Documentation Index

Fetch the complete documentation index at: https://docs.zabcik.me/llms.txt

Use this file to discover all available pages before exploring further.

​

Production checklist

​

Environment and credentials

• Use production gatewayUrl: https://gate.gopay.cz/api
• Store clientId and clientSecret in a secure secret manager
• Confirm production goid values for each merchant account
• Verify outgoing network access to GoPay endpoints

​

Runtime configuration

• Configure a production-grade timeoutMs value
• Set tokenRefreshMarginSeconds to avoid edge expiry issues
• Configure the correct default language
• Set a descriptive customUserAgent for observability

​

Payment flow correctness

• amount values are in minor units (e.g. cents/halers)
• order_number values are unique and traceable
• Callback URLs are HTTPS and publicly reachable
• Application handles all payment terminal states (PAID, CANCELED, TIMEOUTED, REFUNDED, etc.)

​

Error handling and resilience

• GoPayApiError is logged with status, endpoint, and sanitized payload metadata
• Retry policy is limited to retry-safe operations
• Timeouts, network failures, and upstream non-2xx responses are handled gracefully
• Alerting is configured for elevated payment failure rates

​

Webhooks and reconciliation

• Notification endpoint validates incoming callbacks
• Callback processing is idempotent
• Asynchronous state changes are reconciled with getPayment
• Periodic reconciliation jobs validate internal and GoPay states

​

Security and compliance

• No sensitive fields are logged
• Access to payment/merchant metadata is role-restricted
• Encryption in transit and at rest is enabled for payment-related systems
• Internal runbooks exist for payment incident response

​

Post-launch monitoring

• Dashboard for payment success/error rates
• Token endpoint failure monitoring
• Latency tracking by endpoint
• On-call escalation policy documented and tested