Well-Architected Review - App Entry Store

• Overview
• 1. Operational Excellence
  • 1.1 Identity Verification Operations
  • 1.2 Charge Calculation Operations
  • 1.3 Pre-Auth Management Operations
  • 1.4 Merchandise Synchronization Operations
  • 1.5 Cart Payload Validation Operations
  • 1.6 Mobile App Readiness
  • 1.7 Retry and Error Handling
  • 1.8 Observability, Deployment, and Readiness
  • 1.9 Monitoring and Change Management
  • 1.10 Change Management Readiness
    • 1.10.1 Change Control Process
    • 1.10.2 Identity Verification Changes
    • 1.10.3 Charge Calculation Changes
    • 1.10.4 Infrastructure and API Changes
    • 1.10.5 Inventory and POS Synchronization Changes
    • 1.10.6 Mobile App Changes
    • 1.10.7 Testing and Validation
    • 1.10.8 Rollback and Recovery
    • 1.10.9 Communication and Coordination
• 2. Security
  • 2.1 Identity Key Security
  • 2.2 Entry Gate Security
  • 2.3 Pre-Auth Security
  • 2.4 Inventory Synchronization Security
  • 2.5 Cart Payload Validation Security
  • 2.6 API Authentication and Authorization
  • 2.7 Security Events, Data Classification, and Incident Response
• 3. Reliability
  • 3.1 Identity Verification Availability
  • 3.2 Charge Calculation Reliability
  • 3.3 Pre-Auth Lifecycle Reliability
  • 3.4 Inventory Synchronization Reliability
  • 3.5 Cart Payload Validation Reliability
  • 3.6 End-to-End Resilience
  • 3.7 Data Protection and Fault Tolerance
  • 3.8 Backup and Recovery
• 4. Performance Efficiency
  • 4.1 Identity Verification Performance
  • 4.2 Charge Calculation Performance
  • 4.3 Pre-Auth Processing Performance
  • 4.4 Inventory Synchronization Performance
  • 4.5 Cart Payload Validation Performance
  • 4.6 Rate Limiting
  • 4.7 Demand Management
• 5. Cost Optimization
  • 5.1 Compute and Infrastructure
  • 5.2 Pre-Auth and Payment Costs
  • 5.3 Inventory Synchronization Costs
  • 5.4 Cart Payload Validation Costs
  • 5.5 API and Data Transfer Costs
• 6. Store Reporting
  • 6.1 Reporting Mode Selection
  • 6.2 Merchant Portal Reporting
  • 6.3 Intra-Day Reporting Operations
  • 6.4 Event Feed Reporting Operations
  • 6.5 Reporting Data Integrity
  • 6.6 Reporting Security and Access
• 7. Post-Purchase Operations
  • 7.1 Receipt Generation and Delivery
  • 7.2 Receipt Lookup
  • 7.3 Refund Processing
  • 7.4 Bad Debt Remediation
• 8. Sustainability
  • 6.1 Resource Efficiency
  • 6.2 Data Lifecycle Management
  • 6.3 Network and Transfer Optimization

Disclaimer: This document contains sample content for illustrative purposes only. Organizations should follow their own established best practices, security requirements, and compliance standards to ensure solutions are production-ready.

Overview

This questionnaire is designed for Just Walk Out store implementations that use app-based entry. In this model, the retailer's systems handle shopper identity verification and charge calculations (order delegation), with a pre-auth placed on the shopper's payment instrument at entry. The following APIs are in scope:

• Verify Identity Keys API (/v1/identity/identity-keys)
• Charge Calculation API (Order Delegation)

---

1. Operational Excellence

1.1 Identity Verification Operations

• How do you monitor the success/failure rate of identity key verifications in real time?
• What runbooks exist for handling identity verification service degradation or outages?
• How do you track the ratio of successful entries vs. rejected entries to detect anomalies?
• What is your process for managing and rotating valid identity keys?
• How do you handle associate entry separately from shopper entry in monitoring and reporting?

1.2 Charge Calculation Operations

• How do you validate that charge calculations (order delegation) return accurate pricing, promotions, and tax?
• What monitoring is in place to detect charge calculation latency spikes or failures?
• How do you handle and alert on carts received but not charged before pre-auth expiration?
• What is your process for updating pricing rules, promotions, or tax configurations?

