What this audit checks
Authentication & access
- API user + key exchange against /api/login returns a valid session token
- Store URL reachable over HTTPS and resolving to the expected OpenCart install
- OpenCart version captured and compared against the latest security release
Catalogue & inventory health
- Out-of-stock products (quantity = 0) that still show active demand
- Disabled products (status = disabled) still linked in menus or categories
- Products missing SKU or model identifiers
- Empty categories (product_count = 0) still enabled in navigation
Order & fulfilment health
- Orders stuck in pending or processing beyond the expected handling window
- Failed orders in the last 24h above the alert threshold
- Fulfilment rate (shipped + complete vs total) within the expected band
Customer & retention
- Repeat customer rate (order_count > 1) within the expected band
- Newsletter opt-in rate across active customers
- Repeat buyers not subscribed in a connected email tool
Payments & refunds
- Refund rate over the trailing 30 days within the expected band
- Cancellation rate over the trailing 30 days within the expected band
- Payment method mix flagged when a single gateway dominates failed orders
Cross-channel revenue at risk
- OpenCart SKU out of stock but the same SKU active on a marketplace listing
- Orders placed after an email click but unattributed in the email tool
- Top-velocity SKUs receiving a disproportionately small share of ad spend