TheSkinProof — Multi-vendor eCommerce platform
Bangladesh's first verified skincare marketplace — 124 API endpoints, 26 database tables, 779 tests passing, 4 distinct portals, and a verification-first product pipeline built from scratch with QA-first engineering.
Key Achievement
A production-ready marketplace with multi-portal architecture, automated product verification, personalized skin quiz recommendations, multi-layered fraud detection, and full integration with leading regional payment and logistics providers — backed by 750+ automated tests with enforced coverage thresholds.
1 / 4
Challenge
Bangladesh's online skincare market is flooded with counterfeit and expired products — an estimated 30-40% of products sold online in South Asia are fake, posing serious health risks. Existing marketplaces treat skincare like any other product with no invoice verification, no batch tracking, and no expiry monitoring. Building a multi-vendor skincare marketplace required handling complex vendor onboarding, product catalog management with variants, independent vendor dashboards with real-time order routing, commission calculations, and a unified checkout — all while maintaining data integrity, preventing cross-vendor data leaks, and solving the COD fraud problem that plagues Bangladesh's e-commerce.
Solution
We architected TheSkinProof as a verification-first multi-vendor marketplace with four distinct portals (Buyer, Seller, Admin with 30+ pages, Warehouse). The core Product Verification Pipeline requires every listing to pass invoice checks, Certificate of Analysis (COA) validation, batch tracking, and expiry monitoring before going live. An AI-powered 8-question Skin Quiz generates personalized product recommendations with match-score explanations (90% test coverage). The platform features row-level security for vendor isolation, an automated commission engine (15% default, configurable per-vendor), real-time order splitting and routing, multi-signal fraud detection with a 0-100 risk scoring system, granular RBAC with 15+ permission modules and 50+ discrete actions, and full Bangladesh localization with bKash/Nagad/SSLCommerz payments and Pathao courier integration.
Result
Delivered a production-grade platform with 124 RESTful API endpoints, 26 database tables, 779 passing tests across 37 test suites, 75+ React components, and 45+ page-level views. The system handles multi-vendor checkout with zero data cross-contamination, processes commission splits in real-time, and maintains sub-200ms API response times under load. Security architecture includes OTP-based login with HMAC-SHA256 signed cookies, Redis-backed sliding-window rate limiting (8 presets), auto-logout with inactivity detection, and immutable audit trails. The architecture has been validated to scale to 100+ vendors without schema changes.
Technical Architecture
Row-level security for vendor isolation. Verification-first product pipeline with admin review queue. AI skin quiz with 5-stage scoring algorithm. Event-driven order routing with idempotent processing. Commission engine with configurable rate tiers. Multi-signal fraud detection (velocity abuse, name mismatch, rapid-fire orders, high-value guest COD) with COD eligibility engine. HMAC-SHA256 session auth with nonces. Redis sliding-window rate limiting with 8 presets. Faceted search using PostgreSQL full-text search with tsvector indexes. Cart system supporting items from multiple vendors with split-payment logic. Zustand 5 for 6 persistent client stores. FIFO warehouse batch allocation with expiry tracking.
Tech Stack
Project Details
- Timeline
- 12 weeks
- Team
- 2 engineers, 1 QA
- Industry
- eCommerce
Full Case Study
Download the detailed technical case study with architecture diagrams and complete specifications.
Download PDFThe Challenge
Problem Statement
The skincare e-commerce space presents unique challenges that general-purpose marketplace platforms don’t address.
Counterfeit & Expired Products
A significant portion of skincare products sold online in South Asia are counterfeit or expired, posing serious health risks. No verification standard exists on current platforms.
No Personalization
Consumers struggle to choose products suited to their specific skin type, concerns, and sensitivities. Generic catalogs lead to poor purchase decisions and high return rates.
COD Fraud
Cash-on-delivery orders are plagued by velocity abuse, fake names, and rapid-fire ordering — creating significant operational losses.
Fragmented Operations
Seller onboarding, product submission, warehouse operations, and payout management needed to be unified with strict quality controls and full traceability.
Architecture
Multi-Portal Platform
Four completely isolated portals serve different stakeholders, each with dedicated layouts, workflows, and permission boundaries.
Buyer Portal
- Product discovery & search
- Personalized skin quiz
- Shopping cart & checkout
- Order tracking & returns
- Product reviews
Seller Portal
- Product submission & drafts
- Order fulfillment
- Revenue dashboard
- Payout tracking
- Sales analytics
Admin Portal
- Product verification queue
- Seller management
- Fraud monitoring
- User management
- Audit logs
Warehouse Portal
- Inventory management
- FIFO picking board
- Batch tracking
- Pack & ship workflow
- Expiry monitoring
Trust & Safety
Product Verification Pipeline
Every product passes through a multi-stage verification process before appearing on the marketplace. No unverified product ever reaches consumers.
