Security and access

Last updated July 12, 2026

Separate Amazon connections

Amazon Advertising API and Selling Partner API access are authorized and monitored separately. Connecting one does not grant access to the other.

Credential boundary

OAuth refresh tokens and client secrets remain in server-only Cloudflare runtime boundaries. Provider credentials are encrypted at rest and never exposed to browser code.

Tenant isolation

Every agency and client record is scoped to its trusted organization. Seller-facing routes derive client scope from the authenticated session rather than accepting arbitrary browser-supplied client identifiers.

Write controls

Amazon writes require explicit permissions, reviewed evidence, applicable client approval, action-time confirmation, and idempotent execution tracking. The free PPC Waste Teardown is read-only.

Payments

Stripe Checkout handles payment collection. Billing access is authorized through app-owned Stripe customer bindings, never by searching for a matching email address.