Before processing real payments, complete this checklist to ensure a smooth transition from sandbox to production.

Pre-launch checklist

1

Complete KYB verification

Submit your business verification documents in Dashboard → Settings → KYB. This is required before you can receive live API keys.Documents needed:
  • Business registration certificate
  • ID of company representative
  • Bank account details for payouts
2

Switch to live API keys

Replace your test key with your live key:
# .env.production
SIMIZ_SECRET_KEY=sk_live_xxxxxxxxxxxx
SIMIZ_WEBHOOK_SECRET=whsec_xxxxxxxxxxxx
Double-check that no test keys remain in your production environment.
3

Update webhook URLs

Configure your production webhook endpoint in Dashboard → Settings → Webhooks. Make sure:
  • The URL uses HTTPS
  • Your server responds quickly
  • Signature verification is implemented
4

Verify error handling

Ensure your application handles all error scenarios:
  • payment.failed webhook → notify customer
  • payment.expired webhook → offer retry
  • Rate limit (429) → exponential backoff
  • Provider timeout → retry with idempotency
5

Test with production amounts

Run a small real transaction to verify the full flow:
  1. Create a transaction with a minimal amount (e.g., 100 XAF)
  2. Complete the payment on your phone
  3. Verify the webhook is received
  4. Issue a refund to confirm the refund flow
6

Enable monitoring

Set up monitoring for:
  • API error rates (Dashboard → Analytics)
  • Webhook delivery failures
  • Transaction success rates

Security checklist

  • API keys stored in environment variables (not in code)
  • Webhook signature verification enabled
  • Idempotency keys used for all payment creation
  • HTTPS required for all webhook endpoints
  • No sensitive data logged (API keys, customer PINs)
  • Rate limiting handled with exponential backoff

Common go-live issues

  • Check your endpoint is publicly accessible (not localhost)
  • Verify the URL uses HTTPS
  • Check your firewall doesn’t block incoming POST requests
  • Review failed deliveries in Dashboard → Webhooks → Logs
  • Ensure you’re using sk_live_ keys, not sk_test_
  • Verify the phone number format includes the country code
  • Check the payment amount is within the provider’s limits
  • Review the error code in the API response
  • Implement idempotency keys for all payment requests
  • Don’t retry on 4xx errors (except 429)
  • Use the webhook id to deduplicate events

Need help?