Guides

Going to production

What changes when you move from sandbox to production — and how to do it safely.

Pre-flight checklist

  • KYB completed for your organization.
  • Production webhook endpoint registered and signature-verified in a staging test.
  • Idempotency keys generated for every mutating call.
  • Production spend policies reviewed by your finance + compliance owners.
  • Observability stream subscribed and feeding into your existing monitoring.
  • Key rotation procedure documented and tested.

KYB and onboarding

Before you can transact in production we run KYB on your organization: business documents, beneficial ownership disclosure, and a brief review by our compliance team. Most teams complete this in 2–5 business days.

Note
You can build everything in sandbox while KYB is in progress. There's no need to wait.

Key management

  • Production keys begin with ar_live_. Never check them into source control.
  • Use scoped keys per environment, per service. Avoid shared keys.
  • Rotate keys quarterly at minimum. The console supports zero-downtime rotation with overlap windows.
  • If you suspect a key has been exposed, revoke it from the console immediately. We'll surface affected events on the Observability stream.

Rollout pattern

We recommend a phased rollout:

  • Phase 1 — internal-only counterparties, small spend cap, paired human approval.
  • Phase 2 — expand counterparty allow-list, raise caps, reduce approval frequency.
  • Phase 3 — full autonomy within the policy envelope, with human approval only at exceptions.
← Back to docs indexAsk AgentRail Chat →