Go-Live Checklist

Use this checklist before moving Punchout from test to production.

Security

• Punchout Enabled = Yes
• Sandbox Mode = No
• strict signature validation enabled
• signature secret rotated and documented
• IP allowlist restricted to trusted source ranges
• HTTPS endpoints verified for inbound and outbound routes

Buyer and Mapping

• every active buyer has exactly one intended protocol
• buyer identities verified against procurement platform data
• mapping profile assigned and tested with real sample payloads
• required mapping fields populated for the selected template variant
• no temporary test buyer remains active

Runtime Reliability

• idempotency behavior tested for retry and conflict scenarios
• trace logging enabled for go-live window
• trace retention set to support issue triage
• alerting owner defined for failed transfer requests

Functional Validation

• OCI login flow success
• cXML setup flow success (if used)
• cart transfer payload validated by procurement side
• purchase order document loop validated (if enabled in project scope)

Operational Readiness

• support team has trace export procedure
• integration partner contact list documented
• rollback plan prepared (disable specific buyer or protocol quickly)

Recommended Sign-Off

1. Integration owner sign-off
2. Magento admin owner sign-off
3. Procurement platform owner sign-off