1.3 Pre-Auth Management Operations

• How do you monitor the lifecycle of pre-authorizations from entry to charge or cancellation?
• What alerting is in place when a pre-auth is approaching expiration with an uncharged cart?
• How do you track and reconcile pre-auths that were cancelled due to empty carts?
• What dashboards or reports exist for pre-auth utilization and expiration rates?

1.4 Merchandise Synchronization Operations

• How do you monitor real-time inventory synchronization between store and POS systems?
• What alerting is in place for inventory sync failures or delays?
• How do you track and resolve inventory discrepancies between systems?
• What is your process for handling sync conflicts when both systems update simultaneously?
• How do you validate that inventory decrements match actual items taken by customers?
• How do you ensure price updates in POS propagate to store systems within acceptable timeframes?
• What monitoring detects price inconsistencies between systems?
• How do you handle promotional pricing synchronization and expiration?
• How do you reconcile daily transactions between store and POS systems?
• What automated processes detect and flag transaction discrepancies?

1.5 Cart Payload Validation Operations

• How do you monitor shopping cart payload validation success and failure rates?
• What alerting is in place for different types of payload validation failures?
• How do you track and analyze patterns in rejected payloads?
• What runbooks exist for handling validation system outages or degradation?
• How do you validate that error responses provide sufficient information for client debugging?
• How do you monitor API Gateway performance and availability?
• What alerting detects API Gateway throttling or capacity issues?
• How do you handle API Gateway configuration changes and deployments?
• What is your process for updating validation rules without service disruption?
• How do you ensure validation rules remain consistent across environments?

1.6 Mobile App Readiness

• Do you have a mobile app available on iOS and Android that supports QR code generation for JWO store entry?
• How do you generate Scan Key Codes in the app per JWO specifications (JWO prefix, customer prefix, recognition token, timestamp)?
• What is the QR code refresh interval to ensure shoppers always present a valid, unexpired code at the gate?
• How do you handle QR code generation when the shopper's device is offline or has intermittent connectivity?
• What minimum app version enforcement strategy prevents shoppers from using outdated versions that may generate incompatible Scan Key Codes?
• How do you manage app store release cycles (Apple App Store, Google Play) and ensure timely rollout of updates that affect JWO entry?
• What in-app messaging or forced-update mechanism notifies shoppers when an app update is required for store entry?
• How do you test QR code generation across different device types, OS versions, and screen sizes to ensure reliable scanning at the gate?
• What monitoring tracks app-side QR code generation success/failure rates and scan success rates at the gate?
• How do you handle shopper support when the app fails to generate a valid QR code (e.g., fallback entry method, in-store assistance)?
• What analytics track the correlation between app version and gate entry success rate to identify version-specific issues?
• How do you coordinate mobile app changes with backend Identity Connector changes to ensure compatibility?

1.7 Retry and Error Handling

• What retry strategy is implemented for failed Verify Identity Keys API calls?
• What retry strategy is implemented for failed Charge Calculation calls?
• How does the gate behave during retries (remains closed until definitive response)?
• What alerting is in place when maximum retry attempts are exhausted for any API?
• What retry mechanisms handle temporary inventory sync failures?
• How do you recover from extended POS system outages?
• What fallback procedures maintain operations when sync is unavailable?
• How do you ensure no inventory updates are lost during system failures?

1.8 Observability, Deployment, and Readiness

• How do you implement observability in your workload?
• How do you mitigate deployment risks?
• How do you know that you are ready to support a workload?

1.9 Monitoring and Change Management

• How do you monitor workload resources?
• How do you implement change?

1.10 Change Management Readiness

1.10.1 Change Control Process

• What formal change management process governs modifications to the Identity Connector, Ordering Connector, and supporting infrastructure?
• Who approves changes to production systems and what is the approval workflow?
• How do you classify changes by risk level (standard, normal, emergency) and what controls apply to each?
• What change advisory board (CAB) or review process evaluates changes before deployment?
• How do you maintain a change log that records all modifications, approvers, and deployment timestamps?

