Going Live Checklist
Ready to accept real payments? This comprehensive checklist will guide you through business verification, security requirements, testing, and launch.
Overviewโ
Going live with Omise involves three main steps:
- Business Verification - Submit required documents
- Technical Preparation - Complete integration and testing
- Launch - Switch to live keys and go live
Timeline: 3-7 business days for verification
Step 1: Business Verificationโ
Before you can accept real payments, Omise needs to verify your business. Requirements vary by entity type.
For Businesses (Companies)โ
Required Documentsโ
-
Company Registration (DBD or equivalent)
- Must be within 60 days of application
- Must show company name clearly
- Must be officially certified
-
Company Seal and Shareholders' List
- Official document from registration office
- Showing all shareholders and percentages
-
Director ID Cards
- All company directors
- Clear, legible copies
- Both sides of ID
-
Bank Account Proof
- Thai bank passbook first page
- Bank statement (last 3 months)
- Account name must match company name
-
Business Website
- Live and functional
- Shows products/services clearly
- Has refund policy visible
-
Document Certification
- All documents signed
- Certified with company seal
- E-signatures not accepted
Format Requirementsโ
- File Types: PDF, JPG, or PNG
- Size: Maximum 10MB per file
- Quality: Clear and legible
- Language: Thai or English (translations may be required)
For Individuals / Sole Proprietorsโ
Required Documentsโ
-
Identification
- Thai Nationals: ID card (both sides)
- Foreigners: Passport, work permit, proof of address
-
Bank Account Proof
- Thai bank passbook first page
- Account name must match ID name
-
Business Website or Social Media
- Live and showing products/services
- Contact information visible
-
Refund Policy
- Clearly stated
- Accessible before checkout
For International Businessesโ
Requirements vary by country. Contact support@omise.co with your business details for specific requirements.
Begin gathering documents while you're building your integration. Verification can take 3-7 business days.
Step 2: Submit Verificationโ
How to Submitโ
- Sign into your Omise Dashboard
- Click the Live Dashboard tab
- Click Apply for Live Account
- Fill out the application form
- Upload all required documents
- Submit for review
What Happens Nextโ
- Submission Received - You'll get a confirmation email
- Under Review - Omise team reviews (3-5 business days)
- Additional Info Needed - You may be contacted for clarification
- Approved - Live keys become available in your dashboard
- Rejected - You'll receive reasons and can resubmit
Most applications are reviewed within 3-5 business days. Complex cases may take longer.
Step 3: Technical Preparationโ
Complete these technical requirements before launching:
Security Checklistโ
-
HTTPS Enabled
- SSL/TLS certificate installed
- All checkout pages use HTTPS
- No mixed content warnings
- TLS 1.2 or higher
-
API Keys Secured
- Secret keys stored in environment variables
- Never in code repositories
- Not in client-side code
- Access restricted to authorized personnel
-
Card Data Handling
- Cards never touch your server
- Using Omise.js or SDKs for tokenization
- No card data in logs
- No card data in databases
-
Error Handling
- All API errors handled gracefully
- User-friendly error messages
- Failed payments logged
- Retry logic implemented
-
Webhook Security
- Signature verification implemented
- HTTPS endpoint with valid certificate
- Idempotency handling (duplicate events)
- Error handling and retries
Review Security Best Practices โ
Integration Testingโ
-
Successful Payments
- All payment methods tested
- Amounts calculated correctly
- Order confirmation working
- Email notifications sending
-
Failed Payments
- Declined cards handled
- Error messages clear
- User can retry
- Failed attempts logged
-
Refunds
- Full refunds working
- Partial refunds working
- Refund status updates
- Customer notifications
-
Edge Cases
- Network timeouts handled
- Race conditions tested
- Duplicate submissions prevented
- Session expiration handled
-
Webhooks
- All event types handled
- Idempotency working
- Signature verification active
- Delivery failures logged
User Experienceโ
-
Checkout Flow
- Clear pricing (including fees if applicable)
- Progress indicators
- Loading states
- Success/failure feedback
- Mobile responsive
-
Payment Methods
- All methods clearly visible
- Regional methods shown correctly
- Payment instructions clear
- QR codes working
-
Customer Communication
- Order confirmation emails
- Payment receipts
- Refund notifications
- Failed payment alerts
-
Refund Policy
- Clearly visible
- Easy to find
- Before final purchase
- On confirmation page
Complianceโ
-
Terms of Service
- Published and accessible
- Up to date
- Linked from checkout
-
Privacy Policy
- Published and accessible
- Covers payment data
- Complies with local laws
-
Refund Policy
- Clear timelines
- Process explained
- Visible before purchase
-
Contact Information
- Email address
- Phone number (if applicable)
- Response time expectations
Step 4: Performance Testingโ
Load Testingโ
Test your integration under realistic load:
-
Concurrent Payments
- Multiple simultaneous checkouts
- No race conditions
- Database performance adequate
-
High Volume
- Peak traffic scenarios
- Server resources adequate
- Response times acceptable
-
Webhook Processing
- High volume webhook handling
- Queue system if needed
- No dropped events
Monitoring Setupโ
-
Error Tracking
- Error monitoring tool integrated (Sentry, Rollbar, etc.)
