OA
OneAI API
Docs
SecurityCost controlUsageLaunch readiness生产检查

Production Checklist

A practical launch checklist for teams using OneAI in a real SaaS or commercial API product.

Before sending customer traffic

Use this checklist to make sure OneAI is configured as production infrastructure, not a local experiment.

1
Keep OneAI API keys server-side

Call OneAI from your backend. Do not expose customer API keys or upstream provider keys in browser code, mobile apps, or public repos.

2
Use Idempotency-Key for retries

For operations that may be retried, send a stable Idempotency-Key so the same customer action does not create duplicated work.

3
Set maxCostUsd

Attach maxCostUsd to production requests to prevent accidental expensive model usage.

4
Start with cheap or balanced mode

Use cheap for high-volume simple tasks and balanced for business workflows. Reserve premium and explicit model selection for paid plans.

5
Track requestId

Store requestId with your customer event so support teams can trace provider, model, usage, latency, and error state.

6
Monitor usage daily

Review request count, token usage, estimated cost, errors, and expensive model usage before raising limits.

7
Separate environments

Use different API keys for development, staging, and production. Revoke leaked or unused keys quickly.

8
Confirm execution boundary

OneAI should produce intelligence and plans. Execution should remain with OneClaw, bots, your backend, or human review.

Recommended production request

This pattern gives you route control, cost control, and retry safety.

curl -s https://oneai-saas-api-production.up.railway.app/v1/generate \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_ONEAI_API_KEY" \
  -H "Idempotency-Key: customer-action-123" \
  -d '{
    "type": "business_strategy",
    "input": {
      "goal": "Launch a paid AI feature in 30 days",
      "audience": "SaaS builders",
      "constraints": ["Keep it practical", "Prioritize validation"]
    },
    "options": {
      "llm": {
        "mode": "balanced",
        "maxCostUsd": 0.03
      }
    }
  }'

Launch verification

Run these checks after each deployment or environment-variable change.

AreaExpected result
HealthGET /health returns ok
TasksGET /v1/tasks shows only public commercial tasks
ModelsGET /v1/models or /v1/generate/models returns configured providers
Task callPOST /v1/generate succeeds with a Free task
Gateway callPOST /v1/chat/completions succeeds with a chosen model
UsageUsage page shows requests, tokens, and estimated cost after traffic
CostOpenRouter and DeepSeek calls return estimatedCostUSD > 0 when pricing exists
AuthUnauthenticated web users cannot create keys or view usage
Commercial recommendation

Start new customers on Free or a manually activated Pro plan, watch real usage for a few days, then raise limits. For high-value customers, design a dedicated Task Intelligence workflow instead of selling only raw model calls.