8 Provider Gates
Every external provider lane is launch-blocked until real credentials, webhook verification, and operating ownership are configured.
Admin workspace
Governance, executive dashboards, observability, module control, and ERP route clarity.
Launch control
Final read-only admin surface for external provider readiness. It makes launch blockers explicit without provider calls, credential values, DB edits, money movement, or fake success states.
Every external provider lane is launch-blocked until real credentials, webhook verification, and operating ownership are configured.
Missing credentials keep capture, booking, payout, dispatch, object writes, scans, statutory submission, and billing off.
Backend readiness exposes required and missing key names only. It does not display credential values or call providers.
| Area | Status | Readiness requirement | Fail-closed behavior | Readback |
|---|---|---|---|---|
| Payment provider | CONFIG REQUIRED | Gateway mode, public key, secret key, and webhook signing secret must be present before capture or escrow can be enabled. | Payment capture remains disabled when any required payment credential is missing. | Open JSON |
| Logistics provider | CONFIG REQUIRED | Carrier or aggregator account, API key, and webhook verification are required before booking, tracking, or POD callbacks. | Carrier booking, tracking mutation, and POD execution stay off without provider configuration. | Open JSON |
| Payout provider | CONFIG REQUIRED | Payout rail provider, API key, KYC/bank ownership, and webhook verification are required before seller payout execution. | Wallet and payout readbacks may be visible, but payout release stays disabled without rail credentials. | Open JSON |
| SMS/email providers | CONFIG REQUIRED | SMS sender approval, email sender/domain verification, provider API keys, and webhook secrets are required. | Notification queues can be read, but outbound SMS and email dispatch remain disabled. | Open JSON |
| Object storage, OCR, malware scan | CONFIG REQUIRED | Storage provider, bucket, region, access keys, KMS key, malware scanning provider, and scan webhook are required. | Signed object access, object writes, and malware scan callbacks stay disabled without configuration. | Open JSON |
| Tax/statutory provider | CONFIG REQUIRED | Government/statutory provider, GST/e-invoice/e-way credentials, portal client credentials, and webhook secret are required. | Internal filing packets can be reviewed, but government submission remains disabled. | Open JSON |
| Subscription billing | CONFIG REQUIRED | Subscription billing provider, API key, webhook secret, and seller entitlement source must be configured. | Plan/status UI remains read-only; paid subscription success is not asserted. | Open JSON |
| Tenant billing | CONFIG REQUIRED | Tenant plan metadata is visible through SaaS readiness, but tenant billing activation needs a real billing provider and tenant rows. | Tenant billing stays config-gated; no fake paid tenant state is created. | Open JSON |
| Checklist item | Current state | Launch explanation |
|---|---|---|
| Provider credentials | Fail closed | Backend readbacks report missing key names only and never echo secret values. |
| Money movement | Disabled | Payment capture, escrow settlement, payout release, and subscription charge are blocked until provider config is complete. |
| External calls | Disabled | The activation center links readiness JSON only; it does not call providers. |
| Storage and scanning | Disabled | Object writes, signed access, OCR provider calls, and malware scan execution remain off until configured. |
| Statutory submission | Disabled | Tax and statutory packet review remains internal until government/API provider credentials are supplied. |
| Tenant launch | Config gated | Tenant operations can be reviewed, but real billing and entitlement activation require provider and tenant data setup. |