Integration checklist

Required

Before deploying Rafiki to a production environment and joining the Interledger network, ensure you:

✅	Are a licensed financial account servicing entity (ASE) in the jurisdictions you operate in
✅	Generate a UUID v4 for your operator tenant ID and a strong, random admin API secret
✅	You are HMAC-signing Backend Admin API requests (HMAC SHA-256) and include tenant ID and signature headers
✅	Establish a secure, out-of-band process to deliver tenant IDs and API secrets to each tenant after creation
✅	Add at least one asset, either through the Backend Admin API or the Rafiki Admin app
✅	Implement a strategy for creating wallet addresses for your account holders
✅	Set up your webhook endpoint and understand how to handle each webhook event
✅	Secure your admin services from external access

✅	Integrate with an identity provider (IdP) If you plan to use the authorization server provided through Rafiki’s Auth service, and/or support Open Payments outgoing payments, you must integrate with an IdP. An IdP is a system or service that stores and manages user identity information, authentication, and consent. Examples of IdPs include OpenID Connect and Okta.
✅	Add a peer A peer is another ASE that you connect with via Interledger who is likely running their own Rafiki instance. If you are using Rafiki solely for transfers between accounts on your own ledger, peers aren’t required. Otherwise, you must add at least one peer to enable Interledger payments on your accounts.
✅	Set up your exchange rates endpoint If you plan to support cross-currency transactions, you must specify the endpoint from where your Rafiki instance will fetch current exchange rates. Exchange rates are calculated as part of a payment’s quote, which estimates the full cost of transferring value over the network.
✅	Define your sending fee You can charge a sending fee, on top of any estimated network fees, for facilitating transfers. Each asset you support can have a different fee structure.