GuidesOnboarding checklist

Onboarding checklist

End-to-end checklist for moving from sandbox testing to production-grade live operations on Swappr.

Account creation

  • Sign up at app.swappr.me/sign-up
  • Verify your email
  • Add your team — Owner can invite Admins, Developers, Finance, etc.

Sandbox integration

  • Generate a sandbox API key (sk_test_...) at API & Webhooks
  • Add at least one IP to the key’s allowlist (mandatory)
  • Test GET /v1/balances — confirms auth + IP allowlist are correctly configured
  • Send a test payout via POST /v1/payouts with NGN test account 0690000032 (Access Bank, 044) — sandbox uses simulated providers, no real money moves
  • Set up a webhook endpoint pointed at your sandbox-side handler — verify the test event arrives + your signature verification works
  • Test bulk payouts via POST /v1/batches — confirm validation errors surface correctly per-row
  • Test name-enquiry on real bank accounts to confirm your UI shows the resolved name correctly
  • Wire up retry logic with idempotency keys + backoff
  • Test the failure path — submit a payout you expect to fail and ensure your handler processes the payout_failed webhook + auto-reverse correctly

KYC / compliance

  • Complete merchant KYC at app.swappr.me/settings/compliance
    • Sole traders: ID, proof of address, business registration cert
    • Registered companies: incorporation cert, articles of association, regulatory filings, director IDs, beneficial owner declarations
  • Wait for compliance approval (typically 1-3 business days)
  • Confirm via the dashboard that your status is active + you have at least one approved live currency

Production cutover

  • Generate a live API key (sk_live_...) — separate from sandbox; do NOT reuse credentials
  • Whitelist your production IP(s) on the live key
  • If your production runs on Vercel / Cloudflare Workers / serverless with rotating IPs, set up a static-egress proxy (Cloudflare Workers static IP, AWS NAT Gateway, etc.) and whitelist its single IP
  • Update your environment variables / secrets manager to inject the live key
  • Deploy to production
  • Run a single small live payout (e.g. ₦100 to your own account) to verify the end-to-end live path
  • Verify the live payout_paid webhook lands at your endpoint with a signed body
  • Set up monitoring on:
    • Webhook delivery success rate (alert on consecutive failures)
    • 4xx / 5xx rates from Swappr API
    • Wallet low-balance alerts (configure threshold in dashboard)

Ongoing operations

  • Subscribe to status.swappr.me for incident notifications
  • Review webhook deliveries weekly via GET /v1/webhook_deliveries?status=failed — investigate any consistent receivers returning 5xx
  • Audit your beneficiary list quarterly — soft-delete stale entries
  • Rotate API keys quarterly — generate new key, deploy, revoke old
  • Monitor your fee schedule + costs via the reports endpoints

Common pitfalls

⚠️

Don’t reuse sandbox keys in production. Sandbox keys are explicitly env-scoped — using sk_test_* against a live wallet returns 401 immediately.

⚠️

Don’t skip the IP allowlist. Empty allowlists are rejected at auth time with 403 ip_not_allowed. This is non-negotiable for security; we don’t allow keys to be used from anywhere.

⚠️

Don’t trust merchant-supplied names. For NGN, we always overwrite with the NUBAN-resolved name. For FX rails (GBP / USD / EUR / CAD-Interac), validate the name matches what the recipient expects on their end before submitting.

Subscribe to webhooks before sending live payouts. Without webhooks, you have no real-time signal of completion — only polling. Polling burns rate limits and adds latency.

Need help?

NUBAN account resolutionBuilding a webhook handler