Production checklist

Credentials

Create live credentials only after your test-mode integration has passed uploads, polling or webhooks, and error handling.

• Live token is stored in your secret manager, not in source control.
• Token abilities are limited to the integration's needs.
• Token rotation has an owner and a runbook.
• Environment variables are separated for test and live deployments.

Uploads

Upload code should be retry-safe and should preserve enough context to support operators when processing takes time.

• Each logical upload sends a stable Idempotency-Key.
• Your database stores the exdata document ID and local source ID together.
• Your UI or job state supports pending, completed, error, and blocked.
• Your integration validates file size and type before upload where possible.

Webhooks

Webhook receivers should be small, deterministic, and idempotent. Do the minimum required work before returning a 2xx response.

• Receiver verifies X-Signature with the raw request body.
• Receiver rejects stale deliveries using X-Timestamp if your threat model requires a time window.
• Receiver stores X-Delivery before starting downstream work.
• Receiver handles duplicate delivery IDs without repeating automation.

Errors

Build explicit paths for validation errors, rate limits, blocked documents, and failed extraction runs.

Observability

Keep exdata identifiers next to your local identifiers so support and reconciliation can move quickly.

• Log local source ID, exdata document ID, and X-Request-ID.
• Record webhook event type, delivery ID, and processing result.
• Alert when documents stay pending beyond your expected window.
• Expose candidates in internal review tools when a field affects money, tax, or vendor identity.

Go-live

Before sending production volume, run one live document through the complete workflow and inspect the final JSON, webhook logs, and downstream mapping.