Skip to main content

Production Readiness

Use this checklist before treating a Red Cloud integration as production-ready.

This page is intentionally operational. It is not about writing the first request. It is about confirming the integration is supportable once real traffic starts.

Authentication readiness

Confirm:

  • client_credentials token flow works from the deployed environment
  • secrets are stored in the correct secret manager or runtime environment
  • token refresh behavior is implemented
  • authentication failures are logged clearly without logging secrets

Client-context readiness

Confirm:

  • /api/core/whoami is part of your startup or diagnostic toolkit
  • support can identify which API client context is active
  • the integration can verify assigned-number counts and webhook configuration status

Number readiness

Confirm:

  • the correct numberId values are stored for sending
  • the numbers are ACTIVE
  • smsEnabled and mmsEnabled match your use case
  • any required webhook overrides are intentionally configured

Send-flow readiness

Confirm:

  • every send includes Idempotency-Key
  • retry logic preserves the same key for the same business operation
  • the integration stores messageId and externalReference
  • the client does not treat 202 as final delivery

Webhook readiness

Confirm:

  • webhook endpoints are publicly reachable
  • signatures are verified against the raw body
  • handlers are idempotent
  • handlers persist messageId, externalReference, and sequence
  • handlers return 2xx only after durable internal acceptance

Operational visibility readiness

Confirm:

  • request failures log requestId when present
  • send acceptance logs messageId
  • webhook events can be correlated back to business records
  • support teams can inspect accepted, sent, delivered, and failed states separately

Failure-path readiness

Test these scenarios deliberately:

  • invalid client credentials
  • expired bearer token
  • invalid sendFrom
  • missing Idempotency-Key
  • webhook signature verification failure
  • webhook endpoint temporary outage

If you only test the happy path, your production launch is not ready.

Before go-live:

  1. acquire token from the real runtime
  2. verify /api/core/whoami
  3. verify /api/core/numbers
  4. send a controlled test message
  5. confirm message.queued
  6. confirm later webhook lifecycle events
  7. verify support can trace the send using messageId

Support handoff checklist

Your internal support team should know:

  • where API client credentials are managed
  • how to verify active client context
  • how to verify assigned numbers
  • how to interpret QUEUED versus later webhook delivery states
  • what fields to capture before escalation