Operations
/
Validation And Go-Live

Validation And Go-Live

Validation should be split into sandbox validation and controlled production confirmation.

Sandbox validation

Sandbox testing uses a dedicated FINCI test product for card issuance and card management validation.

Authorization simulation is typically performed in a live remote session with the FINCI onboarding engineer so both sides can verify webhook handling and authorization response behavior in integrator-managed decisioning setups.

Sandbox validation should confirm the core integration flow, including:

  • create the required ownership, account, and cardholder records for the target program model
  • issue a card in the standard digital-first flow
  • receive an authorization webhook
  • if integrator-managed decisioning is in scope, approve a transaction
  • if integrator-managed decisioning is in scope, decline a transaction
  • receive the follow-up authorization advice with the final decision outcome
  • if integrator-managed decisioning is in scope, observe timeout-safe decline behavior
  • validate retry handling for repeated webhook delivery
  • receive clearing for an approved transaction
  • process a reversal
  • process a return
  • update card status and confirm downstream behavior

Validation evidence and review

Sandbox validation is not complete only because the test steps were executed. The results should also be reviewed and accepted by the FINCI onboarding engineer.

The onboarding review should be supported by test evidence such as:

  • API request and response traces
  • webhook payloads and response logs
  • transaction identifiers and timestamps that allow the tested flow to be traced end to end

This review confirms that the tested flow behaved as expected and that the integration is ready to move to the next stage.

Production confirmation testing

Production readiness should be confirmed through controlled end-to-end validation in the live environment.

That validation should include low-value production verification transactions (penny tests) to confirm that the production setup works as expected end to end.

These are controlled live-environment verification transactions that use low amounts to confirm that authorization, webhook delivery, and downstream transaction handling work correctly in production.

At a minimum, production confirmation should prove:

  • production credentials and IP whitelisting are in place
  • the live webhook endpoint is reachable and responds correctly
  • authorization webhooks reach the integrator environment and return valid responses when integrator-managed decisioning is in scope
  • live transaction processing can be observed and traced correctly

Operational readiness checks

In addition to functional testing, confirm:

  • if integrator-managed decisioning is in scope, webhook processing completes within the authorization timeout
  • duplicate events do not create duplicate postings or state changes
  • production security controls are in place, including correct handling of environment-specific credentials and secrets
  • operational logging is sufficient for troubleshooting
  • alerts fire for decisioning failures in integrator-managed decisioning setups and for transaction-processing gaps

Go-live readiness checklist

Before go-live, confirm:

  • sandbox validation has been completed successfully and the test evidence has been reviewed with the FINCI onboarding engineer
  • production credentials are provisioned
  • production IP whitelisting is confirmed
  • the production webhook endpoint is reachable and protected
  • low-value production verification transactions (penny tests) have been completed successfully
  • support teams know how to trace a transaction end to end
Built with