Overview

This comprehensive checklist ensures your WhatsApp Team Inbox is production-ready, secure, and optimized for your team. Follow each section carefully before going live.
Don’t skip steps! Each item in this checklist is critical for a successful production deployment.

Pre-Launch Checklist

1

Infrastructure Verification

  • Server meets minimum requirements (2 vCPU, 4GB RAM)
  • Node.js 18+ installed
  • PostgreSQL 14+ running and accessible
  • Redis installed (optional but recommended)
  • HTTPS certificate configured and valid
  • Domain DNS properly configured
  • Firewall rules allow necessary ports (80, 443)
  • Database created and migrations run
  • Database user with appropriate permissions
  • Connection pooling enabled
  • Automated backups configured
  • Database performance tuning complete
  • Indexes created on critical tables
  • Test restore from backup successful
  • Business verified with Meta
  • Phone number registered and approved
  • Production access granted (not sandbox)
  • Webhook verified and receiving messages
  • Message templates approved
  • Business profile complete
  • Payment method added to Meta Business Account
  • Test messages sent and received successfully
2

Application Configuration

All required environment variables set:
# Application
NODE_ENV=production
PORT=3000
APP_URL=https://yourdomain.com
SESSION_SECRET=<generate-strong-random-string>

# Database
DATABASE_URL=postgresql://...
DATABASE_POOL_MAX=20

# WhatsApp
WHATSAPP_ACCESS_TOKEN=<your-permanent-token>
WHATSAPP_PHONE_NUMBER_ID=<your-number-id>
WHATSAPP_BUSINESS_ACCOUNT_ID=<your-account-id>
WHATSAPP_WEBHOOK_VERIFY_TOKEN=<your-verify-token>

# Email (if using)
EMAIL_PROVIDER=sendgrid
SENDGRID_API_KEY=<your-api-key>
EMAIL_FROM=noreply@yourdomain.com

# Redis (recommended)
REDIS_URL=redis://localhost:6379

# Security
CORS_ORIGIN=https://yourdomain.com
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100
  • All secrets use strong, randomly generated values
  • No hardcoded credentials in code
  • Environment file not committed to git
  • Secrets stored securely (e.g., AWS Secrets Manager)
  • HTTPS enforced (redirect HTTP to HTTPS)
  • Security headers configured (CSP, HSTS, etc.)
  • Rate limiting enabled
  • CORS properly configured
  • Authentication tokens secured
  • SQL injection prevention verified
  • XSS protection enabled
  • CSRF protection implemented
  • File upload validation enabled
  • Secrets rotation policy defined
  • Error tracking configured (Sentry, Rollbar, etc.)
  • Application logging enabled
  • Log aggregation setup (CloudWatch, Datadog, etc.)
  • Performance monitoring active (New Relic, Datadog, etc.)
  • Uptime monitoring configured (UptimeRobot, Pingdom, etc.)
  • Alert notifications setup (email, Slack, PagerDuty)
  • Database query logging enabled for slow queries
  • Webhook delivery monitoring active
3

Testing & Validation

  • Send and receive WhatsApp messages
  • Message delivery confirmed
  • Read receipts working
  • Media messages (images, videos, documents) work
  • Conversation assignment functions correctly
  • Team member notifications received
  • Email notifications delivered (if enabled)
  • Search functionality works
  • Contact management functions
  • User authentication and authorization work
  • Load testing completed (simulate expected traffic)
  • Database performance under load acceptable
  • API response times within acceptable range (<500ms)
  • Webhook processing time acceptable (<2s)
  • No memory leaks detected
  • Connection pooling working correctly
  • Cache hit rates acceptable (if using caching)
  • Penetration testing completed (or security audit)
  • SSL/TLS configuration tested (SSL Labs)
  • Authentication bypass attempts fail
  • SQL injection attempts blocked
  • XSS attempts sanitized
  • CSRF protection verified
  • Rate limiting tested and working
  • File upload vulnerabilities checked
4

Team Preparation

  • Admin accounts created
  • Team member accounts created
  • Roles and permissions assigned correctly
  • Email addresses verified
  • Profile pictures uploaded
  • Notification preferences configured
  • Test login for all team members successful
  • Team members trained on basic features
  • Documentation shared with team
  • Conversation handling procedures defined
  • Assignment rules communicated
  • Response time expectations set
  • Escalation procedures documented
  • FAQ/knowledge base created
  • Conversation assignment rules configured
  • Auto-assignment settings defined
  • Business hours configured
  • Away messages prepared
  • Canned responses created
  • Tags and labels defined
  • SLA targets set
5

