Go Live Checklist

To successfully migrate to production, you'll need to complete the KYB onboarding process, enable request signing for security, configure Webhooks for transaction notifications, conduct thorough testing in the Sandbox environment, and coordinate closely with the NOAH team throughout the migration process.

The recommended timeline for this entire process is 2-4 weeks, though the actual duration will depend on your business complexity and specific compliance requirements.

Business Onboarding & Compliance

Complete KYB (Know Your Business) Process

Submit required business documentation to NOAH team
Complete AML (Anti-Money Laundering) checks
Await NOAH's institutional review and approval

tip

You can integrate and test in the Sandbox while KYB is in progress.

Select Compliance Model

Choose between Reliance Model (share KYC data with NOAH) or Standard KYC
Implement required KYC/AML frameworks for your customer onboarding
Review Compliance Models documentation

Business Account Setup

Register at business.noah.com with business email
Contact NOAH representative to upgrade from personal to business account
Access Business Dashboard for configuration

Security & Authentication

Generate Production API Keys

Create new production API keys via Business Dashboard
Store API keys securely (only visible at creation time)
Never expose in client-side code, repositories, or unencrypted networks
Set up secure storage and access controls for authorized personnel only

Enable Request Signing (MANDATORY)

Generate ES384 private/public key pair for production
Upload public key when creating production API key
Implement JWT signing with ES384 algorithm in your application
Test request signing thoroughly in the Sandbox first

warning

Do NOT share private keys between the Sandbox and Production environments.

Key Management Best Practices

Secure private key storage (never expose publicly)
Plan for regular API key rotation
Separate the Production keys from the Sandbox keys
Document key management procedures for your team

Webhook Configuration

Set Up Webhook Endpoints

Implement Webhook handlers for Transaction events
Handle both transaction creation (Pending status) and status changes (Pending/Settled/Failed)
Ensure Webhook endpoints can handle NOAH's payload format

Configure Webhook Subscriptions

Subscribe to required event types through Business Dashboard
Test Webhook delivery and processing in the Sandbox
Implement proper error handling and retry logic

Network Security (Optional)

Whitelist NOAH's Webhook IP addresses if required by your infrastructure
Configure firewall rules for Webhook traffic

Testing & Validation

Complete Sandbox Integration

Successfully create customers using Business API
Test all intended transaction flows (Bank Onramp, Global Payouts, etc.)
Validate Dynamic Forms integration if using Global Payouts
Test error handling and edge cases

Request Signing Testing

Verify JWT generation and signing works correctly
Test with exact request body hashing (SHA-256)
Confirm Api-Signature header implementation
Validate authentication works with signed requests

Webhook Testing

Verify Webhook receipt and processing
Test transaction status change notifications
Confirm Webhook signature validation (if implemented)
Test Webhook retry/failure scenarios

End-to-End Transaction Testing

Complete full transaction flows in the Sandbox
Test with Sandbox/Testnet cryptocurrencies
Validate reconciliation through Business Dashboard
Test customer onboarding and KYC processes

Environment Migration

Update API Endpoints

Change base URL from https://api.sandbox.noah.com to https://api.noah.com
Update Business Dashboard URL from business.sandbox.noah.com to business.noah.com

Replace Sandbox Credentials

Deploy production API keys (remove all sandbox keys)
Use production private keys for request signing
Update Webhook URLs to production endpoints

Environment-Specific Configuration

Switch to live cryptocurrency networks (mainnet)
Update any test data or configurations
Verify production database connections

Operational Readiness

Business Dashboard Setup

Configure transaction monitoring and alerts
Set up reporting and reconciliation processes
Train team on production dashboard usage
Set up backup access procedures

Production Support

Coordinate go-live timeline with NOAH team
Establish support contacts and escalation procedures
Plan for production monitoring and alerting
Document troubleshooting procedures

Final Coordination with NOAH

Schedule production migration call with NOAH team
Complete required production testing with NOAH guidance
Confirm all compliance requirements are met
Get final approval for production launch

Essential Headers for Production API Calls

X-Api-Key: YOUR_PRODUCTION_API_KEY
Api-Signature: YOUR_SIGNED_JWT_TOKEN
Content-Type: application/json

note

Request signing is mandatory in production
Never share private keys between environments
API keys are only shown once at creation
Store all credentials securely

Business Onboarding & Compliance​

Complete KYB (Know Your Business) Process​

Select Compliance Model​

Business Account Setup​

Security & Authentication​

Generate Production API Keys​

Enable Request Signing (MANDATORY)​

Key Management Best Practices​

Webhook Configuration​

Set Up Webhook Endpoints​

Configure Webhook Subscriptions​

Network Security (Optional)​

Testing & Validation​

Complete Sandbox Integration​

Request Signing Testing​

Webhook Testing​

End-to-End Transaction Testing​

Environment Migration​

Update API Endpoints​

Replace Sandbox Credentials​

Environment-Specific Configuration​

Operational Readiness​

Business Dashboard Setup​

Production Support​

Final Coordination with NOAH​

Essential Headers for Production API Calls​