Tonder home page

System Status
Log in
Log in

Getting Started

Online Payments

Integrate Tonder

Direct Integration

Getting Started

API Integration Overview
Quick Start

API Reference

Card Tokenization
Core Endpoints
Request Structure
Response Format
Transaction Status Check

Payment Processing

Payment Methods
Withdrawals

Integration

Webhooks
Error Handling

Regional Reference

Mexican Banking Reference

Resources

Production Readiness
Rate Limits
Support

On this page

Pre-Production Checklist
API Configuration
Security Implementation
Integration Testing
Monitoring and Alerting
Operational Procedures
Security Best Practices
Final Deployment Checklist
Post-Deployment Monitoring
Next Steps

Resources

Production Readiness

In this page you will find checklists and important information to ensure your integration is ready for production deployment.

Pre-Production Checklist

This checklist ensures your integration is ready for production deployment with proper security, monitoring, and operational procedures.

API Configuration

Configure production API credentials securely
Establish clear separation between staging and production environments
Set up production base URL configuration
Implement process for regular API key rotation

Security Implementation

Enforce HTTPS for all communications
Store API keys securely using environment variables or secret management
Implement input validation and sanitization
Ensure error messages don’t expose sensitive data

Integration Testing

Test all payment methods (Cards, SPEI, OXXO, Mercado Pago, SafetyPay)
Test all withdrawal methods (SPEI and debit card withdrawals)
Test error scenarios (declined payments, validation errors, network failures)
Test 3DS flow for card payments requiring 3D Secure authentication
Test webhook integration for real-time notifications

Monitoring and Alerting

Monitor payment success/failure rates in real-time
Set up alerts for unusual error rates or API failures
Track response time and latency performance
Monitor webhook delivery success rates

Operational Procedures

Establish escalation paths for payment issues
Create procedures for handling payment failures
Implement fallback procedures for API outages
Complete operational documentation for team
Train staff on payment operations and troubleshooting

Security Best Practices

Here are some security best practices to follow.

Credential Management

Store credentials securely – Use environment variables or a secrets manager
Use HTTPS – Make sure all communications are encrypted
Implement rate limiting – Protect your webhook endpoints from abuse
Log security events – Keep an eye out for anything suspicious
Keep credentials rotated – Regularly rotate your API keys

Performance Optimisation

Connection pooling – Reuse HTTP connections where possible
Timeout configuration – Set sensible timeouts (30s is a good starting point)
Retry with backoff – Use exponential backoff for retries
Asynchronous processing – Use webhooks for status updates instead of polling
Cache lookups – Cache transaction statuses when it makes sense

Final Deployment Checklist

For the final deployment, ensure you have completed the following checklist.

Complete security audit with all measures implemented and tested
Pass performance testing with load testing at expected traffic volumes
Activate all monitoring and alerting systems
Test backup procedures and validate disaster recovery procedures
Complete team training on production procedures
Update all operational documentation to current state
Prepare clear rollback procedures in case of issues
Establish emergency contact procedures and support contacts
Verify compliance with all regulatory requirements
Complete end-to-end testing in production environment

Post-Deployment Monitoring

We recommend monitoring the following metrics for the first 24 hours and first week. Follow the procedures below to ensure everything is running smoothly.

First 24 Hours

Keep a close eye on all payment flows, monitoring them continuously
Check error rates every 15 minutes and investigate any spikes
Make sure webhook deliveries are successful and retry any failures
Track key system performance metrics (CPU, memory, latency, etc.)
Have a team member on standby to respond quickly to any issues

First Week

Review daily metrics and logs for any anomalies
Generate and review weekly performance reports
Collect and monitor customer feedback for any pain points
Analyse error patterns to spot recurring issues
Optimise the system based on real traffic and usage data

Ongoing Operations

Carry out monthly security reviews and address any findings
Run quarterly performance assessments to ensure everything’s running smoothly
Regularly test disaster recovery procedures
Continuously improve monitoring and alerting setups
Keep team training up to date with regular refreshers

Next Steps

Review Support & Resources for ongoing operational support
Check Rate Limits for production traffic planning
Monitor Error Handling patterns in production
Set up Webhooks monitoring and alerting

Mexican Banking Reference Rate Limits

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.