- Alert thresholds configured
- Team notifications set up
-
Analytics
- Conversion tracking
- Payment method usage
- Failure rate monitoring
- Funnel analysis
-
Uptime Monitoring
- Payment page uptime tracking
- Webhook endpoint monitoring
- Alert on downtime
Step 5: Pre-Launch Reviewโ
Code Reviewโ
-
Security Review
- Third-party security audit (if required)
- Penetration testing (if required)
- Code review completed
-
PCI Compliance
- Self-assessment questionnaire completed
- If handling card data directly: PCI certification obtained
- Omise notified if you're PCI certified
-
Documentation
- Internal documentation complete
- Team trained on payment flow
- Incident response plan ready
Soft Launch (Recommended)โ
Before full public launch:
-
Limited Release
- Small group of test users
- Real payments with real cards
- Small transaction amounts
-
Monitor Closely
- Watch for errors
- Check webhook delivery
- Review transaction flow
- Gather user feedback
-
Verify Settlement
- Confirm funds are settling correctly
- Check transfer schedule
- Verify bank account details
Step 6: Switch to Live Keysโ
Once verification is approved and testing is complete:
Update Configurationโ
// Before (Test Mode)
const omise = require('omise')({
publicKey: 'pkey_test_5xp6c8ltm5wb5o45cls',
secretKey: 'skey_test_5xp6c8n0jvds5mmjizz'
});
// After (Live Mode)
const omise = require('omise')({
publicKey: 'pkey_5xp6c8ltm5wb5o45cls', // No "_test_"
secretKey: 'skey_5xp6c8n0jvds5mmjizz' // No "_test_"
});
Deployment Checklistโ
-
Environment Variables
- Live public key updated
- Live secret key updated
- Verified in all environments (staging, production)
-
Configuration
- Payment amounts are correct (not test amounts)
- Webhook URLs point to production
- Email settings use production values
- Database uses production instance
-
Remove Test Indicators
- "Test Mode" banners removed
- Test card instructions removed
- Staging/test URLs removed
-
Verify Live Dashboard
- Can see Live Dashboard
- Live keys visible
- Webhook configured for live
Step 7: Launch Dayโ
Final Checks (1 Hour Before Launch)โ
- SSL certificate valid
- All services running
- Database connections healthy
- Monitoring active
- Team on standby
Deploymentโ
-
Deploy During Low Traffic
- Avoid peak hours
- Weekday preferred (not Friday)
- Morning/early afternoon ideal
-
Staged Rollout
- Deploy to staging first
- Verify staging works
- Deploy to production
- Verify production works
-
Smoke Testing
- Make a real test purchase (small amount)
- Verify charge appears in live dashboard
- Check webhook delivery
- Confirm email sent
- Test refund if possible
First 24 Hours Monitoringโ
-
Watch Dashboard
- Check for failed payments
- Monitor success rates
- Review error messages
-
Monitor Logs
- Server errors
- API errors
- Webhook failures
-
Customer Support Ready
- Team briefed
- Support tickets monitored
- Quick response plan
-
Quick Rollback Plan
- Backup of previous version
- Rollback procedure tested
- Database rollback plan
Step 8: Post-Launchโ
First Weekโ
-
Daily Monitoring
- Review all transactions
- Check for anomalies
- Monitor error rates
- Review refund requests
-
Settlement Verification
- Confirm first transfers
- Verify amounts correct
- Check timing
-
Customer Feedback
- Survey customers
- Monitor support tickets
- Address issues quickly
Ongoingโ
-
Regular Reconciliation
- Match transactions to orders
- Verify settlement amounts
- Reconcile refunds
-
Performance Monitoring
- Track success rates
- Monitor response times
- Review error patterns
-
Security Audits
- Regular security reviews
- Keep libraries updated
- Monitor for vulnerabilities
-
Optimization
