Security and Idempotency
Punchout endpoints are protected through layered runtime validation and deterministic retry control.
Security layers
Typical checks include:
- buyer profile resolution
- buyer authentication
- IP allowlist validation
- signature validation (strict mode optional)
- hook URL validation
This reduces risk from invalid, malformed, or unauthorized requests.
Idempotency
Idempotency keys allow transfer/document endpoints to process retries safely.
Expected behavior:
- new request processed normally
- known key can return replay result
- mismatched payload can return conflict status
Business outcome:
- fewer duplicate transfers
- safer integration under network instability