The validation of a phone number is restricted to the form where it's inserted or edited through the interface in the checkout profile step. Values inserted directly through the REST APIs to an orderForm or to an order, or which came from the customer profile (which, in their way, can be inserted through different ways) aren't validated by the platform.

Due to the nature of these flows, origins inserting invalid values can't be traced back.

• create a cart
• advance until the payment step
• change the "phone" property from the "clientProfileData" section from an orderForm through API to an invalid value
• finish the purchase

The order will be created with the invalid phone number without further validations.

The phone number should be validated on the client side, like in the user interface, their custom functions, or any middleware or backend that does these requests to the orderForm and order REST APIs or feeds the customer profile in the Profile System/Master Data services.