Skip to main content

Environments

Treat UAT and production as separate systems. Do not assume that credentials, configuration, workflows, or operational behavior carry over automatically.

What is isolated between environments

Each environment has its own:

  • API credentials
  • contracts and repository records
  • webhook registrations
  • workflow and template configuration
  • operational history and logs

This is intentional. Promotion should move configuration and validation, not state.

Common mistakes

The same environment mistakes appear repeatedly in integrations:

  • generating credentials in UAT and using them against production
  • registering a single webhook URL and reusing it for every environment
  • assuming a contract type or workflow configured in UAT exists in production
  • testing production traffic with UAT data assumptions

For API and webhook integrations, the recommended approach is to request a UAT workspace from your SpotDraft CSM before production work begins.

Use that UAT workspace to:

  • generate UAT-only API credentials
  • configure test templates, contract types, counterparties, and workflow settings
  • register test webhook endpoints
  • build and validate the full API and webhook integration against realistic data

After the integration is validated in UAT, recreate the required configuration intentionally in production and switch to production credentials, production base URLs, and production webhook endpoints.

This protects existing production templates, contracts, counterparties, metadata, and workflow settings while the integration is still changing.

Minimum go-live checklist

Before sending real traffic to production, confirm all of the following:

  1. production credentials were generated in the production workspace
  2. the production host and versioned public path are correct
  3. required workflows, templates, and metadata fields exist in production
  4. production webhook URLs are registered separately from test endpoints
  5. external metadata conventions match what your source systems expect
  6. request ids, event ids, and retry information are logged from day one

Promotion guidance

Promote configuration with intent. Validate these explicitly in each environment:

  • contract types and templates
  • signatory and questionnaire setup
  • webhook endpoint registration
  • downstream secret configuration
  • any assumptions around business-user routing or impersonation

When to use separate receivers

Use separate webhook endpoints for UAT and production unless you have a deliberate, tested isolation model in one receiver. Separate endpoints make debugging and incident response much simpler.