Links
🚀

Going live

Overview of everything you would need for going live
This chapter will give you an overview of everything you would need for going live with your cloud setup

Prerequisites

In order to user Hyperswitch for accepting digital payments through a consumer facing website or mobile application there are three main prerequisites
Resources
  • Account with cloud service provider (AWS/ GCP) to host Hyperswitch application
  • Contractual relationship and active processing account with payment processor or acquirer (this will be in the form of API keys or merchant identifier)
Technical Know How
  • For deploying and managing application using Kubernetes
  • Handling a Web application written in Rust using Postgres (primary datastore), Redis (distributed key-value store for cached lookups), Prometheus/Grafana (monitoring), S3/CDN (serving static files)
Ensuring Compliance
Refer here to find out which level of PCI compliance applies to your business.
  • Report on Compliance (ROC): Engage an independent third-party Qualified Security Assessor (QSA) certified by the PCI-SSC to perform the PCI audit and share the findings. The ROC will be prepared by the QSA at the end of the PCI compliance activity. This is required only if your online business processes greater than 1 million card transactions per annum.
  • Quarterly Network scans: Engage an Approved Scanning Vendor for conducting quarterly network scans and submitting the scan reports to the payment processor/ acquirer
  • Self Assessment Questionnaire (SAQ): This is an assessment which can be self-completed by a business without engaging an Independent PCI Auditor, if your business processes less than 1 million card transactions per annum. A person responsible for the payment infrastructure within your organization fills out the SAQ. This could be the stakeholder who is the closest to your payment infrastructure - your Dev Ops Manager, or Information Security Officer, or CTO.

Go live checklist:

Here's a quick summary of everything you would need for going live with Hyperswitch:

Monitoring

  • Make sure logs are being printed for all components in your setup
  • Aggregate your logs across instances and setup a logging system (e.g. Grafana Loki) for storing and viewing your logs
  • Make sure your metrics pipeline is setup and provides visibility into both application and system performance

PCI Compliance

  • Make sure your system is meeting the PCI compliance requirements for your business
  • If you are storing card data make sure your card vault is set up as per our instructions

Security

  • Keep the system hidden from external access; instead, use a front-end system or a reverse proxy as a protective layer in front of it
  • Make sure to follow our security guidelines for various components in your set up

Integrate with your app

  • Make sure your API keys are not exposed on the front-end (website/mobile app)
  • Avoid duplication or storage of your API keys in multiple locations
  • Test your integration and make sure all scenarios in the payments lifecycle is handled
  • Make sure your application (Frontend/Backend) is set up to handle all the possible error scenarios
  • Keep track of new releases/bug fixes and make sure to keep your system updated

Infra

  • Make sure DB and Redis connections are properly configured
  • Load test your setup and provision resources according to the expected traffic
  • In case you have whitelisting for outgoing request endpoints, make sure to whitelist the required processor endpoints
Last modified 20d ago