runbookify
← All plans
Accounting & Finance / Accounts Payable

Vendor Master Onboarding & Validation: Vet New Vendors Before You Ever Pay Them

Collect W-9, banking, and address details through a secure form, validate and de-duplicate against your existing vendor master, flag fraud risks, and require a manager's sign-off before any vendor can be paid.

IntermediateA weekendBuilds onNext.jsSupabaseResend
What you'll build

A web tool where a vendor securely submits their details and uploads a W-9, AI validates the fields and checks for duplicates and bank/address risks against your vendor master, your AP manager reviews the flags and approves, and it exports a clean new-vendor record in your AP system's exact columns with the tax documents stored securely.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A Supabase account (free)
  • A Vercel account (free)
  • A Resend account (free)
  • A CSV export of your current vendor master
  • Claude Code or any AI coding agent

The problem this kills

A new vendor needs to get set up so you can pay them. Someone emails a W-9, someone else types the banking details into your AP system, and the record goes live. It feels routine — and that is exactly why it is dangerous. The same vendor gets entered twice under slightly different names, so your spend reporting is wrong and you risk paying the same company on two records. A tax ID is mistyped, and your 1099s come back wrong at year end. Worst of all, a fraudster emails a "banking update" that quietly redirects a real vendor's payments to a different account — and because nobody cross-checked it, the money is gone before anyone notices.

Vendor master onboarding is the front door to every dollar your company pays out, and most teams guard it with a spreadsheet and good intentions. The fixes are well known to anyone who has been burned: collect the details on a secure form instead of email, check every new vendor against the ones you already have, flag any bank account that already belongs to someone else, and never let a record go live until a human has reviewed the risk flags and signed off. You do not need to be a developer to build that front door.

What you'll build

A secure internal onboarding tool for your AP and procurement team. You send a vendor a private link; they fill in their company details, address, and banking info, upload their W-9 (the US tax form that gives you their legal name and tax ID), and tick a consent box. The moment they submit, the tool validates the fields and checks the submission against your current vendor master — catching a vendor you already have under a different spelling, a tax ID that is already on file, and, critically, a bank account that already belongs to a different vendor. It also flags when a banking detail looks like a change that needs a phone call to verify, the classic fraud control. Every flagged submission lands in a review queue where your AP manager sees the validated data and the risk flags side by side and clicks Approve or Reject. Only on approval does the tool export a clean new-vendor record in your AP system's exact columns and lock the tax documents away in secure, restricted storage.

What's inside the Implementation Plan

The downloadable plan is a step-by-step file you paste into an AI coding agent. It opens by interviewing you about your business — your current onboarding process and who runs it, the system that holds your vendor master, the exact fields and naming in your vendor data, your typical and peak onboarding volumes, your real approval rules and dollar thresholds, and the messy edge cases like foreign vendors with no W-9, sole proprietors, and one parent company with many "remit-to" addresses. It reads a short spec back to you for a thumbs-up, then builds the tool around your answers instead of a generic template. From there it walks the agent through the secure intake form, the W-9 upload and consent capture, the validation-and-dedupe engine, the fraud-risk flags, the manager review-and-approve screen, and the new-vendor export. Every step ends with a ready-to-copy prompt.

The governance it includes (this is the point)

This isn't a toy. The plan builds in the controls a real finance function needs: login so only your team can use it, row-level security so people only see their own organization's vendors and the tax documents stay locked down to authorized reviewers, a complete audit trail of every validation, flag, and approval decision (who, what, when, and why), a hard human-approval gate so no vendor is written to your payable master until a person reviews the flags and signs off, and duplicate guards so the same vendor and the same submission can't be processed twice. Banking changes are deliberately routed to a callback-verification step before they can be approved — because that one control stops the most expensive fraud in AP.

Who it's for

AP managers, procurement leads, and controllers who own the vendor master and are tired of duplicate records, mistyped tax IDs, and the cold sweat of a redirected-payment scam. If you can describe what makes two vendors "the same" in your world and who is allowed to bless a new one, you can build this.

You've got this — open the plan, paste the first prompt, and you'll be onboarding your first real vendor through a secure, audited gate this weekend.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.