Launch Preparation

  • Database backup completed
  • Backup restoration tested
  • Automated backup schedule configured
  • Backup retention policy set
  • Off-site backup storage configured
  • Backup monitoring and alerts enabled
  • Rollback procedure documented
  • Previous version kept available
  • Database migration rollback tested
  • Rollback timeline defined
  • Team aware of rollback process
  • Customer announcement prepared
  • Internal team notification ready
  • Support contact information published
  • Status page configured (optional)
  • Social media updates scheduled (if applicable)

Deployment Steps

1

Final Code Deployment

# Pull latest code
git pull origin main

# Install dependencies
npm ci --production

# Build application
npm run build

# Run database migrations
npx prisma migrate deploy

# Run health check
npm run health-check
2

Start Application

# Using PM2 (recommended)
pm2 start ecosystem.config.js --env production
pm2 save
pm2 startup

# Or using systemd
sudo systemctl start team-inbox
sudo systemctl enable team-inbox

# Or using Docker
docker-compose up -d --build
3

Verify Deployment

  • Health Checks
  • Test Messages
  • Monitor Logs
# Application health
curl https://yourdomain.com/api/health

# Database connectivity
curl https://yourdomain.com/api/health/db

# WhatsApp webhook
curl https://yourdomain.com/api/health/whatsapp

# All checks should return 200 OK
4

Enable Monitoring

# Start monitoring services

# Application monitoring
# Configure based on your chosen service (Datadog, New Relic, etc.)

# Uptime monitoring
# Configure in UptimeRobot, Pingdom, etc.

# Error tracking
# Verify Sentry (or alternative) is receiving events

# Log aggregation
# Ensure logs flowing to centralized system
5

Gradual Rollout (Recommended)

  • Option 1: Feature Flag
  • Option 2: Traffic Split
  • Option 3: Internal First
// Enable for specific users first
const BETA_USERS = ['user1@example.com', 'user2@example.com'];

if (process.env.BETA_MODE === 'true') {
  // Only allow beta users
  if (!BETA_USERS.includes(user.email)) {
    return res.status(403).json({ error: 'Beta access only' });
  }
}

Post-Launch Monitoring

First Hour

  • Monitor error rates
  • Check response times
  • Verify message delivery
  • Watch server resources

First Day

  • Review all error logs
  • Check performance metrics
  • Gather team feedback
  • Monitor conversation volume

First Week

  • Analyze usage patterns
  • Identify bottlenecks
  • Review customer feedback
  • Optimize based on data

First Month

  • Evaluate against SLAs
  • Plan feature improvements
  • Review cost vs. budget
  • Conduct retrospective

Performance Benchmarks

Your production system should meet these benchmarks:
MetricTargetWarningCritical
API Response Time<200ms>500ms>1000ms
Webhook Processing<2s>5s>10s
Message Delivery<3s>10s>30s
Database Query Time<100ms>500ms>1000ms
CPU Usage<50%>70%>90%
Memory Usage<60%>80%>95%
Error Rate<0.1%>1%>5%
Uptime>99.9%<99%<95%

Troubleshooting Common Launch Issues

Quick Checks:
  1. Verify webhook URL is accessible via HTTPS
  2. Check webhook verification token matches
  3. Review WhatsApp webhook logs in Meta dashboard
  4. Verify phone number ID is correct
  5. Check application logs for webhook errors
Debug:
# Test webhook endpoint
curl -X POST https://yourdomain.com/api/webhooks/whatsapp \
  -H "Content-Type: application/json" \
  -d '{"entry": [{"changes": [{"value": {"messages": []}}]}]}'

# Should return 200 OK
Common Causes:
  • Database queries not optimized
  • Missing database indexes
  • Connection pool exhausted
  • Memory leak
  • Network latency
Solutions:
-- Find slow queries
SELECT query, mean_exec_time, calls
FROM pg_stat_statements
ORDER BY mean_exec_time DESC
LIMIT 10;

-- Add missing indexes
-- Check query execution plans
EXPLAIN ANALYZE SELECT ...;
Solutions:
  1. Increase connection pool size
  2. Enable connection pooling (PgBouncer)
  3. Fix connection leaks in code
  4. Scale database instance
# Check active connections
SELECT count(*) FROM pg_stat_activity;

