Overview
What is ShipStream Data Border and why does it exist?
Overview
ShipStream Data Border is a secure API gateway that sits between Amazon's Selling Partner API (SP-API) and your Warehouse Management System (WMS). It acts as a "data border" over which sensitive Amazon data cannot pass—or may only pass under controlled circumstances.
The Problem
When you integrate with Amazon's marketplace to fulfill orders, your WMS needs:
- Order details - Items, quantities, shipping service levels
- Customer addresses - To generate shipping labels and route packages
- Tracking updates - To confirm shipments and update Amazon
But Amazon has strict requirements for how Personally Identifiable Information (PII) is handled:
- PII access must be logged and auditable
- Data must be tagged with its origin source
- Systems must detect and prevent suspicious access patterns
- Customer data should be minimized and protected
Building all of this into your WMS is complex, error-prone, and requires ongoing compliance work.
The Solution
Data Border handles the complexity so your WMS doesn't have to.
graph TB
subgraph "Your Infrastructure"
WMS[WMS Application]
DeviceHub[Device Hub / Printers]
end
subgraph "ShipStream Data Border"
ADB[Data Border Gateway]
Storage[(Secure Storage)]
Logs[(Audit Logs)]
end
subgraph "External"
Amazon[Amazon SP-API]
Carrier[Carrier APIs]
end
WMS -->|"Scrubbed Data"| ADB
ADB -->|"Real PII"| Amazon
ADB -->|"Real PII"| Carrier
ADB -->|"Labels with PII"| Storage
ADB -->|"Labels"| DeviceHub
ADB -->|"All PII Access"| LogsYour WMS communicates with Data Border using placeholders instead of real customer data. Data Border:
- Fetches the real PII from Amazon when needed
- Injects it into carrier requests to generate labels
- Stores original labels with PII securely
- Returns scrubbed responses to your WMS
- Sends labels directly to printers via Device Hub
Key Benefits
Simplified Compliance
- Automatic audit logging - Every PII access is recorded with order ID, timestamp, IP, and context
- Data attribution - All data tagged with
sp-apiorigin for Amazon compliance - Suspicious activity detection - Alerts on unusual access patterns (e.g., accessing shipped orders)
- Rate limiting - Built-in throttling prevents abuse
Reduced Risk
- PII minimization - Your WMS never sees customer addresses (unless explicitly requested)
- Encrypted storage - Amazon tokens encrypted with AES-256-GCM
- No backups needed - In a disaster, just redeploy and re-authenticate sellers
- Isolated secrets - Each seller's tokens encrypted with a unique secret
Seamless Integration
- Placeholder-based API - Simple request format with
{{ship_to_name}},{{ship_to_address1}}, etc. - Multiple carrier support - EasyPost, ShipStation, Shippo, UPS, FedEx, USPS, DHL
- Device Hub printing - Labels sent directly to printers, bypassing your WMS
- OAuth flow handling - Seller authentication managed end-to-end
Architecture
Data Border is designed as a stateless gateway with minimal data persistence:
- Modern runtime - High-performance TypeScript execution on a modern Node.js runtime
- Lightweight framework - Fast, minimal HTTP routing optimized for API gateways
- Embedded database - Tenant, seller, and audit data stored locally for low-latency access
- Encrypted object storage - S3-compatible storage for labels and backups
- WAF protection - Intelligent rate limiting and attack prevention
- Isolated deployment - Secure, single-tenant micro-VM isolation
What's Stored?
Data Border stores the minimum data required:
- Tenant configuration - WMS name, redirect URLs, Device Hub settings
- Seller records - Amazon seller IDs, encrypted refresh tokens
- Audit logs - PII access records for compliance
- Labels - Unredacted shipping labels (for reprinting)
What's NOT stored:
- Customer PII (fetched on-demand from Amazon)
- Amazon access tokens (generated per-request)
- Your WMS credentials or secrets