DLADigital Listing AssistantPrivate Etsy seller listing management tool

https://digitallistingassistant.com

Security

Last updated: June 3, 2026

Security Model

  • The public website is informational only.
  • The actual tool is private/admin-only.
  • There is no public signup.
  • Etsy authorization is handled through OAuth.
  • The app does not collect Etsy passwords.
  • Production must use HTTPS.
  • Use least-privilege API scopes.
  • Use environment variables for secrets.
  • Use admin allowlisting where supported.

Secret Handling

Etsy API keys, shared secrets, OAuth tokens, and refresh tokens must be stored server-side only. Secrets must never be included in frontend code, static files, browser JavaScript, logs, GitHub, documentation examples with real values, or screenshots.

Report a Concern

Security concerns should be sent to fstop@motiontography.com.