Guide
Go-Live Checklist
Production readiness checklist for partner integrations.
Go-Live Checklist
This checklist must be completed before a partner integration is approved for production use.
Use this host in production API examples:
https://api.yes.cash---
1. Purpose
The go-live checklist confirms that the partner app can safely operate the full customer integration flow.
The checklist covers:
- API credentials;
- authentication;
- device registration;
- quote signing;
- JWKS;
- Core API flows;
- webviews;
- idempotency;
- error handling;
- logging;
- support readiness;
- production launch preparation.
---
2. Go-live status
Use this section to track readiness.
| Area | Status | Owner | Notes |
|---|---|---|---|
| API credentials | Not started / In progress / Passed | ||
| Auth integration | Not started / In progress / Passed | ||
| Core API integration | Not started / In progress / Passed | ||
| Quote signing | Not started / In progress / Passed | ||
| JWKS | Not started / In progress / Passed | ||
| Device authentication | Not started / In progress / Passed | ||
| Webviews | Not started / In progress / Passed | ||
| Error handling | Not started / In progress / Passed | ||
| Idempotency | Not started / In progress / Passed | ||
| Logging | Not started / In progress / Passed | ||
| Sandbox certification | Not started / In progress / Passed | ||
| Production readiness | Not started / In progress / Passed |
---
3. Production credentials
Confirm the partner has received and configured:
- production API subscription key;
- production partner ID;
- production signing key ID;
- production JWKS URL registered with YesCash;
- production support contact route;
- production incident contact route;
- production app identifiers, if applicable.
Checklist:
| Check | Required | Passed |
|---|---|---|
| Production subscription key received | Yes | |
| Production subscription key stored securely | Yes | |
| Production partner ID confirmed | Yes | |
| Production JWKS URL confirmed | Yes | |
Production kid confirmed | Yes | |
| Production support contact exchanged | Yes | |
| Emergency technical contact exchanged | Yes |
---
4. Environment separation
Confirm sandbox and production are separated.
| Check | Required | Passed |
|---|---|---|
| Sandbox keys are not used in production | Yes | |
| Production keys are not used in sandbox | Yes | |
| Sandbox subscription key removed from production build | Yes | |
| Production subscription key not present in test builds | Yes | |
| Separate app configuration exists for sandbox and production | Yes | |
| Production logging is enabled | Yes |
---
5. API host configuration
Production API host:
https://api.yes.cashChecklist:
| Check | Required | Passed |
|---|---|---|
All production calls use https://api.yes.cash | Yes | |
| No old sandbox/staging host remains in production build | Yes | |
| Host is not hardcoded in multiple uncontrolled locations | Recommended | |
| TLS validation is enabled | Yes | |
| Certificate errors are not ignored | Yes |
---
6. Auth flow readiness
The partner app must pass all Auth flows.
| Flow | Required | Passed |
|---|---|---|
| Registration start | Yes | |
| OTP verification | Yes | |
| Registration completion | Yes | |
| Login start | Yes | |
| Login completion | Yes | |
| Token refresh | Yes | |
| Logout | Yes | |
| Password reset | Yes | |
| Identifier management, if implemented | If used | |
| Session expiry handling | Yes | |
| Invalid credential handling | Yes | |
| Rate limit handling | Yes |
---
7. Token handling readiness
Confirm secure token handling.
| Check | Required | Passed |
|---|---|---|
| Access token stored securely | Yes | |
| Refresh token stored securely | Yes | |
| Tokens are cleared on logout | Yes | |
| Tokens are not logged | Yes | |
| Tokens are not sent to partner support tools | Yes | |
| Expired access token triggers refresh | Yes | |
| Invalid refresh token sends customer to login | Yes | |
| Token parsing is not used for authorization decisions | Yes |
---
8. Device-bound authentication readiness
The partner app must support device registration and transfer confirmation.
| Check | Required | Passed |
|---|---|---|
| Device key generated on customer device | Yes | |
| RSA-2048 minimum enforced | Yes | |
| RS256 used for device proofs | Yes | |
| Private key is stored securely | Yes | |
| Private key is not exportable where supported | Recommended | |
| Private key is never sent to backend | Yes | |
| Device registration start works | Yes | |
| Device registration complete works | Yes | |
| Device assertion signing works | Yes | |
| Transfer confirmation works | Yes | |
| Expired challenge handling works | Yes | |
| Device re-registration path exists | Yes | |
| Device errors show safe UX messages | Yes |
---
9. Partner JWKS readiness
Production JWKS must be ready before launch.
| Check | Required | Passed |
|---|---|---|
| JWKS URL uses HTTPS | Yes | |
JWKS returns HTTP 200 | Yes | |
| JWKS response is valid JSON | Yes | |
JWKS contains active production kid | Yes | |
JWK kty is RSA | Yes | |
JWK alg is RS256 | Recommended | |
JWK use is sig | Recommended | |
| No private key fields are exposed | Yes | |
| TLS certificate is valid | Yes | |
| JWKS endpoint is monitored | Yes | |
| Key rotation procedure is documented | Yes | |
| Emergency rotation procedure is documented | Yes |
---
10. Quote signing readiness
The partner must produce valid signed quotes.
