Readiness checklist
Confirm each item before requesting production access.Full lifecycle tested in sandbox
Your integration handles investor creation, KYC, bank linking, funding, order placement and fills, withdrawals, and error paths end to end.
Idempotency keys implemented
Every deposit and withdrawal request sends an
Idempotency-Key header so retries never double-move money.Error handling is robust
You handle
401 auth failures (rotate/refresh credentials), 429 rate limits (exponential backoff with jitter), 400 validation errors (surface or log), 5xx server errors (retry with backoff), and network timeouts (retry with the same idempotency key). See the API reference for the error model.Webhook endpoints secured
If you use webhooks: HTTPS only, verify signatures before processing, respond
2xx within seconds, and handle duplicate deliveries idempotently. See Webhooks.Credentials stored securely
API keys and secrets live in a secret manager — not in code or config files — and you have a rotation process ready.
Request production access
Email support@bluumfinance.com with:- Your company name and dashboard account email.
- A description of your product and integration model.
- Confirmation that you’ve completed the checklist above.
support@bluumfinance.com is the single support channel for credentials, access, compliance, and technical questions.Cut over to production
Smoke test
Confirm connectivity with a read-only request:Expect
200. A 401 means the key or secret wasn’t updated.Credential rotation
Rotate keys on a schedule (every 90 days is a reasonable default):- Generate a new key pair in the dashboard.
- Deploy the new credentials to production.
- Verify connectivity with the new pair.
- Revoke the old pair.
Observability
Log every request and response with the HTTP method and path, the response status, theX-Request-Id header, and the response time. Alert on elevated 5xx rates, 429 rate-limit hits, orders stuck in a non-terminal status longer than expected, and webhook delivery failures.