Manually test against production API in spikes to catch differences

This is part of the Semicolon&Sons Code Diary - consisting of lessons learned on the job. You're in the vendors category.

Last Updated: 2024-03-27

We wanted to use a Stripe offsite redirect flow in Project S but were not sure if it would work. I spiked something in the Stripe test environment and sure enough it worked so we figured we were good to go.

A month later, after we had submitted this software to the app store (but luckily, before release), I tested out the live stripe API, and lo and behold, the payment redirect page would not even load, due to it requiring us to host the page on a given host (and the generated HTML I was using not having a host to speak of). This behavior was different to the sandbox behavior, which did not have this requirement.

Thus I had to rewrite to host it on the backend server somewhere.

Lesson

Knowing that this feature was risky, I should have manually tested against the production API during my spike to be aware of these differences sooner.