Skip to main content
Use this checklist before you expose live merchants or real money movement.

Production credentials stored in your secrets manager and tested in a non-interactive environment.

Stable external_ref or equivalent write identifier persisted in your database.

Public HTTPS endpoint, fast acknowledgement, deduplication, and queue-based processing.

Operator tooling or jobs that can call GET /v2/transactions/{id} and GET /v2/transfers/{id}.

Required checks

  • Sandbox happy path passes for your primary payment flow.
  • Refund path is tested if your product supports refunds.
  • Pix Out cancellation behavior is tested if you use transfers.
  • Alerting is set up for webhook failures and repeated 5xx responses.
  • Sensitive data is not logged.
  • Correlate your internal order ID with Pagou resource IDs.
  • Capture and store Pagou requestId values for support.
  • Add dashboards for pending, processing, and failed states.
  • Keep v1 flows isolated if you still support them.