1.10.2 Identity Verification Changes

• What is the process for updating identity key validation logic (e.g., new QR code format, new customer prefix)?
• How do you deploy changes to the Verify Identity Keys API without disrupting active shopper entry?
• What testing is required before modifying gate decision logic (200/401/500 response behavior)?
• How do you coordinate identity key rotation or expiry window changes with the mobile app team?
• What is the rollback procedure if an identity verification change causes unexpected gate closures?

1.10.3 Charge Calculation Changes

• What is the process for deploying pricing rule, promotion, or tax configuration changes to the Ordering Connector?
• How do you ensure pricing changes are synchronized between your POS system and the Create Purchases API?
• What validation confirms that charge calculation changes produce correct totals before production deployment?
• How do you handle promotion activation/deactivation without impacting in-flight shopping trips?
• What is the rollback procedure if a pricing or tax change produces incorrect charges?

1.10.4 Infrastructure and API Changes

• What is the process for updating API Gateway configurations, Lambda functions, or IAM policies?
• How do you deploy infrastructure changes (e.g., CloudFormation stack updates) without service interruption?
• What blue/green or canary deployment strategies are used for API changes?
• How do you handle Amazon-initiated API changes (new fields, deprecations) in your Identity and Ordering Connectors?
• What is the process for updating IAM role permissions or rotating API credentials?

1.10.5 Inventory and POS Synchronization Changes

• What is the process for modifying inventory sync frequency, logic, or POS integration endpoints?
• How do you deploy sync pipeline changes without losing in-flight inventory updates?
• What testing validates that sync changes maintain data consistency between systems?
• How do you coordinate POS system upgrades or migrations with the JWO integration?

1.10.6 Mobile App Changes

• What is the process for deploying mobile app updates that affect QR code generation or Scan Key Code format?
• How do you ensure backward compatibility when the app and Identity Connector are updated at different times?
• What forced-update or minimum-version strategy prevents shoppers from using outdated app versions?
• How do you coordinate app store release timelines with backend Identity Connector changes?

1.10.7 Testing and Validation

• What pre-deployment testing is required for all change types (unit, integration, E2E, load)?
• How do you validate changes in a staging environment that mirrors production before deployment?
• What smoke tests confirm system health immediately after a production deployment?
• How do you test changes against the full shopper journey (entry → shopping → exit → charge)?

1.10.8 Rollback and Recovery

• What is the maximum acceptable rollback time for each component (Identity Connector, Ordering Connector, infrastructure)?
• How do you ensure every deployment is reversible and what automated rollback triggers are in place?
• What is the communication plan when a rollback is initiated during store operating hours?
• How do you handle data inconsistencies that may result from a partial deployment or rollback?

1.10.9 Communication and Coordination

• How do you communicate planned changes to stakeholders (store operations, Amazon team, mobile app team)?
• What maintenance windows are defined and how are they communicated to affected parties?
• How do you coordinate changes that span multiple teams (e.g., mobile app + Identity Connector + POS)?
• What post-deployment review process captures lessons learned from each change?

---

2. Security

2.1 Identity Key Security

• How are identity keys encrypted in transit and at rest?
• What controls prevent replay attacks using previously used identity keys?
• How do you detect and prevent tampered or forged identity keys?
• What is the expiration and rotation policy for identity keys?

2.2 Entry Gate Security

• How do you ensure the gate remains closed when identity verification fails or is inconclusive?
• What physical and logical controls prevent unauthorized store entry?
• How do you handle scenarios where the identity verification service is unreachable?
• What audit trail exists for all entry and exit events?

2.3 Pre-Auth Security

• How is pre-auth payment instrument data protected?
• What controls prevent unauthorized cancellation of pre-authorizations?
• How do you ensure pre-auth amounts are appropriate and not excessive?

2.4 Inventory Synchronization Security

• How is inventory and pricing data encrypted in transit between systems?
• What access controls restrict who can modify inventory or pricing data?
• How do you prevent unauthorized inventory adjustments or price changes?
• What audit logging captures all inventory and pricing modifications?
• How are API credentials managed for POS system integration?
• What authentication mechanisms secure inventory sync communications?
• How do you detect and prevent malicious inventory manipulation?
• What controls ensure data integrity during synchronization?

