> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://amer.developers.trustly.com/llms.txt.
> For full documentation content, see https://amer.developers.trustly.com/llms-full.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://amer.developers.trustly.com/_mcp/server.

# Integration checklist

Before you begin acceptance testing or move to production, use this checklist to verify you've successfully completed your Trustly integration.

#### User experience (UX) ([Branding requirements](/integrate/get-started/branding-guidelines))

* [ ] **Cancel flow:** If a user clicks 'Cancel' in the Trustly Lightbox, ensure your application returns them to your checkout selection page, not an error page.
* [ ] **Error messages:** If Trustly declines a transaction, display a friendly message asking the user to try again or choose a different bank, rather than a generic 'System Error'.
* [ ] **Mobile responsiveness:** Test the integration on a mobile device to ensure the Trustly Lightbox does not overlap with your site navigation bars or headers.

#### Security and compliance ([Generate request signatures](/integrate/api-fundamentals/secure-requests-and-signature-validation/generate-request-signatures))

* [ ] **Request signatures:** Ensure your backend generates a unique `requestSignature` for every `Establish` call. Never hardcode signatures or generate them on the client side.
* [ ] **Webhook validation:** Verify your webhook listener validates the signature in the header of every incoming notification to prevent spoofing.
* [ ] **PII handling:** Pass Personally Identifiable Information (Names, Emails) only in the `customer` object. Never pass PII in the `description` field.
* [ ] **Script source:** Load the Trustly SDK directly from `trustly.one`. Do not host the script file on your own servers.

#### Payment logic and data ([Manage transactions](/integrate/core-concepts/webhooks-and-events))

* [ ] **Establish Data parameters:** Ensure your `establishData` payload includes all required `customer` and `metadata` fields before initiating a transaction.
* [ ] **Transaction IDs:** Ensure your database stores the Trustly `transactionId` returned in the redirect URL and webhook. You need this ID for all future refunds or support requests.
* [ ] **Async fulfillment:** Verify your system fulfills orders based on the `COMPLETED` webhook event, not just the user redirect to the success page.
* [ ] **Split tokens (Trustly Pay):** If using Trustly Pay, capture and store the `splitToken` to enable one-click payments for returning users.
* [ ] **Duplicate handling:** Ensure your webhook listener handles duplicate events idempotently. For example, if Trustly sends the same `Success` webhook twice, do not duplicate the payment.

### Next steps

After validating your Trustly integration, complete the following tasks:

* [Test your integration](/integrate/api-fundamentals/testing): Validate your error handling and success paths in the Sandbox.
* **Schedule certification**: Contact your assigned Trustly integration manager to complete a formal review of your integration.
* [Go-live checklist](/integrate/manage-your-integration/go-live-checklist): Prepare your environment for production.