Use this runbook as a shared checklist for production cutover.
1. Credentials & Access
| Task |
Owner |
Status |
Request production x-client-id and x-client-secret |
Engineering |
|
| Store secrets in vault/KMS |
Engineering |
|
| Rotate sandbox keys |
Engineering |
|
| Update CI/CD env vars |
DevOps |
|
2. Infrastructure
- Production webhook endpoint deployed with TLS 1.2+.
- Firewall rules whitelist PayCA IP ranges.
- Mutual TLS configured if required.
- Logging and metrics shipped to centralized observability.
3. Data Readiness
| Task |
Description |
| Import production BIN catalogue |
Confirm fees, currencies, restrictions. |
| Prefund master accounts |
Treasury wires funds before first authorization. |
| Seed initial card records |
Optional dry run to verify ID mapping. |
| Sync webhooks |
Register production webhook subscriptions and validate 2xx delivery. |
4. Production Smoke Tests
GET /health -> connectivity check.GET /v2/accounts -> master-account visibility and balances.POST /v1/cards -> issue a test card, then close it.POST /sandbox/transactions is not available in production; use a low-risk real authorization flow as approved.POST /v1/cards/{id}/topup -> verify ledger and webhook path.
Document request and response IDs for each test.
5. Monitoring & Alerting
- Dashboards for authorizations, settlements, refunds, fees.
- Alerts for:
- Webhook failure rate > 1% in 5 minutes.
- Low master-account balance.
ErrRateLimited spikes.- Unusual decline-rate shifts.
6. Support Readiness
| Item |
Notes |
| Tier-1 support trained on PayCA error codes |
|
| Escalation matrix includes PayCA 24x7 contacts |
|
| Customer messaging prepared for downtime/declines |
|
| Incident process rehearsed |
|
7. Compliance & Risk
- KYC/AML obligations reviewed for projected volume.
- Data retention plans documented (webhooks, ledger exports, audit logs).
- PCI segmentation verified if PAN retrieval is enabled.
- Business continuity plans updated with PayCA dependency.
8. Launch Timeline
| Time |
Activity |
Owner |
| T-24h |
Final sandbox vs prod configuration diff |
Ops |
| T-12h |
Confirm funding readiness |
Treasury |
| T-2h |
Disable sandbox automation jobs |
Engineering |
| T-1h |
Final webhook smoke test |
Engineering |
| T |
Open change window and active monitoring room |
All |
| T+2h |
Debrief and roll-forward decision |
Programme lead |
9. Post-Launch
| Task |
Owner |
| Monitor key metrics hourly for first 48h |
Analytics |
| Reconcile day-1 fees with statement |
Finance |
| Review support tickets and patterns |
CX |
| Schedule retro in week 1 |
Programme lead |
Artifacts
- Launch checklist document.
- Dashboard links/screenshots.
- Incident log timeline.
Coordinate final readiness with your PayCA account manager before credential handover.