2.5 Cart Payload Validation Security

• How do you prevent injection attacks through malformed cart payloads?
• What validation rules protect against malicious payload structures?
• How do you ensure validation logic doesn't introduce security vulnerabilities?
• What controls prevent payload validation bypass attempts?
• How do you handle potentially malicious oversized payloads?
• How do you validate authentication credentials before payload processing?
• What controls ensure only authorized clients can submit cart payloads?
• How do you handle authentication failures in payload validation context?
• What audit logging captures authentication events during validation?
• How do you prevent credential stuffing attacks on cart submission endpoints?
• How do you ensure sensitive data in rejected payloads is not logged?
• What controls protect customer information in validation error messages?
• How do you handle PII in malformed cart payloads?
• What data retention policies govern rejected payload storage?

2.6 API Authentication and Authorization

• How are API credentials for the Verify Identity Keys and Charge Calculation APIs managed and rotated?
• What controls prevent unauthorized access to these APIs?
• How do you detect and respond to abnormal API usage patterns (e.g., brute force identity key attempts)?

2.7 Security Events, Data Classification, and Incident Response

• How do you detect and investigate security events?
• How do you classify your data?
• How do you protect your data at rest?
• How do you anticipate, respond to, and recover from incidents?

---

3. Reliability

3.1 Identity Verification Availability

• What is the target availability SLA for the identity verification service?
• What fallback behavior exists when the identity verification service is unavailable?
• How do you handle failed entry followed by a successful retry (no duplicate processing)?
• What is the recovery process when the identity service returns intermittent errors?

3.2 Charge Calculation Reliability

• What is the target availability SLA for the charge calculation service?
• How do you handle empty carts where the basket is not priced and a pre-auth cancellation must be triggered?
• What happens when a cart contains an item SKU that cannot be identified?
• How do you ensure charge calculations complete before the pre-auth window expires?

3.3 Pre-Auth Lifecycle Reliability

• What is the pre-auth expiration window and how is it tracked?
• What automated process cancels pre-auths for empty carts?
• How do you handle the scenario where the pre-auth cancellation process itself fails?
• What reconciliation process ensures no orphaned pre-auths exist?

3.4 Inventory Synchronization Reliability

• What is the target availability SLA for inventory synchronization?
• How do you handle POS system downtime without losing transactions?
• What redundancy exists for critical sync operations?
• How do you ensure sync resumes correctly after system failures?
• How do you maintain data consistency during concurrent updates?
• What mechanisms prevent inventory count corruption?
• How do you handle race conditions in inventory updates?
• What validation ensures sync accuracy under high load?
• How do you handle network interruptions during sync operations?
• What offline capabilities maintain operations during connectivity loss?

3.5 Cart Payload Validation Reliability

• What is the target availability SLA for payload validation services?
• How do you handle API Gateway failures without losing cart submissions?
• What redundancy exists for validation rule processing?
• How do you ensure validation remains available during system updates?
• What failover mechanisms protect against validation service outages?
• How do you ensure consistent error responses across all failure scenarios?
• What mechanisms prevent error response corruption or truncation?
• How do you handle validation timeouts and processing delays?
• What retry logic exists for transient validation failures?
• How do you ensure error responses remain available during high load?

3.6 End-to-End Resilience

• What is the expected end-to-end latency from identity verification to completed charge?
• How do you handle cascading failures across the identity → calculation → charge pipeline?
• What circuit breaker patterns are implemented to prevent system overload?
• How do you handle exit verification failures after a shopper has completed shopping?

3.7 Data Protection and Fault Tolerance

• How do you back up data?
• How do you design your workload to withstand component failures?

