> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Go Live Checklist

<AccordionGroup>
  <Accordion title="Review Settings" icon="gears">
    * Review the [general settings](/overview/developer-dashboard/general) and apply the correct ones for your project.

    * If using a web SDK (React, JavaScript), review the [security settings](/overview/developer-dashboard/security) and make sure your CORS is set up correctly for your live deployment. Native SDKs (React Native, Flutter, Swift, Kotlin) do not require CORS configuration.
  </Accordion>

  <Accordion title="Use cookie-based auth" icon="shield">
    <Tip>
      This is our top recommendation before going live. Cookie-based auth is the most secure foundation for your integration.
    </Tip>

    Where supported (web and React Native), we recommend [cookie-based authentication](/overview/authentication/dynamic-auth/auth-methods#cookie-based-authentication). It avoids many security issues: the JWT is stored in an HttpOnly cookie, so it is not accessible to client scripts—reducing the risk of XSS stealing the token—and it provides a better foundation for device registration and session management. The overview links to SDK-specific setup guides.
  </Accordion>

  <Accordion title="Implement step-up authentication & device registration" icon="lock-keyhole">
    <Warning>
      Both of these are required before going live. Without them, users will be blocked during login or sensitive actions.
    </Warning>

    **Step-up authentication** requires users to re-verify their identity before performing sensitive actions like wallet export, wallet sign, and credential linking. See the [step-up authentication overview](/overview/authentication/step-up-auth) for implementation guides per SDK.

    **Device registration** protects accounts from takeover by verifying users when they sign in from an unrecognized device. See the [device registration overview](/overview/security/device-registration) for implementation guides per SDK.

    If you have a headless integration, see your SDK's [Authentication screens](/overview/migrations/api/2026_04_01#implementation-guides) page for implementation details.
  </Accordion>

  <Accordion title="Consider Multi-wallet" icon="wallet">
    Multi Wallet allows users to connect and handle multiple wallets at once, and
    is a great UX boost for end users. Consider turning it on after reviewing the
    [multi-wallet support section](/react/wallets/external-wallets/multi-wallet).
  </Accordion>

  <Accordion title="Enable Information Capture" icon="info">
    Make sure you're capturing all the user information you need via [Information
    capture](/react/users/information-capture).
  </Accordion>

  <Accordion title="Choose your plan" icon="tags">
    Make sure to choose the right Dynamic
    [plan](https://app.dynamic.xyz/dashboard/admin#subscription) for your needs. -
    All features are free on sandbox, but if you're using [any advanced
    features](https://www.dynamic.xyz/pricing) you'll need to upgrade to a paid
    plan.
  </Accordion>

  <Accordion title="Switch to live mode" icon="toggle-on">
    There are two different modes to operate Dynamic in: Sandbox and Live. You can
    learn more about them [here](/overview/developer-dashboard/sandbox-vs-live). To switch
    to live mode, you'll need to do so in the Dynamic dashboard. Remember that the
    environment ID differs between sandbox and live, so make sure to also update
    that in your own code.
  </Accordion>

  <Accordion title="Turn on MFA" icon="lock">
    If you haven't done so already, before going to production we highly recommend turning on MFA for your account. You can do this in the [security settings](https://app.dynamic.xyz/dashboard/security).
  </Accordion>

  <Accordion title="Test all the things" icon="check-double">
    We test all the time, but it's also worth you running through your implementation from a few different angles, here are some common testing cases that might be useful to double check:

    * Cross device

    * Embedded wallets (if you are using)

    * Transactions

    * New vs existing user flow

    * Step-up authentication

    * Device registration
  </Accordion>

  <Accordion title="Drop us a line!" icon="hand-wave">
    Let us know how it's going! Drop a line to [hello@dynamic.xyz](mailto:hello@dynamic.xyz) or join
    [Slack](https://dynamiccustomers.slack.com/) - if you like, we can give your
    implementation a test and offer advice. We'll also check that your
    implementation is ready for launch.
  </Accordion>
</AccordionGroup>
