General

1. Request production access and retrieve your production client_id and secret from your Customer Dashboard. Ensure your production keys are used and secured - never saved in source control or client-accessible.
2. Give the Knot team a heads up regarding your launch timeline.
3. Save your client_id and secret in your application server and create a new session each time you initialize the SDK.
4. Add a webhook to receive key events and validate the HMAC signature to ensure the events come from Knot. Most importantly, ensure you handle the AUTHENTICATED event, as well as the MERCHANT_STATUS_UPDATE event if you display merchants natively in your app.
5. Listen to client-side callbacks to monitor various events related to the user's lifecycle through the Knot SDK, including the refresh session request event to know when to call Extend Session if the user is still using the SDK.
6. Ensure you provide a value in entry_point when initializing the SDK. This value is provided back in webhooks to help you track the conversion of users through the flow.
7. Remove any user_good test calls to prepare for production.

CardSwitcher

When you receive the AUTHENTICATED webhook, call the Switch Card or Switch Card (JWE) endpoint from your backend, unless you are using the Unit integration.

Web

If you have not already, allowlist your production domain in your Customer Dashboard.