GIGifts In Seller ToolsPrivate developer preview

Security

Security Practices

Gifts In Seller Tools is designed around OAuth authorization, least-privilege access, and careful handling of Etsy seller data.

The term 'Etsy' is a trademark of Etsy, Inc. This application uses the Etsy API but is not endorsed or certified by Etsy, Inc.

Security Controls

OAuth 2.0 Only

The application will not collect Etsy passwords. Shop access must be authorized through Etsy OAuth 2.0.

Token Protection

Refresh tokens are planned to be encrypted at rest and deleted when a shop disconnects or deletion is verified.

Least Privilege

Initial scopes should stay limited to approved shop, listing, and order workflow testing needs.

HTTPS

The public site and future callback endpoints must load over HTTPS.

Access Controls

Administrative access should be restricted, logged, and reviewed.

Rate Limits

The future app should respect Etsy API rate limits and back off when responses require it.

Developer and security contact
developers@gifts-in.com