# MD for: https://www.mercadopago.com.mx/developers/en/docs/payouts/go-to-production.md \# Go to production Once the configuration and testing process is complete, your integration will be ready to go live. See below the necessary recommendations to make this change effectively and safely, ensuring that the integration is prepared to process real transactions. :::AccordionComponent{title="Security encryption" pill="1"} To ensure the security of your Payouts transactions, you must implement end-to-end encryption. This involves creating a public-private key mechanism, where a request is encrypted by means of a security key, and another key is used to validate it. Therefore, you must send your public key to Mercado Pago for transaction validation, and keep your private key securely stored to encrypt your requests. > WARNING > > Sending the security key is only necessary in production environments. Simply add the \`X-signature\` header with the encrypted request body as the value. For development or testing environments, it is not mandatory to send it. For more information, refer to our \[API Reference\](https://www.mercadopago.com.mx/developers/en/reference/online-payments/payouts/create-bank-transaction/post). To \*\*create public and private keys in Linux or MacOS\*\*, run the following command in your terminal: \`\`\`terminal openssl genpkey -algorithm ed25519 -out mpprivate.pem && openssl pkey -in mpprivate.pem -pubout -out mppublic.pem \`\`\` In response, two files will be generated, one with your public key, which you must send to Mercado Pago, and another with the private key, which must be securely stored in your system. To send your public key, you will need to connect with the Integrations team. Below, we provide the following example request, where the \`private.key\` file is read, the request is encrypted, and the signature is added to the header. * [go ](#editor%5F1) * [py ](#editor%5F2) go py ``` package main import ( "bytes" "crypto/ed25519" "crypto/x509" "encoding/base64" "encoding/pem" "fmt" "io/ioutil" "net/http" ) func main() { // Path to the file storing the private key privateKeyFile := "private.key" // Read the private key from the file privateKeyBytes, err := ioutil.ReadFile(privateKeyFile) if err != nil { fmt.Println("Error reading private key:", err) return } // Convert the private key bytes to a PrivateKey privateKey := ed25519.PrivateKey(privateKeyBytes) // Define your request body requestBody := []byte(`{"key": "value"}`) // Sign the request body with the private key signature := ed25519.Sign(privateKey, requestBody) // Encode the signature to base64 signatureBase64 := base64.StdEncoding.EncodeToString(signature) // Create a new HTTP request req, err := http.NewRequest("POST", "https://example.com/api/endpoint", bytes.NewBuffer(requestBody)) if err != nil { fmt.Println("Error creating request:", err) return } // Add the X-signature header with the base64 encoded signature req.Header.Set("X-signature", signatureBase64) // Send the request client := &http.Client{} resp, err := client.Do(req) if err != nil { fmt.Println("Error sending request:", err) return } defer resp.Body.Close() // Read the response body responseBody, err := ioutil.ReadAll(resp.Body) if err != nil { fmt.Println("Error reading response body:", err) return } // Print the response body fmt.Println("Response:", string(responseBody)) } ``` Copiar ``` from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import ed25519 import base64 import json def main(): # PEM formatted private key private_key_pem = b'''************************************************''' try: # Load the private key from PEM format private_key = serialization.load_pem_private_key( private_key_pem, password=None # No password protection in this example ) # Ensure we have an Ed25519 private key if not isinstance(private_key, ed25519.Ed25519PrivateKey): print("Error: The provided key is not a valid Ed25519 private key") return # Define request body as a Python dict request_data = b'''{REQUEST_BODY}''' # Use request_data directly as it's already in bytes request_body = request_data print("Request body that will be signed:") print(request_data.decode('utf-8')) # Print the request body print("\n---\n") # Sign the request body signature = private_key.sign(request_body) # Get the public key public_key = private_key.public_key() # Encode signature to base64 signature_base64 = base64.b64encode(signature).decode('utf-8') # Print results print(f"Generated signature: {signature_base64}") print(f"Signature size: {len(signature)} bytes") # Get key sizes private_bytes = private_key.private_bytes( encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption() ) public_bytes = public_key.public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw ) print(f"Private key size: {len(private_bytes)} bytes") print(f"Public key size: {len(public_bytes)} bytes") # Verify the signature try: public_key.verify(signature, request_body) print("✓ Signature verified successfully!") except Exception: print("✗ Signature verification failed!") except Exception as e: print(f"Error: {str(e)}") if __name__ == "__main__": main() ``` Copiar ::: :::AccordionComponent{title="Activate production credentials" pill="2"} After completing the necessary \[tests of your integration\](https://www.mercadopago.com.mx/developers/en/docs/payouts/integration-test), \*\*remember to replace the :toolTipComponent\[credentials\]{link="/developers/en/docs/payouts/resources/credentials" linkText="Credentials" content="Unique access keys that we use to identify an integration in your account, linked to your application. For more information, see the link below."} used during the development stage with the production credentials\*\* to start operating in the store's production environment and begin receiving real payments. To do this, you need to \*\*activate them\*\*. Follow the steps below to do it. 1\. Go to \[Your integrations\](https://www.mercadopago.com.mx/developers/panel/app) and select an application. 2\. In \*\*Integration data\*\*, go to the \*\*Credentials\*\* section, located on the right side of the screen, and click \*\*Production\*\*. Then, click \*\*Activate credentials\*\*. Alternatively, you can access them from the \*\*Production credentials\*\* section in the left side menu. 3\. In the \*\*Industry\*\* field, select the industry or business sector to which the business you are integrating belongs from the drop-down menu. 4\. In the \*\*Website (required)\*\* field, complete with the URL of your business website. 5\. Accept the \[Privacy Statement\](https://www.mercadopago\[FAKER\[URL\]\[DOMAIN\]/privacidad) and the \[Terms and Conditions\](https://www.mercadopago.com.mx/developers/en/docs/resources/legal/terms-and-conditions). Fill in the reCAPTCHA and click \*\*Activate production credentials\*\*. ::: :::AccordionComponent{title="Use production credentials" pill="3"} To go live, you must \*\*place the production credentials of your Mercado Pago application\*\* in your integration. To do this, go to \[Your integrations\](https://www.mercadopago.com.mx/developers/panel/app), go to the \*\*Credentials\*\* section, located on the right side of the screen, and click \*\*Production\*\*. Alternatively, you can also access them from \*\*Production > Production credentials\*\*. There you will find your productive \*\*Public Key\*\* and \*\*Access Token\*\*, which you should use instead of the test account credentials. !\[How to access credentials through Your Integrations\](https://www.mercadopago.com.mx/images/snippets/credentials/app-data-production-credentials-es-v1.png) For more information, refer to our \[Credentials\](https://www.mercadopago.com.mx/developers/en/docs/payouts/resources/credentials) documentation. :::