Moving to production
KYC, account funding, and what your account manager needs from you
Sandbox access is self-serve. Production access requires a handful of one-time steps - compliance, funding, and infrastructure - before we activate your keys.
This page covers the account-level prerequisites. For the integration-level pre-launch checklist (retries, webhooks, monitoring), see Before You Go Live.
The sequence
- Complete KYC/KYB
- Fund your wallet
- Register a webhook URL
- Submit IP allowlist (optional but recommended)
- Receive production credentials
- Run the go-live checklist
1. KYC/KYB verification
Your account manager will share a compliance checklist, typically covering:
- Incorporation documents for your business entity.
- Beneficial ownership disclosures for directors and major shareholders.
- Proof of address (utility bill or equivalent) for the business.
- Purpose of use - expected order volume, geographies, product categories.
- Source of funds confirmation.
Turnaround is typically 2–5 business days once documents are complete. If your business operates in a regulated sector (gambling, adult, crypto) additional review may apply.
2. Fund your wallet
Production orders deduct from a funded wallet. To activate one:
- Confirm the currencies you want wallets in (you can have multiple - one per currency).
- Receive wire-transfer instructions from your account manager for the initial top-up.
- Wait for funds to clear - usually same-day for intra-bank, 1–2 business days for SWIFT.
The settled balance becomes visible via GET /api/v1/wallets. Subsequent top-ups follow the same wire-transfer process.
Prepaid vs postpaid
Default wallets are PREPAID - you fund them before ordering. Larger accounts can qualify for POSTPAID wallets with periodic settlement; talk to your account manager.
3. Register a webhook URL
Production orders over 5 units are processed asynchronously, so your integration must consume webhook events to know when vouchers are ready. Even for smaller orders, webhooks are the recommended source of truth.
Share with your account manager:
- The URL - public, HTTPS-only, responds with
2xxwithin a few seconds. - The webhook secret - we'll generate one and share it back via a secure channel.
- (Optional) Event filters - which event types you want delivered.
Your endpoint must:
- Verify the
X-SignatureHMAC on every request - see Signature Verification. - Return a
2xxresponse promptly; queue the work asynchronously on your side. - Be idempotent on
X-Event-ID- we retry at least once on non-2xx.
Full implementation guide: Handling webhooks in production.
4. IP allowlist (optional)
For defence in depth, lock your production credentials to a set of source IPs:
- Share your egress CIDR ranges with your account manager.
- Once configured, requests from any other IP return
403 Forbidden. - This is per-client, not per-key - it applies to every request you make.
Strongly recommended if your infrastructure runs from fixed locations (VPCs, bare-metal, fixed NAT gateways). Skip if your workloads run from ephemeral public IPs (generic Lambda without NAT, home dev machines, etc.).
5. Receive production credentials
Once steps 1–4 are signed off, you'll receive a separate production API key/secret pair. These only work against the production host (https://api.octopuscards.io) - sandbox credentials will not authenticate in production and vice versa.
Store them in your secrets manager with clearly separated names:
# Sandbox
API_KEY_SANDBOX=…
API_SECRET_SANDBOX=…
BASE_URL_SANDBOX=https://sandbox-api.octopuscards.io
# Production
API_KEY_PROD=…
API_SECRET_PROD=…
BASE_URL_PROD=https://api.octopuscards.ioYour deployment pipeline should select the right pair based on environment.
6. Run the go-live checklist
Before you flip traffic to production, walk through Before You Go Live. It's a one-page checklist covering:
- Retries and timeouts
- Idempotency via
client_reference - Webhook signature verification and replay protection
- Low-balance alerts
- Error monitoring and request-ID logging
- Rate-limit handling
Skipping that checklist is the most common cause of day-one production incidents.
Questions about readiness
If you're unsure whether you're ready, reach out to your account manager. We'd rather delay activation by a day than watch a launch fail for something avoidable.