Skip to main content

Security

  • Store API keys in environment variables
  • Never commit secrets to version control
  • Rotate keys regularly
  • Use secrets management services
  • Validate user inputs client-side
  • Sanitize data before API calls
  • Check formats before submission
  • Prevent injection attacks
  • Always verify signatures
  • Use HTTPS only
  • Implement rate limiting
  • Log suspicious activity

Performance

  • Cache user data (1 hour TTL)
  • Cache bank lists (24 hours)
  • Cache balances (5 minutes)
  • Invalidate on webhooks
  • Use webhooks instead of polling
  • Batch related operations
  • Implement request deduplication
  • Use pagination for large datasets
  • Implement retry logic
  • Use exponential backoff
  • Log errors for debugging
  • Show user-friendly messages

User Experience

  • Show exact amounts and fees
  • Display processing times
  • Provide status updates
  • Explain requirements clearly
  • Start with L0/L1
  • Upgrade when user needs higher limits
  • Explain benefits of verification
  • Make KYC process smooth
  • Quotation expiration
  • Payment failures
  • Network issues
  • Slow transactions

Testing

  • Test all flows in sandbox
  • Test error scenarios
  • Test edge cases
  • Verify webhook handling
  • Set up logging
  • Track error rates
  • Monitor performance
  • Alert on issues

Idempotency

Use externalId for idempotency: 
// Prevents duplicate ramps on retry
const createRamp = async (quoteId, userId, accountId, orderId) => {
  return await fetch('/api/v2/ramps', {
    method: 'POST',
    headers: { /* headers */ },
    body: JSON.stringify({
      quotationId: quoteId,
      userId: userId,
      accountId: accountId,
      externalId: `order-${orderId}` // Idempotency key
    })
  });
};

Production Checklist

1

Security

  • API keys in environment variables
  • Webhook signature verification
  • HTTPS only
  • Input validation
2

Error Handling

  • Retry logic implemented
  • User-friendly error messages
  • Error logging
  • Monitoring alerts
3

Testing

  • All flows tested in sandbox
  • Edge cases handled
  • Webhook delivery verified
  • Load testing completed
4

Monitoring

  • Logging configured
  • Error tracking (Sentry, etc.)
  • Performance monitoring
  • Alerting set up

Next Steps

Go Live

Switch from sandbox to production