Releasing to Production

Security Review

How to obtain a permanent UAT/Test QR code for your Miniapp production release.

Overview

Once you've completed development and thoroughly tested your Miniapp, it's time to prepare it for the security review, once you pass the security review, you can go live! The first step in this process is obtaining a UAT/test permanent QR code that will be used for the security test.

Important Security Considerations

The Security Team conducts a thorough review of your Miniapp according to standardized security frameworks. In average cases, the security team will report back to the Miniapps development team multiple security issues that need to be patched.

It can easily take more than one report back from the security team for your Miniapp to receive the green light to go live. Sometimes issues cannot be fully patched from the first report, requiring multiple review cycles.

Prerequisites

Before proceeding, ensure you have:

  • Completed development of your Miniapp
  • Tested all features thoroughly
  • Hosted your frontend application
  • Hosted your backend application
  • Updated the frontend URL in the Super Qi Console
Make sure your Miniapp is production-ready before applying for a permanent UAT/test QR code. The security team will review your application, so ensure everything is working correctly.

Step-by-Step Guide

Step 1: Navigate to Your Miniapp

Log in to the Super Qi Console and navigate to your Miniapp. Select the UAT/test version that you want to release to production.

Step 2: Apply for Release

Click on the "Apply Release" button.

This will initiate the process of generating a permanent QR code for your Miniapp.

Step 3: Confirm Release Application

A confirmation popup will appear. Review the details and click "Apply" to confirm.

Once you click "Apply", the system will begin processing your request. This may take a few moments.

Step 4: Refresh and View QR Code

After clicking "Apply", wait a few moments and then refresh the page. You should now see your permanent QR code displayed.

This QR code is unique to your Miniapp and will be used for the security review.

Submitting for Security Review

Once you have obtained the permanent QR code, follow these steps:

1. Contact Miniapp Team

Send an email to hani.salih@qi.iq and CC mouamle.hameed@qi.iq with the following information:

  • The permanent QR code
  • Miniapp name
  • The purpose of the Miniapp and how it operates
  • API Documentation (Swagger/Postman)
  • Test user in your dashboard (the one that generally manages, adminstrates... etc) credentials for all roles in the MiniApp (e.g., User, Admin)
If your Miniapp doesn't use tools like Swagger/Postman, or uses different technologies that are not specified, you can still describe in your email how your Miniapp behaves.

Example email:

To: hani.salih@qi.iq
CC: mouamle.hameed@qi.iq
Subject: Miniapp Security Review Request - [Your Miniapp Name]

Hello team,

Our Miniapp "Example App" (v1.0.0) is ready for production release and security review.

Attached is the permanent QR code.

Miniapp Name: Example App

Miniapp Purpose:
This Miniapp is an e-commerce platform that allows users to browse products, add items to cart, and make payments using QiCard. Users can view their order history and track deliveries.

How it operates:
- Users authenticate using my.getAuthCode and applyToken
- Product browsing and cart management
- Payment processing via cashier payment flow (my.tradePay)
- Order tracking and history

API Documentation:
- Swagger: https://api.example.com/swagger
- Postman Collection: https://api.example.com/postman-collection.json
- Manual API description: Our backend exposes REST APIs for product management (GET /api/products, POST /api/orders), user authentication (POST /api/auth/login), and payment processing (POST /api/payments). All endpoints require Bearer token authentication. Request/response formats follow JSON standards.

Test User Credentials:
We will provide a dedicated test account in our dashboard for your security testing with the following roles:
- Admin Role (full access to dashboard and administrative functions)
- Regular User Role (standard customer access)
Username: securityTestUser
Password: abc123

Please proceed with the security review.

Thank you!

2. Wait for Security Team Review

After you submit the email:

  1. The Miniapp team and the Security Team will review your submission
  2. The security team will perform a thorough review of your Miniapp
  3. They will test functionality, security, and compliance
Be patient during the review process. The security team needs time to thoroughly evaluate your Miniapp. This is an important step to ensure the safety and quality of all Miniapps on the Super Qi platform.

Next Steps

After receiving security approval, proceed to Merchant Registration to complete the production release process.