3.8 Backup and Recovery

• What is the backup strategy and frequency for identity key stores and verification configuration data?
• What is the backup strategy for charge calculation configuration (pricing rules, promotions, tax rates)?
• How do you back up pre-authorization records and their lifecycle state (active, cancelled, captured)?
• What is the backup strategy for inventory synchronization state and POS integration configuration?
• How do you back up cart payload validation rules and API Gateway configurations?
• What is the Recovery Point Objective (RPO) for each critical data store (identity keys, pricing, inventory, transaction logs)?
• What is the Recovery Time Objective (RTO) for restoring each service after a failure?
• How do you validate that backups are complete, consistent, and restorable through regular restore testing?
• What automated backup verification processes confirm backup integrity on a scheduled basis?
• How do you ensure backups are stored in a separate AWS region or account for disaster recovery?
• What is the process for restoring identity verification service from backup after a data loss event?
• What is the process for restoring charge calculation configurations (pricing, promotions, tax) from backup?
• How do you recover inventory synchronization state after a POS system or sync pipeline failure?
• What is the recovery procedure when pre-auth records are lost or corrupted?
• How do you restore cart validation rules and API Gateway configurations after an accidental deletion or misconfiguration?
• How do you ensure transaction audit logs and entry/exit event records are recoverable after a storage failure?
• What is the escalation process when automated recovery fails and manual intervention is required?
• How do you conduct disaster recovery drills and how frequently are they performed?

---

4. Performance Efficiency

4.1 Identity Verification Performance

• What is the p99 response time for identity key verification?
• How does the system perform under peak load (e.g., 100 concurrent identity verifications)?
• What is the acceptable gate open latency from scan to entry?

4.2 Charge Calculation Performance

• What is the p99 response time for charge calculations?
• How does calculation performance scale with cart complexity (e.g., multiple promotions, different tax categories)?
• What optimizations are in place for high-volume concurrent calculations?

4.3 Pre-Auth Processing Performance

• What is the latency for initiating a pre-auth cancellation on empty carts?
• How quickly does the system detect and alert on pre-auths approaching expiration?
• What is the throughput capacity for concurrent pre-auth operations?

4.4 Inventory Synchronization Performance

• What is the target latency for inventory updates to sync between systems?
• How does sync performance scale with transaction volume?
• What is the maximum acceptable delay for price updates?
• How do you optimize sync performance during peak hours?
• What is the maximum transaction throughput your sync can handle?
• How does performance scale with inventory size (number of SKUs)?
• What bottlenecks exist in the sync pipeline?
• How do you handle burst traffic during promotional events?

4.5 Cart Payload Validation Performance

• What is the target response time for payload validation (p95, p99)?
• How does validation performance scale with payload size and complexity?
• What optimizations reduce validation processing overhead?
• How do you handle performance degradation during validation rule updates?
• What caching strategies optimize repeated validation operations?
• What is the maximum throughput capacity for cart payload validation?
• How does API Gateway performance scale with concurrent validation requests?
• What bottlenecks exist in the validation pipeline?
• How do you optimize API Gateway configuration for validation workloads?
• What monitoring tracks validation latency and throughput?

4.6 Rate Limiting

• What rate limits are configured for the Verify Identity Keys API?
• How does the system handle 429 (rate limited) responses?
• What retry-after strategies are implemented when rate limits are hit?

4.7 Demand Management

• How do you design your workload to adapt to changes in demand?

---

5. Cost Optimization

5.1 Compute and Infrastructure

• How are compute resources scaled for identity verification and charge calculation services?
• What auto-scaling policies are in place to handle peak vs. off-peak traffic?
• Are there opportunities to use reserved capacity or savings plans for predictable workloads?

5.2 Pre-Auth and Payment Costs

• What is the cost per pre-authorization transaction?
• What is the cost impact of pre-auth cancellations for empty carts?
• How do you minimize unnecessary pre-auth holds (e.g., right-sizing pre-auth amounts)?

5.3 Inventory Synchronization Costs

• How do you optimize compute resources for sync operations?
• What auto-scaling policies manage sync infrastructure costs?
• How do you balance sync frequency with cost efficiency?
• What reserved capacity or savings plans reduce sync costs?
• How do you minimize data transfer costs between systems?
• What data retention policies optimize storage costs?
• How do you compress or optimize sync payloads?
• What archiving strategies reduce long-term storage costs?

5.4 Cart Payload Validation Costs

• How do you optimize API Gateway usage costs for validation operations?
• What strategies minimize per-request validation costs?
• How do you balance validation thoroughness with cost efficiency?
• What reserved capacity or savings plans reduce validation costs?
• How do you track and optimize validation-related API Gateway charges?
• How do you optimize compute resources for validation processing?
• What auto-scaling policies minimize validation infrastructure costs?
• How do you reduce costs from unnecessary validation operations?
• What caching strategies reduce redundant validation processing?
• How do you optimize validation rule complexity to reduce costs?

