Phaxio Go‑Live — One‑Pager

Organization: _ Environment: Dev / Staging / Prod Date: _

Contacts - Owner: __ On‑call: __ Provider Account: _____

Accounts & Legal - [ ] Phaxio account active (console access verified) - [ ] BAA executed (if handling PHI) - [ ] Provider document storage disabled (HIPAA)

Faxbot Configuration - [ ] FAX_BACKEND=phaxio - [ ] PHAXIO_API_KEY and PHAXIO_API_SECRET set - [ ] PUBLIC_API_URL uses HTTPS (resolves publicly) - [ ] Callback URL set to <PUBLIC_API_URL>/phaxio-callback - [ ] Signature verification enabled: PHAXIO_VERIFY_SIGNATURE=true (HIPAA) - [ ] API_KEY set; clients send X-API-Key

Security - [ ] ENFORCE_PUBLIC_HTTPS=true (HIPAA) - [ ] PDF_TOKEN_TTL_MINUTES set appropriately (default 60) - [ ] Audit logging enabled per policy (if required)

Networking - [ ] DNS and TLS valid (no warnings) - [ ] Callback reachable from internet

Smoke Test - [ ] Admin Console → Send: test PDF to known number - [ ] Status updates received via /phaxio-callback - [ ] Pages count matches expectations

Runbooks - Callback failure → verify signature header, endpoint reachability, secrets - PDF fetch failure → check token/TTL and PUBLIC_API_URL

Approvals - Security sign‑off: - Operations sign‑off:

References: Phaxio API v2.1 (create/send, webhooks), HIPAA — see Third‑Party page.