Skip to main content
Use this checklist before sending live traffic to Pagou.

Required checks

  • Production credentials are stored in your secret manager.
  • Your backend uses the production base URL and production token only through configuration.
  • external_ref is persisted for every create operation.
  • Webhook ingestion returns 200 OK quickly and deduplicates by event ID.
  • Reconciliation exists for both payments and transfers.
  • Logs capture requestId, your internal reference, and the Pagou resource ID.
  • Sandbox happy paths have been run for Pix, voucher, and card, if they are in scope.
  • Refund and cancel workflows have an operator-facing playbook.
  • Alerting exists for webhook failures, retry storms, and reconciliation backlog.
  • Finance and support teams know where to find requestId and resource IDs.
  • Frontend fulfillment waits for webhook or reconciliation, not only the initial create response.