Security and access
Last updated July 12, 2026
Separate Amazon connections
Amazon Advertising API and Selling Partner API access are authorized and monitored separately. Connecting one does not grant access to the other.
Credential boundary
OAuth refresh tokens and client secrets remain in server-only Cloudflare runtime boundaries. Provider credentials are encrypted at rest and never exposed to browser code.
Tenant isolation
Every agency and client record is scoped to its trusted organization. Seller-facing routes derive client scope from the authenticated session rather than accepting arbitrary browser-supplied client identifiers.
Write controls
Amazon writes require explicit permissions, reviewed evidence, applicable client approval, action-time confirmation, and idempotent execution tracking. The free PPC Waste Teardown is read-only.
Payments
Stripe Checkout handles payment collection. Billing access is authorized through app-owned Stripe customer bindings, never by searching for a matching email address.