Production checklist
Work through this list before switching
gatewayUrl to production or processing real payments. Sandbox behavior is similar, but credentials, URLs, and operational runbooks must match production.Environment and credentials
- Use production
gatewayUrl:https://gate.gopay.cz/api - Store
clientIdandclientSecretin a secure secret manager - Confirm production
goidvalues for each merchant account - Verify outgoing network access to GoPay endpoints
Runtime configuration
- Configure a production-grade
timeoutMsvalue - Set
tokenRefreshMarginSecondsto avoid edge expiry issues - Configure the correct default
language - Set a descriptive
customUserAgentfor observability
Payment flow correctness
-
amountvalues are in minor units (e.g. cents/halers) -
order_numbervalues are unique and traceable - Callback URLs are HTTPS and publicly reachable
- Application handles all payment terminal states (
PAID,CANCELED,TIMEOUTED,REFUNDED, etc.)
Error handling and resilience
-
GoPayApiErroris logged withstatus,endpoint, and sanitized payload metadata - Retry policy is limited to retry-safe operations
- Timeouts, network failures, and upstream non-2xx responses are handled gracefully
- Alerting is configured for elevated payment failure rates
Webhooks and reconciliation
- Notification endpoint validates incoming callbacks
- Callback processing is idempotent
- Asynchronous state changes are reconciled with
getPayment - Periodic reconciliation jobs validate internal and GoPay states
Security and compliance
- No sensitive fields are logged
- Access to payment/merchant metadata is role-restricted
- Encryption in transit and at rest is enabled for payment-related systems
- Internal runbooks exist for payment incident response
Post-launch monitoring
- Dashboard for payment success/error rates
- Token endpoint failure monitoring
- Latency tracking by endpoint
- On-call escalation policy documented and tested