Submit Draft
Seller submits product with details, images, pricing, and ingredients list
Upload Documents
Purchase invoices, Certificate of Analysis (COA), and brand authorization
Admin Review
Team reviews documents and validates product authenticity in queue
Go Live / Reject
Approved products get verified badge; rejected items return with feedback
Capabilities
Key Features Deep Dive
Purpose-built systems designed for the skincare marketplace — from verification pipelines to personalized recommendations.
Product Verification Pipeline
Every product undergoes invoice checks, COA validation, batch tracking, and expiry monitoring before going live. Admin review queue with approve/reject workflow.
Personalized Skin Quiz
Multi-step questionnaire generating complete skin profiles with scientifically weighted scoring. Classifies skin type, generates exclusion lists, and recommends products with match scores.
COD Fraud Detection
Multi-signal fraud detection analyzing ordering patterns, recipient info, and transaction behavior. Risk scoring with automatic blocking and manual review flags.
Multi-Portal Architecture
Four isolated portals — Buyer, Seller, Admin, Warehouse — each with dedicated layouts, navigation, workflows, and permission boundaries.
Warehouse Pick-Pack-Ship
FIFO inventory management with batch-level traceability. Orders assigned to pickers, packed with quality evidence, dispatched with real-time tracking.
Regional Localization
Phone normalization, geographic hierarchy, local currency handling, regional payment gateways, logistics integration, and bilingual UI.
Personalization
Skin Quiz Engine
A multi-step questionnaire that generates complete skin profiles and personalized product recommendations. The highest-tested module in the codebase.
| Question Area | What It Determines |
|---|---|
| Top skin concerns (ranked) | Primary and secondary concern targets |
| Skin feel & texture | Skin type classification |
| Sensitivity evaluation | Product compatibility filtering |
| Known allergies | Ingredient exclusion list |
| Lifestyle factors | Environmental concern adjustments |
| Health conditions | Safety-based ingredient exclusions |
Integrations
Integration Ecosystem
Integrated with regional payment, logistics, and communication platforms through a pluggable adapter architecture.
| Category | Provider | Purpose |
|---|---|---|
| Payment | bKash | Mobile wallet — tokenized payment flow with refund support |
| Payment | Nagad | Mobile wallet — merchant API with callback verification |
| Payment | SSLCommerz | Card payments & net banking with payment notification |
| Logistics | Pathao | Courier with real-time tracking, delivery zones, COD settlement |
| Communication | WhatsApp Business | Order confirmations, shipping updates, notifications |
| Communication | SMS | OTP delivery and critical operational alerts |
| Storage | AWS S3 | Seller verification documents with secure access |
| Storage | Cloudinary | Product images with CDN delivery and auto-optimization |
Stack
Technology Decisions
| Layer | Technology | Rationale |
|---|---|---|
| Framework | Next.js (App Router) | SSR for SEO, API routes colocation |
| Language | TypeScript (strict) | End-to-end type safety across all layers |
| Database | PostgreSQL | Relational integrity, full-text search, GIN indexes |
| Cache | Redis | Sliding-window rate limiting, session cache, in-memory fallback |
| State | Zustand | Lightweight persistent stores (cart, wishlist, auth) |
| Payments | bKash + Nagad + SSLCommerz | Covers 95%+ of BD digital payments |
| Courier | Pathao API | Real-time tracking, webhook updates, COD settlement |
| Styling | Tailwind CSS | Utility-first with custom design tokens |
| Testing | Jest (750+ tests) | Enforced coverage thresholds on critical modules |
Security Architecture
- OTP-based login for buyers with phone number validation and normalization
- Credential-based login for admin/seller with secure password hashing
- Tamper-proof sessions using HMAC-SHA256 signed cookies with nonces
- Granular RBAC with predefined and custom roles across all modules
- Session timeout with inactivity detection and device sleep/wake awareness
- Rate limiting with multiple presets for different endpoint categories
- Security headers: CSP, HSTS, X-Frame-Options, XSS protection
- Immutable audit logging of all administrative actions for compliance
Testing Strategy
| Area | Tests | Coverage |
|---|---|---|
| Quiz / Scoring | 120+ | 90% lines |
| Cart Store | 80+ | 80% lines |
| API Routes | 200+ | — |
| Components | 89+ | — |
| Total | 750+ | Enforced thresholds |
Let's Talk
Ready to build something similar?
Whether it’s e-commerce, marketplace platforms, or verification systems — let’s discuss your project.