← Dashboard
Section 14 of 14

Security & Infrastructure

What This Does

ShipStation API credentials are encrypted with AWS KMS in production (AES-256-CBC locally for development). All routes are authenticated via Shopify's OAuth. Webhooks are verified via HMAC signatures. The app runs on AWS: ECS Fargate for the web server, Lambda for the order worker and cron jobs, SQS FIFO for the queue, and PostgreSQL (Neon) for the database.

Why It Matters

ShipStation API credentials are essentially the keys to a merchant's fulfillment system. If they were exposed, someone could modify customs forms, shipping addresses, or cancel orders. The encryption ensures they're safe even if the database were compromised.

How It Works

  1. 1.When a merchant enters their ShipStation API key and secret in settings, we immediately encrypt both values using KMS before storing them in the database.
  2. 2.When the pipeline needs to call ShipStation, we decrypt the credentials from the database, use them to make API calls, and never log or store the plain text values.
  3. 3.In development, we use AES-256-CBC with a local key (a fallback that explicitly fails in production).
  4. 4.Shopify's authenticate.admin() verifies the merchant is logged in and has access to the store.
  5. 5.Shopify's authenticate.webhook() verifies HMAC-SHA256 signatures on webhooks.
  6. 6.The infrastructure uses CDK (Cloud Development Kit) to define AWS resources as TypeScript code.

The Code

Key Decisions

What Could Go Wrong

The DashboardBack to Dashboard