TheSkinProof — Multi-vendor eCommerce platform
Bangladesh's first verified skincare marketplace — 124 API endpoints, 26 database tables, 779 tests passing, 4 distinct portals, and a verification-first product pipeline built from scratch with QA-first engineering.
The shape of the system. By the numbers.
A production-ready marketplace with multi-portal architecture, automated product verification, personalized skin quiz recommendations, multi-layered fraud detection, and full integration with leading regional payment and logistics providers — backed by 750+ automated tests with enforced coverage thresholds.
What it looks like. Live screens.
The brief. What we shipped.
Bangladesh's online skincare market is flooded with counterfeit and expired products — an estimated 30-40% of products sold online in South Asia are fake, posing serious health risks. Existing marketplaces treat skincare like any other product with no invoice verification, no batch tracking, and no expiry monitoring. Building a multi-vendor skincare marketplace required handling complex vendor onboarding, product catalog management with variants, independent vendor dashboards with real-time order routing, commission calculations, and a unified checkout — all while maintaining data integrity, preventing cross-vendor data leaks, and solving the COD fraud problem that plagues Bangladesh's e-commerce.
We architected TheSkinProof as a verification-first multi-vendor marketplace with four distinct portals (Buyer, Seller, Admin with 30+ pages, Warehouse). The core Product Verification Pipeline requires every listing to pass invoice checks, Certificate of Analysis (COA) validation, batch tracking, and expiry monitoring before going live. An AI-powered 8-question Skin Quiz generates personalized product recommendations with match-score explanations (90% test coverage). The platform features row-level security for vendor isolation, an automated commission engine (15% default, configurable per-vendor), real-time order splitting and routing, multi-signal fraud detection with a 0-100 risk scoring system, granular RBAC with 15+ permission modules and 50+ discrete actions, and full Bangladesh localization with bKash/Nagad/SSLCommerz payments and Pathao courier integration.
Delivered a production-grade platform with 124 RESTful API endpoints, 26 database tables, 779 passing tests across 37 test suites, 75+ React components, and 45+ page-level views. The system handles multi-vendor checkout with zero data cross-contamination, processes commission splits in real-time, and maintains sub-200ms API response times under load. Security architecture includes OTP-based login with HMAC-SHA256 signed cookies, Redis-backed sliding-window rate limiting (8 presets), auto-logout with inactivity detection, and immutable audit trails. The architecture has been validated to scale to 100+ vendors without schema changes.
Row-level security for vendor isolation. Verification-first product pipeline with admin review queue. AI skin quiz with 5-stage scoring algorithm. Event-driven order routing with idempotent processing. Commission engine with configurable rate tiers. Multi-signal fraud detection (velocity abuse, name mismatch, rapid-fire orders, high-value guest COD) with COD eligibility engine. HMAC-SHA256 session auth with nonces. Redis sliding-window rate limiting with 8 presets. Faceted search using PostgreSQL full-text search with tsvector indexes. Cart system supporting items from multiple vendors with split-payment logic. Zustand 5 for 6 persistent client stores. FIFO warehouse batch allocation with expiry tracking.
What was broken. Before we shipped.
The skincare e-commerce space presents unique challenges that general-purpose marketplace platforms don't address.
Counterfeit & Expired Products
A significant portion of skincare products sold online in South Asia are counterfeit or expired, posing serious health risks. No verification standard exists on current platforms.
No Personalization
Consumers struggle to choose products suited to their specific skin type, concerns, and sensitivities. Generic catalogs lead to poor purchase decisions and high return rates.
COD Fraud
Cash-on-delivery orders are plagued by velocity abuse, fake names, and rapid-fire ordering — creating significant operational losses.
Fragmented Operations
Seller onboarding, product submission, warehouse operations, and payout management needed to be unified with strict quality controls and full traceability.
Multi-portal platform. Isolated by purpose.
Four completely isolated portals serve different stakeholders, each with dedicated layouts, workflows, and permission boundaries.
Buyer Portal
- →Product discovery & search
- →Personalized skin quiz
- →Shopping cart & checkout
- →Order tracking & returns
- →Product reviews
Seller Portal
- →Product submission & drafts
- →Order fulfillment
- →Revenue dashboard
- →Payout tracking
- →Sales analytics
Admin Portal
- →Product verification queue
- →Seller management
- →Fraud monitoring
- →User management
- →Audit logs
Warehouse Portal
- →Inventory management
- →FIFO picking board
- →Batch tracking
- →Pack & ship workflow
- →Expiry monitoring
Every product is verified. Before it lists.
A multi-stage process gates every listing. No unverified product ever reaches a buyer.
Submit Draft
Seller submits product with details, images, pricing, and ingredients list
Upload Documents
Purchase invoices, Certificate of Analysis (COA), and brand authorization
Admin Review
Team reviews documents and validates product authenticity in queue
Go Live / Reject
Approved products get verified badge; rejected items return with feedback
The most-tested module in the codebase.
A multi-step questionnaire that generates a complete skin profile and personalised recommendations. 90% line coverage on the scoring engine.
Wired into Bangladesh's real infrastructure.
Three payment gateways covering 95%+ of digital payments, real-time courier tracking via Pathao, and WhatsApp Business for buyer comms.
What it does. End to end.
Purpose-built systems designed for the skincare marketplace — from verification pipelines to personalized recommendations.
Product Verification Pipeline
Every product undergoes invoice checks, COA validation, batch tracking, and expiry monitoring before going live. Admin review queue with approve/reject workflow.
Personalized Skin Quiz
Multi-step questionnaire generating complete skin profiles with scientifically weighted scoring. Classifies skin type, generates exclusion lists, and recommends products with match scores.
COD Fraud Detection
Multi-signal fraud detection analyzing ordering patterns, recipient info, and transaction behavior. Risk scoring with automatic blocking and manual review flags.
Multi-Portal Architecture
Four isolated portals — Buyer, Seller, Admin, Warehouse — each with dedicated layouts, navigation, workflows, and permission boundaries.
Warehouse Pick-Pack-Ship
FIFO inventory management with batch-level traceability. Orders assigned to pickers, packed with quality evidence, dispatched with real-time tracking.
Regional Localization
Phone normalization, geographic hierarchy, local currency handling, regional payment gateways, logistics integration, and bilingual UI.
The stack. And the reason for each pick.
No exotic tooling. Every choice optimises for systems that survive their second year of production.
Tests are the contract. And the proof.
Coverage thresholds are enforced in CI. PRs are blocked on red.
Eight layers of defence. Built in.
- ✓OTP-based login for buyers with phone number validation and normalization
- ✓Credential-based login for admin/seller with secure password hashing
- ✓Tamper-proof sessions using HMAC-SHA256 signed cookies with nonces
- ✓Granular RBAC with predefined and custom roles across all modules
- ✓Session timeout with inactivity detection and device sleep/wake awareness
- ✓Rate limiting with multiple presets for different endpoint categories
- ✓Security headers: CSP, HSTS, X-Frame-Options, XSS protection
- ✓Immutable audit logging of all administrative actions for compliance
What they said.
“CodeVix Labs took TheSkinProof from idea to a live, multi-portal marketplace — buyer storefront, seller draft pipeline, admin review, warehouse fulfilment, fraud scoring, and manual MFS settlement — without us having to translate skincare into engineering. They shipped what we asked for, and then asked the questions we hadn't thought to.”
Want a system like this? We've done it before.
15 minutes, engineer-to-engineer. We'll talk through your system, what we'd flag, and whether we're the right team.