Overview
Before processing real payouts, complete this checklist to ensure your integration is production-ready and compliant.Pre-launch checklist
1. Account setup
Complete onboarding
Finish the merchant application with all required business details, documents, and beneficial owner information. Your application must be approved before you can access production.
Fund your account
Wire funds to your Anton production account. Confirm balances appear correctly via the API.
2. Integration quality
Use production base URL
Use production base URL
Switch from
https://api.staging.antonpayments.com to https://api.antonpayments.com.Use production API keys
Use production API keys
Replace
ak_test_... keys with ak_live_.... Never use test keys in production.Idempotency keys on all POST requests
Idempotency keys on all POST requests
Every payout creation should include an
Idempotency-Key header to prevent duplicates.Error handling and retries
Error handling and retries
Implement exponential backoff for 5xx errors and respect
Retry-After for 429 responses. Never retry 4xx errors (except 429).Webhook signature verification
Webhook signature verification
Verify HMAC signatures on incoming webhooks. Never trust unverified webhook payloads.
Webhook idempotency
Webhook idempotency
Handle duplicate webhook deliveries. Store processed event IDs and skip duplicates.
Proper amount handling
Proper amount handling
Amounts are passed as strings, never floating-point. Ensure your code uses decimal/string arithmetic for money.
3. Security
API keys in environment variables
API keys in environment variables
Never hardcode keys. Use environment variables or a secrets manager (AWS Secrets Manager, GCP Secret Manager, HashiCorp Vault).
Server-side only
Server-side only
API keys must only be used from backend servers. Never expose them in browser JavaScript, mobile apps, or frontend code.
TLS everywhere
TLS everywhere
All API calls must use HTTPS. The API rejects non-TLS connections in production.
Webhook endpoint over HTTPS
Webhook endpoint over HTTPS
Your webhook receiver URL must be HTTPS with a valid TLS certificate.
No PII in logs
No PII in logs
Ensure your application doesn’t log beneficiary bank details, API keys, or other sensitive data.
4. Monitoring
Monitor webhook delivery
Monitor webhook delivery
Set up alerts for failed webhook deliveries. If your endpoint goes down, events queue up and you’ll miss notifications.
Track payout delivery rates
Track payout delivery rates
Monitor the ratio of completed vs. failed payouts. A spike in failures could indicate an issue with beneficiary data or a rail provider.
Balance monitoring
Balance monitoring
Alert when balances drop below a threshold so you can fund your account before payouts start failing.
Error rate monitoring
Error rate monitoring
Track API error rates. A sudden increase in 4xx errors could indicate a code issue; 5xx errors could indicate a platform issue.
Sandbox vs. production differences
| Aspect | Sandbox | Production |
|---|---|---|
| API URL | api.staging.antonpayments.com | api.antonpayments.com |
| API keys | ak_test_... | ak_live_... |
| Compliance | Simulated (auto-pass) | Real OFAC, PEP, sanctions checks |
| Funds | Pre-loaded test balances | Real money — must fund account |
| Delivery | Instant simulation | Real rail processing (minutes to days) |
| Webhooks | Delivered normally | Delivered normally |
Launch recommendation
Need help?
Contact the Anton Payments team:- Email: [email protected]
- Dashboard: app.antonpayments.com