Getting Started
Integration checklist
Implementation checklist for a new operator integration.
Integration checklist
Use this checklist before asking OpenPoly to enable production traffic.
Build
- Implement backend call to
POST /api/operator/launch. - Store operator API key in server-only secret storage.
- Implement wallet adapter paths:
GET /balancePOST /debitPOST /creditPOST /debit-reversalGET /operation/{idempotency_key}
- Implement webhook receiver with signature verification and replay protection.
- Map operator user identity to stable
external_user_id.
Configure
- Create operator API key with only needed scopes.
- Configure allowed Mini App launch host in operator dashboard.
- Configure wallet adapter base URL and auth secret in operator dashboard.
- Configure webhook endpoint URL, event subscriptions, and webhook secret.
- Confirm market visibility mode and any allowlist or blocklist rules.
Validate
- Launch Mini App from operator backend with test user.
- Confirm launch token redemption works only once.
- Confirm wallet adapter debit, credit, reversal, and lookup are idempotent.
- Confirm webhook receiver accepts valid signature.
- Confirm webhook receiver rejects bad signature and stale timestamp.
- Confirm failed webhook delivery retries and can be replayed.
- Confirm staging drills pass before production cutover.
Production gate
- Secret rotation runbook prepared.
- On-call owner for wallet adapter and webhook receiver assigned.
- Logging redacts API keys, launch tokens, webhook secrets, and wallet secrets.
- Manual-review and compensation paths understood by operator support team.