5.5 API and Data Transfer Costs

• What is the cost per transaction across the identity → calculation flow?
• How do you minimize unnecessary API calls (e.g., caching identity resolutions)?
• What is the cost impact of retry logic on failed API calls?

---

6. Store Reporting

6.1 Reporting Mode Selection

• Have you evaluated which reporting mode best fits your organization (Merchant Portal daily reports, Intra-day S3 reporting, Event feed via EventBridge)?
• What is your required frequency of data refresh (daily, hourly, every 15 minutes, near real-time)?
• Does your existing data ingestion infrastructure support CSV-based (Intra-day) or JSON/API-based (Event feed) formats?
• If managing multiple stores or merchant accounts, have you considered the Event feed solution for scalability?

6.2 Merchant Portal Reporting

• Are daily reports (Orders, Catalog, Payments) being downloaded and reviewed from the JWO Merchant Portal?
• How do you consume the dashboard data that refreshes every 30 minutes (sales details, item details)?
• What process exports and integrates Merchant Portal data into your internal reporting systems?
• Who is responsible for reviewing daily reports and what is the escalation process for anomalies?

6.3 Intra-Day Reporting Operations

• Have you onboarded to the Intra-day reporting solution (IAM role, SNS subscription, SQS queue, Lambda processor)?
• How do you monitor the 96 daily files (4 per hour) for completeness and timeliness?
• What de-duplication logic prevents processing the same report file multiple times?
• How do you handle orders that span multiple files using upsert (update/insert) logic?
• What alerting is in place when expected report files are not received within the 15-minute window?
• How do you handle KMS decryption failures when accessing report files from the Amazon S3 bucket?
• What is the process for copying report files from the Amazon S3 bucket to your destination S3 bucket?

6.4 Event Feed Reporting Operations

• Have you onboarded to the Event feed solution (EventBridge event bus, event rules, targets)?
• Are EventBridge rules configured correctly for CART and PAYMENT event types?
• How do you monitor EventBridge event delivery success and failure rates?
• What targets are configured for incoming events (S3, database, API endpoint)?
• How do you handle schema translation from Amazon event format to your internal reporting format?
• What alerting is in place when events are not received within expected timeframes after a shopping trip?
• How do you process PAYMENT event subtypes (AuthorizationApproved, CaptureApproved, AuthorizationDeclined, CaptureDeclined)?
• What dead-letter queue or retry strategy handles failed event processing?

6.5 Reporting Data Integrity

• How do you reconcile reporting data against charge calculation records and payment transactions?
• What validation ensures cart event data (SKUs, quantities, prices, promotions) matches your POS records?
• How do you detect and investigate discrepancies between Amazon reporting data and your internal systems?
• What process handles delayed orders that appear in later report files or event deliveries?
• How do you validate that promotion data in cart events (merchantPromotionId, promotionValue) matches your promotion configurations?

6.6 Reporting Security and Access

• How are IAM roles and KMS keys for reporting access managed and rotated?
• What access controls restrict who can view or download reporting data?
• How do you ensure PII in reporting data (card last four digits, shopper identity) is handled per privacy regulations?
• What audit logging captures all reporting data access and downloads?

---

7. Post-Purchase Operations

7.1 Receipt Generation and Delivery

• Have you determined the receipt ownership model (Amazon-generated or retailer-generated)?
• If using Amazon-generated receipts, have you configured your store logo, contact information, and formatting in the Merchant Portal?
• If using retailer-generated receipts, how do you consume payment and cart data from Amazon APIs to build itemized receipts?
• How do you deliver receipts to shoppers (email, mobile app, SMS) and what is the expected delivery time after a shopping trip?
• How do you handle receipt delivery failures (e.g., invalid email, app notification failure)?
• What process allows shoppers to request a receipt if they did not receive one?
• How do you ensure receipt content is accurate (items, quantities, prices, promotions, taxes, payment details)?

