Phaxio Go‑Live Checklist

Accounts & Legal

  • Phaxio account active; credentials verified
  • BAA executed (for HIPAA)
  • Provider storage disabled in Phaxio console (HIPAA)

Faxbot Configuration

  • Backend set to phaxio
  • PHAXIO_API_KEY and PHAXIO_API_SECRET set
  • PUBLIC_API_URL points to HTTPS domain
  • Callback URL set to <PUBLIC_API_URL>/phaxio-callback and configured in Phaxio console
  • Signature verification enabled: PHAXIO_VERIFY_SIGNATURE=true (HIPAA)

Security

  • API_KEY set and clients include X-API-Key
  • ENFORCE_PUBLIC_HTTPS=true (HIPAA)
  • Audit logging enabled if required by policy
  • PDF_TOKEN_TTL_MINUTES set appropriately (default 60)

Networking & Reachability

  • Public DNS/TLS validated (no self‑signed certificates in production)
  • Callback and PDF token URL accessible to Phaxio

Smoke Tests

  • Send test fax from Admin Console and via SDK (Node/Python)
  • Observe status update via /phaxio-callback
  • Confirm pages reported and final status SUCCESS/FAILED as expected

Runbooks

  • On callback failures: check signature header, endpoint reachability, and secrets
  • On PDF fetch failures: check token, TTL, and public HTTPS URL

Copyright © 2024 Faxbot. Distributed under the MIT License.