification -- Verify the Anton-Signature header on every webhook delivery.

  • No sensitive data in logs -- Ensure your application does not log payee bank details, API keys, full account numbers, or other PII.

Production Cutover Steps

  • Swap your base URL -- Update from https://api.antonpayments.dev to https://api.antonpayments.com

  • Use production API keys -- Replace ak_test_... keys with ak_live_... keys generated from the merchant portal

  • Register production webhook endpoints -- Create new webhook subscriptions for your production URLs. Sandbox subscriptions do not carry over.

  • Verify corridor availability -- Confirm your corridors are active in production via the Corridors API

  • Recreate payees and instruments -- Sandbox payees and instruments do not exist in production. Create them fresh.

Launch Checklist

Before sending your first production payout, verify each item:

  • Base URL set to https://api.antonpayments.com

  • Using ak_live_... API keys (not test keys)

  • API keys stored in secrets manager (not hardcoded)

  • Webhook endpoint registered with production URL

  • Webhook signature verification enabled and tested

  • Idempotency keys included on all POST requests

  • Error handling with exponential backoff implemented

  • Rate limit handling (429 + Retry-After) implemented

  • Balance check before payout submission

  • All payout statuses handled in your system

  • Logging configured without sensitive data exposure

  • Monitoring and alerting configured for failures

Launch Recommendations

Start small. Do not batch your first production payouts. Send a small number of low-value payouts first and verify the full lifecycle before ramping up volume. Monitor delivery rates, webhook delivery, balances, and API error rates from day one.

For help with certification scheduling or integration questions, email [email protected].

Did this answer your question?