# Go-Live Checklist

> Review the merchant checklist before using mainnet.

Canonical: https://stafiel.org/documentation/risk-and-reference/go-live-checklist
Version: v1.0.0

Use this checklist before accepting real customer payments on mainnet. It helps
confirm that merchant setup, payment configuration, integrations, and record
review are ready for live use.

## Merchant And Mode

- Confirm the Merchant ID belongs to the mainnet merchant that will accept real
payments.

- Confirm Merchant Dashboard is using mainnet mode before copying settings,
wallet addresses, checkout links, or records.

For mode separation, see
[Mainnet vs Testnet](/documentation/start/mainnet-vs-testnet).

## Wallet Settings

- Review approved settlement wallet addresses for every chain used for live
checkout.

- Review enabled tokens and networks against the payment options the merchant
plans to offer.

For wallet setup, see
[Wallet Settings](/documentation/merchant-operations/wallet-settings). For key
custody boundaries, see
[Security and Wallet Boundary](/documentation/risk-and-reference/security-and-wallet-boundary).

## Checkout Configuration

- Confirm live checkout sessions use the intended amount, token, network,
payment window, metadata, and Return URL.

- Make customer-facing copy clear that customers should pay only with the
selected token, selected network, and displayed payment address.

- Test hosted checkout, checkout snippet, or widget behavior against the
production checkout flow.

For checkout behavior, see
[Checkout Sessions](/documentation/accept-payments/checkout-sessions).

## API And Front-End Integration

- Replace test API keys with mainnet API keys on the backend.

- Set X-App-Client to merchant-client for mainnet API requests.

- Keep API keys out of browser code, mobile apps, checkout pages, and widget
configuration.

Important: API keys belong on the server side only. Do not put API keys
in front-end code.

For API authentication, see
[API Keys and Authentication](/documentation/developer-integration/api-keys-and-authentication).

## Webhooks And Events

If the live integration uses webhooks:

- Use a public HTTPS endpoint for live webhook delivery.

- Save the live webhook signing secret in the receiving system.

- Verify signatures against the raw request body.

- Make event handling idempotent and tolerant of retries.

For event delivery, see
[Webhooks and Events](/documentation/developer-integration/webhooks-and-events).

## Refund And Support Readiness

- Review which live networks support merchant-initiated refunds.

- Make sure the merchant team understands one-time merchant refund behavior.

- Review centralized exchange and custodial wallet refund limitations for
support planning.

- Know where to review refund history and platform-initiated refunds.

For refund operations, see
[Refund Operations](/documentation/merchant-operations/refund-operations). For
payment-source risk, see
[Payment and Refund Risks](/documentation/risk-and-reference/payment-and-refund-risks).

## Records And Reconciliation

- Know where to review orders, payment records, settlement details, fee details,
refunds, invoices, and receipts.

- Keep exports and dashboard views separate between mainnet and testnet mode.

- Review settlement records for merchant amount, platform fee, settlement
address, transaction hash, and settlement result.

For order review, see [Orders](/documentation/merchant-operations/orders). For
settlement review, see
[Settlement Review](/documentation/merchant-operations/settlement). For fee
details, see
[Fees and Plan Usage](/documentation/merchant-operations/fees-and-plan-usage).
