Going Live Checklist
Work through this checklist before going live to avoid common issues in production.
Account
- Your account balance is sufficient to cover expected initial order volume
- Auto top-up is configured so you don’t run out of credit unexpectedly
- Balance alerts are enabled in Settings → Notifications
- Two-factor authentication (2FA) is enabled on your portal account
Authentication & security
- Your API key is stored as an environment variable — not hardcoded in your codebase
- Your API key is not committed to source control
- If your integration runs from a fixed IP or server, IP whitelisting is configured
- You have a plan for rotating your API key if it is ever exposed
Ordering
- Bundle names used in orders are confirmed to be correct — they are case sensitive
- ICCIDs returned from orders are stored against the corresponding user or account in your system
- Your chosen QR code delivery method is implemented and tested end-to-end with a real device
Error handling
400responses are handled — your code surfaces themessagefield to aid debugging403responses are handled — covering both invalid API key and IP whitelist rejections429responses are handled — your code respects theRetry-Afterheader before retrying500responses are handled gracefully and logged for investigation
Webhooks
- A callback URL is configured in the portal (Account Settings → API Details)
- Callback version is set to V3
- HMAC signature verification is implemented — callbacks without a valid signature are rejected
- Your endpoint returns a
2xxresponse promptly for all callback types - You have tested receipt of at least one real webhook event (e.g. a usage notification)
esim.deletion_scheduledevents are handled — you have a process for deciding whether to reactivate or allow deletion