Production Checklist

Complete guide for deploying TinyKit Pro to production. Use this checklist to ensure a smooth go-live.

Quick Reference

Deployment Stack:

• Frontend: Vercel
• Backend: Convex (production deployment)
• Payments: Stripe (live mode)
• Email: Resend

Related Guides:

• Deployment Guide - Detailed Vercel + Convex setup
• Stripe Setup - Complete Stripe configuration
• Email Setup - Resend configuration

Pre-Launch Checklist

1. Environment Configuration

For complete environment variable documentation, see Environment Variables Reference.

Frontend Environment (Vercel)

# Required
NEXT_PUBLIC_SITE_URL=https://yourdomain.com
SITE_DOMAIN=yourdomain.com
CONVEX_DEPLOYMENT=prod:your-project
NEXT_PUBLIC_CONVEX_URL=https://your-project.convex.cloud
NEXT_PUBLIC_CONVEX_SITE_URL=https://your-project.convex.site

# Optional (recommended for production)
NEXT_PUBLIC_POSTHOG_KEY=phc_your_production_key
NEXT_PUBLIC_LOG_LEVEL=WARN

• NEXT_PUBLIC_SITE_URL set to production domain
• SITE_DOMAIN matches your domain (without protocol)
• CONVEX_DEPLOYMENT points to production deployment
• NEXT_PUBLIC_CONVEX_URL and NEXT_PUBLIC_CONVEX_SITE_URL are production URLs

Backend Environment (Convex)

# Set production environment variables
npx convex env set SITE_URL https://yourdomain.com --prod
npx convex env set BETTER_AUTH_SECRET <new-production-secret> --prod
npx convex env set STRIPE_SECRET_KEY sk_live_... --prod
npx convex env set STRIPE_WEBHOOKS_SECRET whsec_live_... --prod
npx convex env set RESEND_API_KEY re_... --prod
npx convex env set CONVEX_ENV production --prod

• SITE_URL matches production domain
• BETTER_AUTH_SECRET is a new, unique secret (not reused from development)
• STRIPE_SECRET_KEY is the live key (starts with sk_live_)
• STRIPE_WEBHOOKS_SECRET is from the production webhook endpoint
• RESEND_API_KEY is configured
• CONVEX_ENV is set to production

2. Domain & DNS

• Primary domain configured in Vercel
• SSL certificate active (automatic with Vercel)
• DNS records propagated
• Custom domain redirects working (www → apex or vice versa)

3. OAuth Providers

Update callback URLs for production:

GitHub OAuth:

• Create new OAuth app for production (recommended) or update existing
• Homepage URL: https://yourdomain.com
• Callback URL: https://yourdomain.com/api/auth/callback/github
• Set GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET in Convex production env

Google OAuth:

• Add production domain to authorized origins
• Callback URL: https://yourdomain.com/api/auth/callback/google
• Set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET in Convex production env

Security Checklist

Authentication & Secrets

• Generate new BETTER_AUTH_SECRET for production (do not reuse dev secret)

  # Generate a secure secret
  openssl rand -base64 32

• Verify all secrets are stored only in environment variables (not in code)
• Confirm .env.local is in .gitignore

Access Control

• First production user account created and verified as admin
• Test admin-only routes require authentication
• Verify rate limiting is active on authentication endpoints
• Test that protected API routes reject unauthenticated requests

Data Protection

• Review database indexes for sensitive queries
• Verify no sensitive data in client-side logs (NEXT_PUBLIC_LOG_LEVEL=WARN)
• Confirm error messages don't expose internal details

Stripe Production Setup

1. Enable Live Mode

• Complete Stripe account verification (business details, bank account)
• Switch Stripe Dashboard to Live mode
• Copy live secret key (sk_live_...)

