Use this runbook as a shared checklist when you flip the switch to production. Assign owners to each section and capture completion dates.
1. Credentials & Access
| Task |
Owner |
Status |
Request production x-client-id and x-client-secret from PayCA |
Engineering |
|
| Store secrets in vault/KMS (no plain-text storage) |
Engineering |
|
| Rotate sandbox keys (optional but recommended) |
Engineering |
|
| Update CI/CD pipelines with production environment variables |
DevOps |
|
2. Infrastructure
- ✅ Production webhook endpoint deployed with TLS 1.2+.
- ✅ Firewall rules whitelist PayCA IP ranges.
- ✅ Mutual TLS configured if mandated by compliance.
- ✅ Logging & metrics shipped to centralized observability platform (Datadog, Splunk, etc.).
3. Data Migration
| Task |
Description |
| Import production BIN catalogue |
Confirm fee tiers, currencies, and MCC restrictions. |
| Prefund tenant balances |
Treasury wires money before first production authorization. |
| Load initial users/cards |
Optional dry run to ensure identifiers match across systems. |
| Sync webhooks |
Register production webhook subscriptions and confirm 200 responses. |
4. Integration Tests
Run these smoke tests in production (with $0 authorizations or test cards where possible):
GET /health – confirm connectivity.POST /v1/users – create a staging user, then delete/disable.POST /v1/cards – issue a test card and void it.POST /sandbox/transactions – not available in production; instead perform a $0 authorization if supported by your BIN.POST /v1/users/transfer – move $1.00 and verify ledger/webhook.
Document request and response IDs for each test.
5. Monitoring & Alerting
- Dashboards built for authorizations, settlements, refunds, fees.
- Alerts configured for:
- Webhook failure rate > 1% in 5 minutes.
- Tenant balance below internal threshold.
ErrRateLimited spikes.- Card decline rate > expected baseline.
- Runbooks linked from alerts with clear escalation chain (PayCA support + internal teams).
6. Support Readiness
| Item |
Notes |
| Tier-1 agents trained on common PayCA error codes. |
|
| Escalation matrix includes PayCA 24x7 hotline/email. |
|
| Customer messaging prepared for card declines & downtime. |
|
| Incident tracking process tested (PagerDuty/Jira/etc.). |
|
7. Compliance & Risk
- ✅ KYC/AML policies reviewed for production volumes.
- ✅ Data retention plans documented (webhooks, ledger exports, audit logs).
- ✅ PCI segmentation verified if issuing physical cards with PAN access.
- ✅ Business continuity plans updated with PayCA dependency.
8. Launch Day Timeline
| Time |
Activity |
Owner |
| T-24h |
Final reconciliation of sandbox vs prod configurations |
Ops |
| T-12h |
Confirm tenant funding |
Treasury |
| T-2h |
Disable sandbox automation (avoid double posting) |
Engineering |
| T-1h |
Final webhook smoke test |
Engineering |
| T |
Open change window, start monitoring war room |
All |
| T+2h |
Debrief, document issues, decide on roll-forward/back |
Programme lead |
9. Post-Launch
| Task |
Owner |
| Monitor key metrics hourly for first 48 hours |
Analytics |
| Reconcile first day fees with PayCA statement |
Finance |
| Gather customer feedback & support tickets |
CX |
| Schedule retrospective within 1 week |
Programme lead |
Templates & Artifacts
- Launch document – shared Google Doc or Confluence page linking to this runbook.
- Monitoring dashboards – screenshot or link for quick reference.
- Incident log – capture any irregularities during launch.
Check in with your PayCA account manager after completing this runbook to confirm readiness. They will schedule the credential handover and, if needed, stay on bridge during launch.
