Go live

Before creating production versions of your applications and going live, there is a review and approval process of your sandbox application. This requirement is also reflected in the Fullscript API License Agreement.

To get started, sign in to the Fullscript API Dashboard and click the Submit for Review button at the top of the page. In the two popup screens that appear, select the Sandbox application you want reviewed, then use the provided link to book a review time with one of our specialists.

Screen captures of the Fullscript API Dashboard showing the location of the Submit for Review button near the top of the page

We may have feedback and suggestions for you! Once this process is complete, you’ll be allowed to create and configure your production App(s) on the Fullscript API Dashboard. The final go-live process is influenced by contracting and agreed upon marketing efforts. You can request your production application to be listed in our in-app Integrations page via the dashboard also.

Go-Live Development Checklist

  • Complete development and testing of your sandbox application(s)

  • Submit your application for review and book a time with one of our specialists

  • If needed, address feedback or suggestions from the review

  • Create your production App(s) on the Fullscript API Dashboard

    • be sure to provide your production OAuth redirect URI
    • Fullscript.js: provide your production Origin URI
    • Webhooks: provide your app’s production endpoint for webhooks
  • Update your app’s production version code to point to production Fullscript API endpoints (US and/or Canada)

  • Update your app’s source to use production OAuth client ID and secret values, found in your app’s OAuth tab on the Fullscript API Dashboard. This value is different for each target environment (US vs Canada).

  • Fullscript.js: Update your app’s source to use production public key value, found in your app’s Fullscript.js tab on Fullscript API Dashboard. This value is different for each target environment (US vs Canada).

  • Webhooks: Update your app’s secret challenge token value, and if verifying the validity of the incoming messages, also update the Fullscript signature secret key. These values are different for each target environment (US vs Canada).

  • Whitelist Fullscript domains (when applicable): If you have an existing Content Security Policy (CSP) implemented for iframes within your app, you have to whitelist the following domains to load Fullscript.js iframe properly:

    • https://us.fullscript.com
    • https://ca.fullscript.com
  • Go-live 🎉: Request to have your integration listing published on Fullscript's in-app integrations page and arrange co-marketing efforts with the Fullscript team.