2. Create Production Webhook

1. Go to Stripe Dashboard > Developers > Webhooks
2. Click "Add endpoint"
3. Configure:
   • URL: https://your-project.convex.site/stripe-webhook
   • Events to send:

     customer.subscription.created
     customer.subscription.updated
     customer.subscription.deleted
     invoice.payment_succeeded
     invoice.payment_failed
     customer.created
     customer.updated
     checkout.session.completed

• Production webhook endpoint created
• Webhook signing secret saved to Convex (STRIPE_WEBHOOKS_SECRET)
• Endpoint shows "Active" status in Stripe Dashboard

3. Sync Products

• Products created in Stripe live mode
• Products synced via Admin Panel > Products > "Sync from Stripe"
• Verify all plans appear correctly with correct pricing

4. Customer Portal

• Customer Portal configured for live mode
• Business information added (name, email, phone)
• Terms of Service and Privacy Policy URLs added
• Cancellation policy configured

5. Tax Configuration (if applicable)

• Tax collection enabled in Stripe Tax settings
• Tax registrations configured for relevant jurisdictions

Email Configuration

Resend Setup

• Production API key created in Resend Dashboard
• Domain verified in Resend (DNS records added)
• From address configured (e.g., noreply@yourdomain.com)
• Reply-to address set to support email

Email Testing

• Test welcome email sends on new user signup
• Test password reset email
• Test subscription confirmation email
• Verify emails render correctly (check spam folder)

Database & Convex

Production Deployment

# Deploy to production
npx convex deploy --prod

• Production deployment active
• Database schema deployed
• All functions deployed successfully

Data Initialization

• Site settings configured (Admin > Site Settings)
• Default products/prices synced from Stripe
• Admin user created and verified

Post-Launch Verification

Critical Path Testing

Run through each flow on the production site:

Authentication:

• Sign up with email/password
• Sign in with email/password
• Password reset flow
• OAuth sign in (GitHub, Google)
• Sign out

Subscription:

• View pricing page
• Complete checkout for a plan
• Verify subscription shows in user dashboard
• Access Stripe Customer Portal ("Manage Billing")
• Test plan upgrade/downgrade

Organization (if enabled):

• Create new organization
• Invite team member
• Accept invitation
• Organization subscription checkout

Webhook Verification

# Check webhook delivery in Stripe Dashboard
# Developers > Webhooks > [your endpoint] > Recent deliveries

• Webhook events showing as delivered
• No failed webhook attempts
• Subscription status updating in database after checkout

Monitoring Setup

• Convex Dashboard accessible for production deployment
• Stripe Dashboard monitoring configured
• Error alerting configured (Stripe + Convex)
• Analytics tracking working (PostHog if configured)

Launch Day Commands

# Deploy latest changes to production
npx convex deploy --prod

# Check production logs
npx convex logs --prod --tail

# Verify environment
npx convex env list --prod

# Check deployment status
npx convex status --prod

Rollback Plan

If issues arise after launch:

1. Convex Rollback: Redeploy previous version from Convex Dashboard
2. Vercel Rollback: Use Vercel Dashboard to redeploy previous deployment
3. Stripe: Disable webhook endpoint temporarily if webhook issues

Post-Launch Maintenance

Regular Tasks

• Monitor Convex logs for errors: npx convex logs --prod --tail
• Review Stripe webhook delivery status weekly
• Check email delivery rates in Resend Dashboard
• Review user feedback and error reports

Security Updates

• Rotate BETTER_AUTH_SECRET quarterly (or after any suspected breach)
• Update OAuth app secrets if compromised
• Review and update dependencies regularly

Quick Troubleshooting

Webhooks not being received:

1. Verify webhook URL matches Convex site URL exactly
2. Check webhook endpoint is enabled in Stripe
3. Verify STRIPE_WEBHOOKS_SECRET matches the endpoint's signing secret

OAuth login failing:

1. Verify callback URLs match production domain exactly
2. Check OAuth app is not in development/sandbox mode
3. Verify client ID and secret are for production app

Emails not sending:

1. Check RESEND_API_KEY is set in Convex production env
2. Verify domain is verified in Resend
3. Check Resend Dashboard for delivery failures

Subscription status not updating:

1. Check Convex logs for webhook processing errors
2. Verify Stripe webhook events are being sent
3. Confirm webhook signature verification is passing

← Back to Guides | Deployment Guide →