GIGifts In Seller ToolsPersonal development only

Security

Security Practices

Gifts In Seller Tools is designed around OAuth authorization, least-privilege access, and careful handling of data from my own Etsy shops.

The term 'Etsy' is a trademark of Etsy, Inc. This application uses the Etsy API but is not endorsed or certified by Etsy, Inc.

Security Controls

OAuth 2.0 Only

The application will not collect Etsy passwords. Access to my own shops must be authorized through Etsy OAuth 2.0.

Token Protection

Refresh tokens are planned to be encrypted at rest and deleted when a shop disconnects or deletion is verified.

Least Privilege

Initial scopes should stay limited to approved shop, listing, and order workflow testing needs for my own shops.

HTTPS

The public site and future callback endpoints must load over HTTPS.

Access Controls

Administrative access should be restricted, logged, and reviewed.

Rate Limits

The future app should respect Etsy API rate limits and back off when responses require it.

Developer and security contact
developers@gifts-in.com