Skip to main content

Production rollout

Going live is a coordinated handoff. There are partner-side steps you own, CoinTracker-side levers you don't, and a ramp window where both sides watch their dashboards.

Before the launch window

Partner-side

Send CoinTracker your production parent origins (every domain where the iframe will load in prod). CoinTracker registers them server-side. No wildcards.
Swap to production credentials in your environment config — Auth0 client ID, JWT signing key, webhook signing secret. Production tokens must be signed against the prod key, not staging.
Point your webhook receiver at production CoinTracker. Confirm DNS, TLS, and reachability from the CoinTracker prod environment if possible.
Confirm options.mode: 'production' is set in your prod build. Easy to leave on 'alpha' accidentally and ship a broken integration.
Verify the SDK version matches the version CoinTracker confirmed (the one with your partner enum value). Older versions may not recognize your slug.
Set up monitoring on your webhook receiver for webhook latency (p50, p95, p99), 5xx rate, signature-verification failure rate, and idempotency-skip rate.
Run a final end-to-end test against staging the day before launch. Walk a real user through onboarding, confirm webhook delivery, confirm cost-basis appears in your partner UI.

CoinTracker-side (what they handle, not you)

These happen on CoinTracker's side. You don't act on them, but knowing they exist explains why you can't just flip your traffic to 100% the moment you deploy:

  • CoinTracker registers your production parent origins in the iframe's allowlist (server-side deploy).
  • CoinTracker controls a launch gate that determines what percentage of traffic actually receives the new partner integration. Initial setting is typically low (e.g. 5%) and ramps from there.
  • CoinTracker's on-call and embedded team will be watching the launch window with you.

During the launch window

Coordinate the deploy with CoinTracker. The typical sequence:

  1. CoinTracker flips the launch gate to a small percentage (e.g. 5%). Until this happens, your traffic-flip below has no effect — eligible users are still routed to the old (or no) experience.
  2. You flip your traffic on — point your partner-side feature flag, route users to the tax-center page, or however you gate this on your side.
  3. Watch dashboards on both sides for ~15–30 minutes:
    • Your webhook latency and 5xx rate.
    • Your signature-verification failure rate.
    • CoinTracker's iframe error rate, auth failure rate, and tax-flow completion rate.
  4. Ramp up if metrics are clean. The gate moves in steps you agree on with CoinTracker — common pattern is 5% → 25% → 50% → 100% with at least an hour at each step.

What to watch on your side

The signals that matter most in the first hour:

MetricHealthyInvestigate
Webhook p95 latency< 1s> 5s — your receiver may be saturated
Webhook 5xx rate< 0.1%> 1% — something in your receiver path is failing
Signature-verification failure rate0%Any sustained failures — likely a secret mismatch
Idempotency-skip rateA few %High — CoinTracker is retrying you a lot; check 5xx
Partner-side imports per webhookMatches expected user volumeLower than expected — deliveries failing somewhere upstream

When to alert CoinTracker

Page or message the CoinTracker embedded team during the launch window if:

  • Your webhook 5xx rate spikes above 1% for more than a few minutes.
  • Signature verification fails on every delivery (likely a secret/env mismatch).
  • The iframe fails to load for users in production (CORS or origin allowlist issue).
  • Any TaxKitError other than MissingConnections appears at notable volume.

CoinTracker can roll back the launch gate to 0% from their side, giving you breathing room to fix without forcing you to deploy a partner-side hotfix.

After the launch window

Keep monitoring for the first week — odd edge cases (long transaction histories causing webhook pagination, specific exchange OAuth failures) usually surface within the first few days.
Tune your retry / alerting thresholds based on observed baselines.
Hand off operational ownership to your support team if your launch team isn't the long-term owner.
Schedule a post-launch review with CoinTracker within ~2 weeks to cover anything surprising in metrics.

Rollback

If something goes wrong and you need to back out:

  • Fast partner-side rollback: flip your feature flag off. Users stop seeing the kit.
  • Fast CoinTracker-side rollback: CoinTracker lowers the launch gate to 0%. The kit can still be reached but no users are routed to your integration.

Both are reversible — a botched launch isn't a one-way door. The credentials and config stay valid; you can re-launch after fixing the issue.