Production Sign in

Going live

No approval queue. When your code passes against sandbox, switch the host and mint a live key.

Pre-flight checklist

  1. Idempotency on every write. See the guide.
  2. Webhook signature verification. Constant-time compare, 5-minute window. Snippets.
  3. Dedupe by event id. Webhooks are at-least-once.
  4. Handle 429 with backoff. Read Retry-After.
  5. Log X-Request-Id. Quote it in support tickets.

Mint a live key

Adeva Pro client console → Developer → API keys → Create. Pick minimum scopes. Secret shown once.

Switch the host

EnvironmentHostKey prefix
Sandboxsandbox.adevapro.com.auak_test_
Productionapi.adevapro.com.auak_live_
Wrong-mode keys get 401 unauthenticated at the auth layer. There's no path where a production key touches sandbox data or vice versa.

Zero-downtime rotation

  1. Mint a new key with the same scopes.
  2. Roll it out across all instances.
  3. Revoke the old key.

Same approach for webhook signing secrets: rotate via PUT /v1/webhooks with rotateSecret: true, deploy your receiver with both old + new accepted for a few minutes, then drop the old.