- Analyze payment method usage
- Optimize checkout flow
- Reduce abandonment rate
Common Issues & Solutionsโ
Verification Rejectedโ
Issue: Application rejected or requires more information
Solutions:
- Review rejection email carefully
- Provide requested additional information
- Ensure documents are clear and legible
- Contact support@omise.co for clarification
Transactions Failingโ
Issue: High failure rate after launch
Check:
- Are you using correct live keys?
- Is API endpoint correct (not vault endpoint for charges)?
- Are amounts in correct currency units?
- Check error messages in dashboard
Webhooks Not Deliveringโ
Issue: Not receiving webhook events
Solutions:
- Verify HTTPS with valid certificate
- Check webhook URL in live dashboard settings
- Ensure endpoint returns 200 status
- Check firewall isn't blocking Omise IPs
- Review webhook logs in dashboard
Settlement Delaysโ
Issue: Funds not appearing in bank account
Check:
- Hold period: 7 days (Thailand), 21 days (Japan)
- Transfer schedule: Daily around 10 AM Bangkok time
- Bank account details correct in dashboard
- Have you manually created transfers?
FAQโ
How long does business verification take?
Typically 3-5 business days for complete applications. May take longer if:
- Documents are unclear or incomplete
- Additional information is requested
- Application submitted near holidays
- Complex business structures
Start the verification process early while building your integration.
Can I start with a small launch?
Yes! We highly recommend a soft launch:
- Start with limited users or products
- Monitor closely for 1-2 weeks
- Gradually increase volume
- Scale to full launch
This reduces risk and allows you to catch issues early.
What if I need to go back to test mode?
You can always use test mode:
- Test mode remains available after going live
- Use test keys for new features
- Test mode data is separate from live
- No impact on live transactions
Do I need PCI certification?
Most merchants do not need full PCI certification if using:
- Omise.js for tokenization
- Mobile SDKs
- E-commerce plugins
You do need PCI certification if:
- You handle raw card data directly
- Cards pass through your servers
- You store card data
If you're PCI certified, notify Omise in advance.
Can I switch back to test keys after launch?
Yes, but understand the impact:
- Switching to test keys means no real transactions will process
- Customers will not be able to pay
- Only switch back if you need to stop taking payments
For testing new features, use a separate test environment with test keys, not your production system.
What happens if something goes wrong?
Have a rollback plan:
- Keep previous version deployable
- Document rollback steps
- Test rollback procedure
- Have team on standby for launch
If issues occur:
- Switch to maintenance page if needed
- Rollback to previous version
- Investigate the issue
- Fix and test thoroughly
- Redeploy
Contact support@omise.co immediately for urgent issues.
Resourcesโ
- Support: support@omise.co
- Dashboard: dashboard.omise.co
- Status: status.omise.co
- Security Guide: Security Best Practices
- Testing Guide: Complete Testing Guide
Final Tipsโ
- Don't Rush: Take time to test thoroughly
- Start Small: Soft launch with limited volume
- Monitor Closely: Watch everything for first few days
- Have Support Ready: Brief your team
- Communicate: Tell customers about new payment options
- Document: Keep notes on issues and solutions
- Iterate: Continuously improve based on data
Ready to launch? Review this checklist, complete all items, and go live with confidence!
Questions? Contact support@omise.co - we're here to help!