Best practices
Production payment systems require careful engineering and operations.
Use idempotency everywhere it matters
Payment creation, beneficiary creation, and internal transfers should use stable idempotency keys where supported.
Treat webhooks as notifications, not commands
A webhook tells you something changed. Fetch the latest resource if you need authoritative state.
Store CashXChain IDs
Store IDs for accounts, beneficiaries, quotes, payments, ledger entries, and events.
Build for exceptions
Handle:
- Quote expiry.
- Required action.
- Payment failure.
- Payment return.
- Account restriction.
- Webhook duplicate.
- Partner downtime.
- Rate limits.
Separate duties
Use approvals for large or sensitive payments. Do not let the same user create and approve high-value transfers without controls.
Secure credentials
Use a secret manager, rotate keys, and never expose production keys in frontend code.
Reconcile daily
High-volume accounts should reconcile at least daily using ledger entries and statements.
Test before production
Use sandbox to simulate success and failure paths. Do not go live with only the happy path implemented.