Integration Checklist

Use this checklist to track your progress from initial setup through production launch. Complete each phase before moving to the next.

#Setup

• Obtain sandbox credentials (MID, API key) from Exirom
• Authenticate and obtain a bearer token (POST /api/v1/auth)

#Development

• Implement card payment flow (POST /api/v1/payments/card)
• Handle 3D Secure redirects (challengeUrl)
• Implement webhook callback handler
• Verify callback checksums (HMAC-SHA256)
• Handle idempotency (unique requestId per transaction)
• Implement APM payment flow (if applicable)
• Implement HPP flow (if applicable)
• Implement error handling for all decline codes

#Testing

• Process a test payment in sandbox
• Test the 3D Secure challenge flow
• Test webhook callback delivery and processing
• Test failure scenarios (declined, timeout, network error)
• Test idempotency (submit duplicate requestId, verify no double charge)
• Test APM flows if applicable

#Pre-Production

• Switch to production credentials
• Update base URL from sandbox to production
• Verify callback URL is publicly accessible over HTTPS
• Implement logging for all API requests and responses
• Set up monitoring and alerting for failed transactions
• Implement webhook deduplication
• Implement webhook signature verification
• Implement token caching (don't auth per request)
• Review common integration mistakes

#Go Live

• Process a small live transaction to verify end-to-end flow
• Monitor webhook delivery success rate
• Confirm settlement flow with the Exirom operations team

For the full production readiness guide including monitoring, PCI compliance, and credential management, see Going to Production.

#See Also

• Glossary -- definitions of key terms used across the API