Manage Your Integration

Go-live checklist

View as Markdown

Once you’ve completed your development and verified your integration in the Sandbox environment, use this checklist to ensure your system, team, and infrastructure are ready for live transactions.

  • Sign your contract: Ensure your commercial agreement is fully executed. Production credentials cannot be issued until this is complete.
  • Obtain production keys: Request your Production merchantId, AccessKey, and Secret. These are distinct from your Sandbox keys and are not interchangeable.
  • Update IP allow-lists: If your firewall restricts outbound traffic, ensure you have whitelisted the Trustly production IP ranges. These differ from the Sandbox IP ranges used during development.

See Authentication.

  • Switch API endpoints: Update your backend configuration to point to the Production base URL (https://trustly.one instead of the sandbox URL).
  • Update client-side script: Ensure your front-end integration loads the Trustly Lightbox SDK from the production Content Delivery Network (CDN). Do not use the sandbox script source in a live environment.
  • Configure production webhooks: Register your production notificationUrl by contacting Trustly Support or your integration representative. Ensure this endpoint is publicly accessible and securing traffic using TLS 1.2+.

See API Reference.

  • Provide statement descriptor: Ensure you provide your preferred ‘Soft Descriptor’ (the text that appears on a customer’s bank statement) to Trustly during the underwriting process. This should match your business name to prevent unrecognized charge disputes.
  • Provide your company logo: Supply your company logo to your Trustly integration resources. They will configure it to ensure it renders correctly in the Trustly Lightbox.
  • Test support links: Ensure the support phone numbers or email addresses displayed to users in your application point to your live customer support team, not a dev team.

See Branding requirements.

  • Create user accounts: Invite your Finance and Operations team members to the production Merchant Portal. Do not share the developer ‘admin’ login used during testing.
  • Set user permissions: Restrict sensitive actions (like ‘Refunds’ or ‘API Key Management’) to authorized roles only.
  • Subscribe to status updates: Have your DevOps team access the status page located within the Merchant Portal to view automated alerts for system maintenance or downtime.

See Merchant Portal.

  • Process a live pay-in: Perform a real transaction using a real bank account (not the demo or test bank) for a small amount (for example, $1.00).
  • Verify settlement: Confirm that the funds leave your bank account.
  • Process a refund: Initiate a refund for that transaction with the API or Merchant Portal to verify the money movement back to the source account.
  • Verify reporting: Check the Merchant Portal the next day to ensure the transaction appears correctly in your daily settlement reports.

See Testing.