Skip to main content

Prelaunch checklist

Before going live, consult this checklist as a simple resource to ensure you are ready for a successful launch.

Prelaunch configuration

Create verifications when users start the flow

Call verification creation endpoints (for example Perform access age verification) only after the user takes an action to begin verification. Don't pre-generate verifications or widget URLs for flows they might never start. See Best practices for more detail.

Know your rate limits before launch

Live mode rate limits are significantly higher than test mode. Confirm your service can stay within the default rate limits for both API requests and age verification / parental consent flows, or contact your k-ID representative if you need an increase.

  • Product Configuration (in the Compliance Studio)

    • Product details and branding configured
    • Permissions properly mapped to game features (when applicable) in Permissions configuration
    • Verification methods selected and configured
    • Target origins properly configured for both test and production

  • API Integration

    • Widget URLs generated correctly for all flows
    • Event handlers implemented for all widget types
    • Error handling implemented
    • Rate limiting and HTTP 429 handling implemented. See Rate limits
    • Fallback flows defined for edge cases

Security validation

  • Proper Environment Mapping

    • Test API key calling test endpoints
    • Live API key calling live endpoints

  • Origin Validation

    • Event origin validation implemented
    • Target origins configured in the Compliance Studio
    • CSP headers configured if applicable

  • iframe Security

    • Appropriate allow permissions set
    • Sandbox attributes reviewed
    • No sensitive data in URL parameters

Final validation

  • End-to-End Testing

    • Complete user journeys tested
    • Trusted Adult experience validated
    • Session management working correctly
    • Permission updates reflected in game

  • Compliance Verification

    • Legal review completed
    • Compliance Engine up-to-date
    • Privacy policy updated
    • Data handling procedures verified
    • Audit trail capabilities confirmed

Once all checklist items are completed, you're ready to publish your configuration to the live environment and begin serving real users with the CDK.