# Increase pool size in .env
DATABASE_POOL_MAX=50
Investigate:
# Monitor Node.js memory
node --inspect app.js

# Or use PM2
pm2 monit

# Look for memory leaks
# Take heap snapshots at intervals
Common Causes:
  • Not closing database connections
  • Event listeners not removed
  • Large objects in memory
  • Cache growing unbounded
Solutions:
  1. Implement proper cleanup
  2. Set cache size limits
  3. Use streaming for large data
  4. Restart periodically (cron job)
Check Certificate:
# Test SSL configuration
openssl s_client -connect yourdomain.com:443

# Check certificate expiry
echo | openssl s_client -connect yourdomain.com:443 2>/dev/null | openssl x509 -noout -dates

# SSL Labs test
# Visit: https://www.ssllabs.com/ssltest/
Renew Certificate (Let’s Encrypt):
sudo certbot renew
sudo systemctl reload nginx

Rollback Procedure

If critical issues occur, follow this rollback process:
1

Assess Situation

  • Identify the critical issue
  • Determine impact and affected users
  • Decide if rollback is necessary
  • Notify team of rollback decision
2

Initiate Rollback

# Stop current application
pm2 stop team-inbox

# Restore previous version
git checkout <previous-stable-tag>

# Restore dependencies
npm ci

# Rollback database if needed
npx prisma migrate resolve --rolled-back <migration-name>

# Restart with previous version
pm2 start team-inbox
3

Verify Rollback

  • Test critical functionality
  • Verify messages being received
  • Check error rates
  • Confirm system stability
4

Post-Rollback

  • Notify customers (if customer-facing impact)
  • Document issues encountered
  • Plan fixes for identified issues
  • Schedule new deployment with fixes

Cost Monitoring

Track costs from day one to avoid surprises:

WhatsApp Costs

Monitor conversation volumes in Meta Business Suite

Infrastructure

Track server, database, and email costs

Email Sending

Monitor email volume in SendGrid/AWS SES

Third-party Services

Track costs for monitoring, logging, etc.
Set up billing alerts: 
# AWS CloudWatch billing alarm example
aws cloudwatch put-metric-alarm \
  --alarm-name team-inbox-billing \
  --alarm-description "Alert when costs exceed $100" \
  --metric-name EstimatedCharges \
  --namespace AWS/Billing \
  --statistic Maximum \
  --period 21600 \
  --evaluation-periods 1 \
  --threshold 100 \
  --comparison-operator GreaterThanThreshold

Optimization Tips

  • Run VACUUM ANALYZE weekly
  • Monitor and add indexes as needed
  • Archive old conversations (>6 months)
  • Use read replicas for reporting
  • Enable query caching
  • Enable Redis caching for frequently accessed data
  • Implement lazy loading for large lists
  • Optimize database queries (use SELECT specific columns)
  • Batch webhook processing
  • Use CDN for static assets
  • Respond to WhatsApp messages within 24 hours (free window)
  • Use read replicas instead of scaling primary DB
  • Implement message batching for emails
  • Right-size server resources
  • Use spot instances where applicable

Success Metrics

Track these KPIs to measure launch success:
MetricDefinitionTarget
UptimeSystem availability>99.9%
Response TimeAverage first response time<5 minutes
Message Delivery% messages delivered within 3s>99%
Error Rate% of requests resulting in errors<0.1%
Team Adoption% team actively using system>90%
Customer SatisfactionCSAT score>4.5/5

Next Steps After Launch

1

Week 1: Monitor and Stabilize

  • Address any critical issues immediately
  • Optimize based on real usage patterns
  • Gather team feedback
  • Document any workarounds
2

Week 2-4: Optimize

  • Analyze performance data
  • Implement quick wins
  • Train team on advanced features
  • Refine assignment rules
3

Month 2+: Enhance

  • Gather feature requests
  • Plan roadmap
  • Implement integrations
  • Scale infrastructure if needed

Support Resources

FAQ

Common questions and answers

Common Issues

Troubleshooting guide for known issues

Monitoring Guide

Set up comprehensive monitoring

Contact Support

Get help from our team
Congratulations! If you’ve completed this checklist, your WhatsApp Team Inbox is ready for production. Monitor closely in the first few days and don’t hesitate to reach out for support.