Before going live with Web3Auth Core Kit SDKs, please make sure you have completed the following steps:
1. Create a Web3Auth Production Client ID
Make sure your client id for Web3Auth is on one of the following networks:
- Web3Auth Network hosted in the East Asian Region, use this if you are targeting users in Asia
- Limit: 3.5 New wallets/ per second
- Interoperability with Torus Wallet works only on this network.
- Cyan Mainnet [most preferred]
- Web3Auth Network hosted in the US, use this if you are targeting users in the US
- Limit: 80 New wallets/ per second
- Aqua Mainnet
- Web3Auth Network hosted in India, use this if you are targeting users in the Indian region
- Limit: 8 New wallets/ per second
You need to create a testnet client id for the same name before creating a production client id. This is to ensure that the your testing and production environments are separate and the wallets generated for the end users remain safe.
All networks produce different wallets/ accounts for users, it is not possible to switch networks once you have created a client id.
2. Create a Web3Auth Production Verifier
It is mandatory to create a verifier, while using Web3Auth Core Kit. Make sure the network of the verifier is the same as the network of the client id.
All new verifiers produce different wallets/ accounts for users, it is not possible to rename a verifier once you have created it. The person who has created the verifier can only edit it afterwards. This is a limitation even when you have a team setup. This is because a verifier is a smart contract and the address editing it cannot be changed. The only way to change this is to create a new verifier.
3. Update your Web3Auth SDKs to the latest version
We are constantly updating our SDKs to make sure they are secure and performant. Make sure you are using the latest version of the SDKs. Please do not actively use the pre release versions, rather wait for the latest stable release.
4. Use a production RPC Endpoint for your respective blockchains
For testing purposes, our examples and SDKs use public RPC endpoints. Make sure you are using a production RPC endpoint (by providers like Infura, Quicknode, Alchemy etc.) for your production environment before going live. This can be done by updating the provider URL in SDKs added for blockchain calls.
5. Audit the UX for your Web3Auth Login flow
One of the major features of Web3Auth Core Kit is that you have full control of the UX end to end. Web3Auth itself is totally invisible. However, this can come up with risks of losing wallets if the flow is not audited properly. Make sure you have audited the UX for your login flow before going live. Test every possible user interaction with your app and the login flow and Web3Auth calls.
If you're using Manual Metadata Sync, make sure your data is properly being synced when the user setups up new shares and makes any changes in their existing shares.
6. Check your interoperability flow
If you've added Web3Auth PNP plugins into your Core Kit Flow for interoperability, make sure you have tested the flow before going live.
7. Check in multiple browsers and devices
The Web3Auth SDKs are built to work in all major browsers and devices. Make sure you have tested your login flow in all major browsers and devices. If you're facing any issues with any particular browser or device, please make sure they're compatible with the Web3Auth SDKs.
8. Upgrade your Web3Auth Plan
Finally, make sure you're on the correct Web3Auth Plan according to the features you're looking to use in the production environment. Additionally make sure to add a credit card in the Web3Auth Dashboard so that your services are not stopped once the MAW cap has reached.
While using Core Kit, we recommend you to either on the Scale or Enterprise Plan of Web3Auth so that we can help you audit and optimize your login flow for max performance and avoid the loss of any wallets.