The checklist
1
Finish sandbox verification
Run one complete payment in sandbox: session → card entry → passkey → credentials → checkout →
report-status →
completed. If any step surprises you, fix it now;
Errors has every code.2
Switch to production from the dashboard
Production is a separate environment you enable at
dashboard.prava.space (the developer dashboard).
Going live may require additional
verification of your entity:
This step needs Prava’s help — everything else is self-serve. Email
support@prava.space with your account email, your entity/merchant name,
and what you’re requesting. We’ll take it from there.
3
Swap keys and base URL
Keys are environment-bound: a
sk_test_* key against the production host fails with AUTH_1001.4
Verify allowed domains
Your production frontend domain(s) must be in allowed domains in the dashboard; the iframe and
session middleware reject other origins.
5
Lock down your secret key
sk_live_* lives only in server-side env/secret storage, never in client code, version control,
or logs. Rotate immediately if exposed.6
Wire up failure handling
- Report every outcome via Report Status, including
DECLINED. - Handle session expiry (15 min): create sessions late, and re-create rather than reuse.
- Log the
X-Response-IDheader from every Prava response; it’s how support traces issues.
Quick self-audit
Questions at any step: support@prava.space. Include the
X-Response-ID of any failing request.