| Check | Required | Passed |
|---|---|---|
| Quote payload uses required claim names | Yes | |
| Money values are decimal strings | Yes | |
| Timestamps use UTC | Yes | |
| Quote expiry is enforced | Yes | |
subscription_id is included in signed payload | Yes | |
quote_signature_v1 is set to v1 | Yes | |
| JCS canonicalisation is deterministic | Yes | |
| Compact JWS format is used | Yes | |
alg is RS256 | Yes | |
JWS header includes kid | Yes | |
| Local verification passes | Yes | |
| Sandbox API verification passed | Yes | |
| Expired quote recovery works | Yes | |
| Quote signing logs are available | Yes | |
| Private signing key is protected | Yes |
---
11. Profile and KYC readiness
| Check | Required | Passed |
|---|---|---|
| Profile read works | Yes | |
| Profile submission works | Yes | |
| Field validation errors are handled | Yes | |
| KYC session creation works | Yes | |
| KYC webview opens correctly | Yes | |
| KYC return/resume works | Yes | |
| KYC status polling works | Yes | |
| KYC expired session handling works | Yes | |
| Customer status refresh works after KYC | Yes |
---
12. Beneficiary readiness
| Check | Required | Passed |
|---|---|---|
| Beneficiary creation works | Yes | |
| Beneficiary list works | Yes | |
| Beneficiary detail works | Yes | |
| Beneficiary archive works | Yes | |
| Unsupported destination handling works | Yes | |
| Invalid payout detail handling works | Yes | |
| Beneficiary not found handling is neutral | Yes | |
| Beneficiary state blocking is handled safely | Yes |
---
13. Transfer flow readiness
The full transfer journey must pass.
| Check | Required | Passed |
|---|---|---|
| Quote disclosure is shown before acceptance | Yes | |
| Quote acceptance works | Yes | |
| Transfer submission works | Yes | |
| Transfer detail works | Yes | |
| Transfer list works | Yes | |
| Device confirmation works when required | Yes | |
| Funding webview opens correctly | Yes | |
| Funding return/resume works | Yes | |
| Transfer status polling works | Yes | |
| Terminal transfer states stop polling | Yes | |
| Transfer cancellation works when eligible | Yes | |
| Cancellation unavailable state is handled | Yes | |
| Held/pending transfer UX is clear | Yes |
---
14. Webview readiness
| Check | Required | Passed |
|---|---|---|
| KYC webview uses approved browser component | Yes | |
| Funding webview uses approved browser component | Yes | |
| App state survives webview open/close | Yes | |
| App state survives background/foreground | Yes | |
| Webview close does not imply success | Yes | |
| App always fetches latest status after return | Yes | |
| Duplicate webview launches are prevented | Yes | |
| Expired webview URLs are handled | Yes | |
| Customer cancellation is handled | Yes | |
| Sensitive webview data is not logged | Yes |
---
15. Error handling readiness
The partner app must safely handle common errors.
| Error type | Required behavior | Passed |
|---|---|---|
auth.tokenExpired | Refresh token and retry | |
| Invalid refresh token | Clear session and login | |
| Invalid OTP | Ask customer to retry | |
| Rate limit | Pause retries and show wait message | |
| Validation error | Show field correction | |
| Quote expired | Generate/fetch new quote | |
| Quote signature error | Stop flow and fix integration | |
| KYC required | Send customer to KYC | |
| Device registration required | Start device registration | |
| Device assertion invalid | Rebuild assertion safely | |
| Funding session expired | Fetch transfer detail | |
| Not found | Show neutral message | |
| Service unavailable | Retry safely with backoff | |
| Idempotency conflict | Stop retry and inspect request |
---
16. Idempotency readiness
| Check | Required | Passed |
|---|---|---|
| Idempotency key generated for action POSTs | Yes | |
| Same key reused for retry of same action | Yes | |
| New key used for new business action | Yes | |
| Timeout retry uses same key | Yes | |
| Duplicate transfer submit does not duplicate action | Yes | |
| Duplicate quote acceptance does not duplicate action | Yes | |
| Duplicate confirmation does not duplicate action | Yes | |
| Duplicate cancellation does not duplicate action | Yes | |
| Idempotency conflict is handled safely | Yes |
---
17. Customer status UX readiness
| Status | Required behavior | Passed |
|---|---|---|
PENDING | Route to onboarding/KYC | |
VALID | Allow normal transfer flow | |
MONITORED | Show pending/review transfer messaging where needed | |
RESTRICTED | Route to required customer action | |
BLOCKED | Disable transfers and show support message | |
CLOSED | Disable transfers and show account closed message |
Confirm the app does not show:
- internal reason codes;
- sanctions labels;
- AML review labels;
- fraud investigation labels;
- operator details;
- internal identifiers;
MasterCustomerId.
