PayMongo HomeGuidesAPI ReferenceStart Building
Guides

Go-live checklist

Ready your Payment Intent and Payment Methods API integration. Covers per-method tests, refunds, disputes, security, and the live mode smoke test.

Use this checklist when you are integrating using Payment Intent and Payment Methods directly through the PayMongo API. It covers method activation, per-method integration, refunds, disputes, security, and the live mode smoke test.

Who this checklist is for

Merchants who integrate PayMongo via the API, either alongside a payment channel or as a custom integration. Most items in this checklist are API tasks. If you only use Hosted Checkout, Payment Links, Payment Pages, or an e-commerce plugin, the Payment Channels go-live checklist covers what you need.

ℹ️

Before you start: Complete the Get Started go-live checklist. Your account must be activated, and the payment methods you plan to use must show Active in Settings → Payment Methods.

Required for launch

Method selection

  • Confirm the payment methods you need

    List the methods you will accept at go-live: Cards, GCash, GrabPay, Maya, ShopeePay, QR Ph, BNPL through BillEase, direct online banking, Google Pay, and any others. See Payment Acceptance overview.

  • Confirm each payment method is activated

    Open Settings → Payment Methods in live mode. Confirm each method shows Active. Your PayMongo Wallet must be Enabled before some methods can be activated. See Account capabilities.

Card payments

  • Confirm cards are tokenized correctly

    Collect card details client-side and create a Payment Method using your public key. Never send raw card numbers, expiry dates, or CVCs to your server. Never store card data on your side, even temporarily. See Payment Acceptance best practices.

  • Confirm the 3D Secure 2.0 redirect flow is handled

    Redirect customers to 3DS URLs when prompted. After they return, retrieve the Payment Intent server-side to confirm the final status before you fulfill the order.

  • Confirm card flows work end to end in test mode

    Use the test cards documented in Payment Acceptance testing. Cover successful authorization, declined card, 3DS challenge, and a card on the blocked list.

QR Ph

  • Confirm QR Ph readiness

    QR Ph is active by default once your account is activated. Decide whether you will use dynamic QR through the API or in-store (static) QR for your use case. See QR Ph.

  • Confirm QR Ph works end to end in test mode

    Generate a test QR Ph payment, simulate payment acceptance via the test url, and confirm the resulting payment object and webhook event.

E-wallets

  • Confirm e-wallet flow works end to end in test mode Test every e-wallet you will offer (GCash, GrabPay, Maya, ShopeePay) in test mode. Cover both the successful payment path and the customer cancellation path.

  • Confirm e-wallet mobile flows are handled (if integrating in a mobile app)

    Follow the mobile-specific integration steps for GCash Validate the return URL handling in your app so the customer comes back to the correct screen after authorizing. See Integrating GCash on mobile.

Refunds

  • Confirm the refund flow works

    Issue a test refund and confirm the refund.succeeded event arrives at your webhook endpoint. Document your internal refund SOP. See Refunds.

Webhooks

  • Confirm your webhook handler is built for payment events

    Subscribe to the events your application needs: payment.paid, payment.failed, payment_intent.succeeded, refund.succeeded. The full handler setup steps (signature verification, idempotency, retries) live in the Developer Tools go-live checklist. See Webhook events.

Reconciliation

  • Confirm your payment reconciliation process

    Tie every PayMongo payment back to an internal order, invoice, or customer record. Use a consistent reference format so your team can match payments against your system. See Payment reconciliation.

Security and data

  • Confirm all payment pages are served over HTTPS

    The PayMongo API rejects plaintext HTTP. Serve every page where a customer initiates a payment over HTTPS.

  • Confirm payment status is verified server-side, not client-side

    After a 3DS redirect or any callback, retrieve the Payment Intent server-side using the return_url. Do not fulfill an order based on URL query parameters or a client-side success response alone.

  • Confirm your logs are sanitized

    Audit your request and response logging. Card details, payment method details, and full API responses must not appear in general application logs.

Test then go-live

  • Confirm webhook events arrive correctly in live mode

    After your live mode smoke test, verify the expected webhook events landed on your endpoint with valid signatures. At minimum, verify payment.paid for a successful payment and refund.succeeded for a test refund.

  • Confirm a live mode smoke test passes

    Switch to live mode and run one small real payment per method you have enabled. Refund yourself after. Confirm the webhook delivery, the Dashboard view, and the reconciliation match.

Best practices

  • Confirm the hold-then-capture flow (if used)

    Validate the hold and capture flow in test mode if your business model uses auth then capture (car rental, hotel, and similar). See Hold then capture. Skip this item if you only use immediate capture.

  • Confirm the Google Pay flow (if offered)

    Validate the integration in test mode. See Digital wallets. Skip this item if you do not offer Google Pay.

  • Confirm the BNPL flow (if offered)

    Walk through the customer journey in test mode for BillEase or any other BNPL method, and confirm the final payment status. See Buy now, pay later. Skip this item if you do not offer BNPL.

  • Confirm the direct online banking flow (if offered)

    Test the redirect and return flow for each enabled bank (BPI, UnionBank, BDO, Landbank, Metrobank, RCBC). See Direct online banking. Skip this item if you do not offer direct online banking.

  • Confirm subscriptions are enabled and the recurring billing lifecycle works (if using subscriptions)

    Subscriptions need separate activation from payment method activation. They are supported on Cards, GCash, and Maya. Email [email protected] to enable. Once enabled, validate the create, charge, and cancel lifecycle in test mode. See Subscriptions. Skip this item if you do not run recurring billing.

Next steps

After acceptance is live and tested, finish the surrounding setup:

Updated about 10 hours ago