7.2 Receipt Lookup

• Have you determined the receipt lookup ownership model (Amazon receipt lookup website or retailer-managed lookup)?
• If using Amazon's receipt lookup, have you verified that shoppers can locate historical shopping trips by payment card?
• If using retailer-managed lookup, how do you store and index receipt records for shopper self-service retrieval?
• How do you handle receipt lookup for shoppers who entered via mobile app vs. credit card?
• What is the data retention period for receipt records and how is it communicated to shoppers?
• What authentication is required for shoppers to access their receipt history?

7.3 Refund Processing

• Have you determined the refund ownership model (Amazon-managed or retailer-managed via Refund API)?
• If using Amazon-managed refunds, what is the process for store staff to request a refund on behalf of a shopper through Amazon support?
• If using the Refund API (POST /v1/refund), have you integrated and tested the API with all required fields (storeId, shoppingTripId, amount, refundRequestId, refundReasonCode)?
• How do you ensure refund idempotency using unique refundRequestId values to prevent duplicate refunds?
• What process handles each refund reason code (DAMAGED_ITEM, EXPIRED_ITEM, UNWANTED_ITEM, JWO_TECH_ERROR, OTHER)?
• How do you enforce the 30-day refund window from the date of the shopping trip?
• What monitoring tracks refund success/failure rates and average refund processing time?
• How do you handle Refund API errors (400 UnknownShoppingTrip, 429 rate limiting, 500 server error, 503 service unavailable)?
• What retry strategy with exponential backoff is implemented for failed refund calls?
• How do you reconcile refund records (reconciliationId) with your payment processor?
• What alerting is in place for abnormal refund rates that may indicate fraud or operational issues?
• How do you communicate refund status to shoppers?

7.4 Bad Debt Remediation

• What process identifies bad debt scenarios (e.g., declined adjustments, failed captures, expired pre-auths with uncharged carts)?
• How do you record and track bad debt incidents with sufficient detail (shoppingTripId, amount, failure reason, timestamp)?
• What automated alerting triggers when a shopping trip results in bad debt?
• What is the escalation process for recovering bad debt (retry payment, contact shopper, write off)?
• How do you track bad debt by root cause (payment decline, pre-auth expiration, charge calculation failure, system error)?
• What thresholds trigger investigation when bad debt rates exceed acceptable levels?
• How do you prevent repeat bad debt from the same shopper (e.g., flagging accounts, blocking entry)?
• What reporting tracks bad debt metrics (total amount, frequency, recovery rate) for business monitoring?
• How do you reconcile bad debt records against payment processor records and Amazon transaction data?
• What write-off process and approval workflow governs unrecoverable bad debt?
• How do you feed bad debt data back into your fraud and risk assessment processes to improve future gate decisions?

---

8. Sustainability

6.1 Resource Efficiency

• How do you minimize compute usage during low-traffic periods?
• What strategies reduce unnecessary data processing for empty carts or rejected identity verifications?
• How do you optimize data retention policies for transaction logs, entry/exit events, and audit trails?
• What is the environmental impact of maintaining pre-auth holds that are ultimately cancelled?
• How do you minimize compute usage during low inventory sync traffic periods?
• What strategies reduce unnecessary sync operations?
• How do you optimize data processing to reduce energy consumption?
• What idle resource management reduces environmental impact?
• How do you minimize compute usage during low validation traffic periods?
• What strategies reduce unnecessary validation processing?
• How do you optimize validation algorithms to reduce energy consumption?

6.2 Data Lifecycle Management

• How do you optimize data retention to reduce storage footprint?
• What archiving strategies minimize long-term resource usage?
• How do you efficiently purge obsolete sync and validation data?
• What compression techniques reduce storage requirements?
• How do you optimize validation log retention to reduce storage footprint?
• What archiving strategies minimize long-term resource usage for rejected payloads?

6.3 Network and Transfer Optimization

• How do you minimize network traffic through efficient sync protocols?
• What batching strategies reduce transmission overhead?
• How do you optimize sync schedules to reduce peak usage?
• What edge caching reduces redundant data transfers?
• How do you minimize network traffic through efficient validation responses?
• What compression strategies reduce validation response payload sizes?
• How do you optimize validation rule distribution to reduce network overhead?
• What edge caching reduces redundant validation processing?