Going to Production
A pre-launch checklist for taking your SendAPI integration from development to production.
Pre-Launch Checklist
1. Authentication & Security
- [ ] Store your
sk_live_API key in environment variables — never in source code. - [ ] Ensure all API calls are made over HTTPS.
- [ ] Implement proper error handling for
401,403, and429responses. - [ ] Add retry logic with exponential backoff for transient failures.
2. Webhooks
- [ ] Configure your production webhook URL in the Dashboard Settings.
- [ ] Ensure your webhook endpoint returns
200 OKwithin 5 seconds. - [ ] Implement idempotent webhook processing (events may be delivered more than once).
3. Rate Limiting
- [ ] Implement client-side rate limiting to stay within your plan's limits.
- [ ] Parse
X-RateLimit-Remainingheaders to proactively throttle requests. - [ ] Handle
429responses gracefully with theRetry-Afterheader.
4. WhatsApp Sessions
- [ ] Use a dedicated phone number for production — not your personal number.
- [ ] Monitor session health via the dashboard or
session.disconnectedwebhook events. - [ ] Keep your phone connected and charged to maintain the session.
5. Email Deliverability
- [ ] Set up a verified custom domain for sending emails.
- [ ] Configure SPF, DKIM, and DMARC records for your domain.
- [ ] Use the
fromaddress on your verified domain, not the default.
6. Monitoring
- [ ] Monitor your Usage dashboard for quota consumption.
- [ ] Set up alerts for unusual activity patterns.
- [ ] Track delivery rates and respond to bounces or failures.
Recommended Architecture
Your App Server
│
├── POST /v1/sms/send → Fire-and-forget
├── POST /v1/whatsapp/send → Fire-and-forget
├── POST /v1/email/send → Fire-and-forget
│
└── POST /your-webhook ← SendAPI pushes delivery events- Use async/queue-based processing for outbound messages.
- Process webhooks synchronously but offload heavy work to background jobs.
- Use idempotency keys on all
POSTrequests to safely handle retries.