> ## Documentation Index
> Fetch the complete documentation index at: https://sippet.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Production readiness

> Best practices for launching and operating Sippet integrations.

## Environments

Use separate API keys and SIP credentials per environment:

* Development
* Staging
* Production

Do not reuse production credentials in non-production apps.

## Authentication strategy

For public integrations:

* Use secret key calls from your backend for API access.
* Mint short-lived realtime `session_token` values for browser sockets.

Do not use publishable keys or dashboard session cookies as public auth mechanisms.

## Realtime reliability

* Reconnect sockets on disconnects.
* Rejoin `events` channel after reconnect.
* Re-mint ephemeral `session_token` values before expiry.
* Keep an initial call snapshot and merge realtime deltas.
* Keep periodic refresh paths for resiliency.

## Telephony safety controls

* End calls explicitly with `endCall`.
* SIP access revocation happens automatically when agents leave or calls end.
* Log all call-control failures and show operator-visible errors.

## Monitoring

Track these metrics:

* Outbound call start success rate.
* Time to answer.
* Call completion/error rate.
* Realtime socket disconnect/reconnect rate.
* Realtime session token mint failures.
* SIP credential issuance and revocation failures.

## Troubleshooting

<AccordionGroup>
  <Accordion title="Realtime events are missing">
    Verify your backend mints `POST /api/realtime/session` successfully and the browser connects with `socketOptions.params.session_token` before joining `events`.
  </Accordion>

  <Accordion title="Realtime session endpoint returns auth errors">
    Confirm the request includes `x-api-key` with a secret key. Publishable keys cannot mint realtime session tokens.
  </Accordion>

  <Accordion title="RPC calls return auth errors">
    Confirm RPC calls run from your backend with the secret key and that browser clients do not call privileged endpoints directly.
  </Accordion>

  <Accordion title="Call controls fail intermittently">
    Add retries for transient network errors and keep call-end operations idempotent on the client side.
  </Accordion>
</AccordionGroup>

## Related pages

* Quickstart: `/quickstart`
* Getting started (classic): `/guides/getting-started-classic`
* Realtime session tokens: `/guides/realtime-session-tokens`
* RPC action reference: `/sdk-js/rpc-actions`