---
18. Logging readiness
Partner logs must support troubleshooting without storing sensitive values.
Must log
- timestamp;
- endpoint;
- HTTP method;
- HTTP status;
X-Correlation-Id;- idempotency key, if used;
- error code;
- app version;
- environment;
- sanitized journey reference.
Must not log
- passwords;
- OTPs;
- access tokens;
- refresh tokens;
- private signing keys;
- device private keys;
- full payment instrument data;
- identity document images.
Checklist:
| Check | Required | Passed |
|---|---|---|
| Correlation ID logged | Yes | |
| Error code logged | Yes | |
| Idempotency key logged for action calls | Recommended | |
| Tokens excluded from logs | Yes | |
| OTPs excluded from logs | Yes | |
| Private keys excluded from logs | Yes | |
| Sensitive payment data excluded from logs | Yes |
---
19. Support readiness
Before launch, partner support and YesCash support must agree:
- escalation channel;
- severity definitions;
- production support contacts;
- incident contact route;
- information required for API investigations;
- customer-facing support wording for common issues.
Checklist:
| Check | Required | Passed |
|---|---|---|
| Production technical contact provided | Yes | |
| Production support contact provided | Yes | |
| Escalation path tested | Yes | |
| Support team knows where to find correlation ID | Yes | |
| Support team knows not to request tokens/passwords/OTPs | Yes | |
| Support scripts avoid internal reason disclosure | Yes |
---
20. Production deployment readiness
| Check | Required | Passed |
|---|---|---|
| Production app build approved | Yes | |
| Production API configuration loaded | Yes | |
| Sandbox keys removed | Yes | |
| Production JWKS live | Yes | |
| Production signing key active | Yes | |
| Production monitoring enabled | Yes | |
| Error tracking enabled | Yes | |
| Rollback plan exists | Yes | |
| Feature flag / kill switch exists, if applicable | Recommended | |
| App store release or web deployment plan ready | If applicable |
---
21. Monitoring readiness
Partner should monitor:
- authentication failures;
- token refresh failures;
- quote signing failures;
- quote acceptance failures;
- transfer submission failures;
- device registration failures;
- device confirmation failures;
- funding webview drop-off;
- API latency;
- HTTP 4xx and 5xx rates;
- JWKS endpoint uptime;
- TLS certificate expiry;
- unexpected error-code spikes.
Checklist:
| Check | Required | Passed |
|---|---|---|
| API error dashboard exists | Recommended | |
| Quote signing monitoring exists | Yes | |
| JWKS monitoring exists | Yes | |
| Webview failure monitoring exists | Recommended | |
| Device confirmation failure monitoring exists | Recommended | |
| Support alerting route exists | Yes |
---
22. Certification evidence
Submit the following evidence before production approval:
- sandbox test summary;
- successful registration correlation ID;
- successful login correlation ID;
- successful KYC flow correlation ID;
- successful beneficiary creation correlation ID;
- successful signed quote test;
- successful quote acceptance correlation ID;
- successful transfer submission correlation ID;
- successful device confirmation correlation ID;
- successful funding webview test evidence;
- successful transfer status polling evidence;
- successful cancellation test if enabled;
- negative test evidence for expired token;
- negative test evidence for expired quote;
- idempotency retry evidence;
- production JWKS URL;
- production active
kid.
Do not submit:
- private keys;
- customer passwords;
- OTPs;
- access tokens;
- refresh tokens;
- unmasked payment data.
---
23. Final approval checklist
| Final item | Required | Passed |
|---|---|---|
| All sandbox tests passed | Yes | |
| All required certification evidence submitted | Yes | |
| Production credentials issued | Yes | |
| Production JWKS registered | Yes | |
| Production app configured | Yes | |
| Partner support ready | Yes | |
| YesCash support handoff complete | Yes | |
| Launch date agreed | Yes | |
| Rollback path agreed | Yes | |
| Final technical approval granted | Yes |
---
24. Go-live day checks
On launch day, confirm:
- production API calls are succeeding;
- quote signing works in production;
- JWKS endpoint is reachable;
- customer login works;
- first transfer journey succeeds;
- monitoring dashboards show normal traffic;
- support channel is active;
- no unexpected error spike occurs.
Track the first production transactions with correlation IDs for support readiness.
---
25. Post-launch checks
Within the first operating period after launch, review:
- authentication success/failure rates;
- quote signing success/failure rates;
- transfer drop-off points;
- KYC completion rates;
- funding webview completion rates;
- device confirmation failures;
- customer support contacts;
- API error rates;
- idempotency conflicts;
- any production incidents.
Document issues and fixes in the partner integration changelog.
---
26. Sign-off
| Role | Name | Date | Approved |
|---|---|---|---|
| Partner technical lead | |||
| Partner product owner | |||
| Partner support lead | |||
| YesCash technical onboarding | |||
| YesCash operations contact |