Skip to main content
Use this checklist before you point production creators at your app.

Environments

1

Separate API keys

Create distinct keys (and webhook endpoints) for staging and production. Scope staging keys narrowly.
2

Validate connect flows

Exercise every connect path you support — embedded, login, and mobile — against a test account in staging.
3

Smoke-test core actions

Run the guides you depend on: at minimum one read and one write per domain (messages, fans, content, or earnings).

Realtime

  • Register webhooks or subscribe to SSE in staging first; confirm signature verification and idempotent handlers.
  • Plan reconnect behavior for WebSocket clients.

Reliability

  • Implement backoff on 429 using Retry-After — see Rate limiting.
  • Parse RFC 9457 errors; branch on retryable and stable code values for agent automation.
  • Monitor error rates and quota headers; alert before hard limits block users.

Security

  • Complete the Security practices: no keys in clients, no credential logging, least-privilege scopes.

Launch

  • Roll out to a small cohort of creators before full traffic.
  • Keep a runbook for reconnecting accounts when sessions expire.
  • Document which surface each team owns (SDK vs hosted REST vs MCP).