> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Go-live checklist
> This guide provides a checklist of recommended steps to take before enforcing decisions on your production traffic.
## Overview
There are three main steps:
1. Document your use case and implementation plan
2. Ensure you've completed important integration steps
3. Run in production in observation mode
You don't need to do these in this exact order, but we recommend that you complete these three steps before enforcing decisions on your production traffic.
This checklist is also available as a fillable spreadsheet. To request a copy, email [support@stytch.com](mailto:support@stytch.com) or contact your account team.
***
## Document your use case and implementation plan
You'll want to define the problem, plan key decisions about your integration, and define outcomes. Documenting these will help you understand business goals and related design decisions, enabling you to revise them over time if needed.
### Define the problem
* What is the fraud or abuse problem we are trying to solve?
* How does the attacker benefit?
### Key integration decisions
* Are you using Protected Auth or the Device Fingerprinting API standalone?
* If using Protected Auth:
* How will you [handle challenges](/fraud-risk/device-fingerprinting/verdict/challenge#challenge-verdicts-in-protected-auth)?
* If using the API:
* What actions will you fingerprint?
* What are the high-level [decisioning](/fraud-risk/device-fingerprinting/decisioning/overview) and [enforcement](/fraud-risk/device-fingerprinting/enforcement/overview) processes?
* Will you [set rules](/fraud-risk/device-fingerprinting/decisioning/set-rules) or [override verdict reasons](/fraud-risk/device-fingerprinting/decisioning/override-verdict-reasons) to customize your decisioning?
### Outcomes
* What are key metrics and indicators of success?
* How will you handle users who report issues
* How will you ensure a user-reported issue is not a social engineering attack?
***
## Ensure you've completed important integration steps
You'll want to complete the following steps before running in production:
1. Set up [custom domains](/fraud-risk/development/custom-domains) to reduce ad-blocker interference.
2. If using the API:
1. Consider adding [external metadata](/fraud-risk/device-fingerprinting/external-metadata) for additional context.
2. [Test your integration](/fraud-risk/development/overview), including properly handling non-200 responses.
3. If you're using Protected Auth, these are automatically handled for you.
3. Review [privacy & compliance](/fraud-risk/device-fingerprinting/privacy-and-compliance) considerations.
***
## Run Observation mode in production
When you're ready, you can collect fingerprints and verdicts in production without taking action. This is valuable because you can observe traffic and predicted actions to ensure they look correct, without disrupting your live users. You can view Fingerprint Lookup results from the last 30 days in the [Dashboard](https://stytch.com/dashboard/activity?tab=dfp-logs).
**For Protected Auth:**
* Set your *Connection type* to **Observation mode** to collect data without blocking any requests.
**For the API:**
* Call the Lookup API without taking any enforcement action on the result.
* You can also log results to your preferred observability or analytics platform.
***
## Next steps
Once you've completed the three steps above and confirmed the observation results look reasonable, you can start enforcing your decisions.
**For Protected Auth:**
* Switch to **Enforcement mode**.
**For the API:**
* Change your code (or feature flag, etc.) to enforce decisions based on your plan.
Now, you're protecting your application and users with Device Fingerprinting!
***
{!user?.featureFlags?.includes("device-fingerprinting-enabled") && (
Find out why Stytch's device intelligence is trusted by Calendly, Replit, and many more.
)}