Before moving to production with Atoa, ensure you’ve completed the following steps:

1. Use Production API Keys

Generate your production accessSecret from the Atoa Business App or Web Dashboard. Replace all sandbox keys in your backend with this production key. Make sure these credentials are stored securely and never exposed in any frontend or public code.

Set up your webhook endpoints to receive real-time payment updates——including payment success, failure, and refunds. In case of webhook delays or failures (e.g., due to network issues), implement polling as a fallback. This hybrid setup ensures reliable status tracking across all banks and platforms.

3. Use Atoa SDKs for Seamless Checkout

For a smooth, secure, and native user experience, we recommend integrating with Atoa’s Web or Mobile SDKs. These SDKs handle payment authentication, error states, and status callbacks natively—reducing development effort and improving reliability.

4. Whitelist Domains (Web SDK Only)

If you are integrating with the Atoa Web SDK, ensure that all your production domains are whitelisted in the Atoa dashboard. Unlisted domains will prevent the SDK from or functioning correctly in live environments. Add both primary and any subdomains used during payment flows.

5. Test the Entire Flow in Production

Before going fully live, conduct an end-to-end test using your production setup:

  • Trigger a live payment
  • Confirm the webhook is received and processed correctly
  • Verify the payment status is updated in your system Also test edge cases such as declined payments, canceled flows, and network timeouts.
Sandbox GuideWeb Client SDK