ADAW FBA Scanner

Capability	Recommended for Amazon arbitrage ADAW Scanner	SellerAmp	Tactical Arbitrage	Manual research
Discovery
Autonomous Top Sellers discovery	Yes	—	Retailer scrape only	—
Retailer-scraping breadth	—	—	1,400+ stores	Manual
Shared catalog cache (instant first scan)	Yes	—	—	—
Validation & scoring
Composite 0–10 Green/Yellow/Red score	Yes	Pass / Fail	ROI rank	—
FBA eligibility & gating check	Yes	Yes	Limited	—
90-day Keepa history per ASIN	Included	Add-on / paid Keepa sub	Add-on / paid Keepa sub	Paid Keepa sub
Workflow & alerts
Real-time Discord alerts on new Greens	Yes	—	—	—
FBA arbitrage sweet-spot filter	Yes	Per-lookup only	ROI threshold	—
One-click SellerAmp / SAS export	Yes	Native	—	—
Browser extension on the Amazon listing page	—	Yes	—	—
Pricing & onboarding
Monthly cost	$49 – $179	$35 – $50	$59 – $129	Hours per ASIN

Scan Progress

Eligible opportunities —

—

ungated — ready to source & list

Pool

—

shared catalog

Checked by you

—

Ungated

—

— gated

Data Quality Shared pool enrichment

Auto-Enriching

Pool enrichment

0 Pool size Shared pool (7d)

0 Fresh data enriched <7d

-- Last updated enrichment service

Price stability -- avg across enriched

Sales trend --

rank movement

BSR drops / 30d -- sales velocity

Avg Profit / Unit

—

across Green products (excl. buy cost)

Avg Profit Margin

—

After Amazon fees (excl. buy cost)

Amazon Presence

—

Avg Competition

—

Quality Distribution

Top Categories

Price Distribution

Top Opportunities

Eligible Products

Quick Picks

ASIN	Product	Price	Sellers	Buy Box	Category	Sales/Mo	Score	Max Buy 30%	Max Buy 50%

Recent Categories

	Category	Parent	Discovered	Checked	Eligible	Hit Rate	Pages	Scanned At
No categories scanned yet Run a Top Sellers scan to populate this list with the categories Amazon ranked.

Loading insights...

Scan History

Past Scan Sessions

Compare Mode

Get oriented in 2 minutes

Take the interactive tour

A guided 10-step walkthrough highlights every key feature — perfect for first-time users or anyone returning after a redesign.

Run my first scan

Step-by-step from Scan button to first eligible products

Understand the score

What Green / Yellow / Red mean and how the 0-10 is built

Read sales signals

Amazon Badge, BSR drops, Keepa history — what to trust

Common questions

FAQ, keyboard shortcuts, exporting CSVs

Getting Started

ADAW Scanner is an Amazon FBA product intelligence tool. It pulls a shared pool of current Top-Seller ASINs, scores each one against your seller eligibility, and surfaces the profitable resale opportunities.

How It Works

Shared catalog (runs once globally): A background worker pulls the day's Top Sellers from Keepa across ~29 non-media root categories and writes them into a single shared catalog. Every tenant scores against the same pool — one Keepa refresh covers all users.
Continuous Keepa enrichment: The same worker keeps the pool fresh by refilling Amazon Badge sales, BSR drops, price history, and offer trends. Budget is 60 Keepa tokens/minute.
Your eligibility scan: When you click Scan, the current pool is seeded into your per-tenant queue, then each ASIN is run through Amazon's SP-API for your seller account — eligibility, live offers/fees, Buy Box — and the result is scored 0-10 (Green / Yellow / Red).
Instant lookup: On the Products tab, paste any ASIN (or Amazon URL) to get the full report in 3-6 seconds. Uses one Keepa token only if the shared catalog data is stale.

Starting a Scan

Click Scan in the top-right to run eligibility against the shared pool. The caret next to it picks the mode: Fresh (2-day window, today's Top Sellers), Deep (7-day window, last week's accumulation), or Custom (pick your own).
Click Stop to halt. Progress is saved — clicking Scan again resumes from where you stopped.
Restart wipes all scan data and starts from a clean slate. Session history is preserved.

Dashboard Sections

Overview

Live scan state: status, pool size (live, shared across all tenants), your checked count, and your eligible vs. not-eligible split. During an active scan, a dedicated progress panel surfaces throughput (ASINs/min), ETA, and the last 5 Greens discovered this session.

Data Quality

Tracks how well the shared pool is enriched with Keepa data — the percentage of the pool that has fresh (< 7 day) sales/BSR data, plus an ETA to full coverage at the current throughput.

Product Intelligence

Appears once you have eligible products. Shows aggregate analytics:

Avg Profit / Unit — Per-unit net profit across Green-rated products (sale price − Amazon fees, excluding buy cost).
Avg Profit Margin — Sale price remaining after Amazon fees.
Amazon Presence — Share of listings where Amazon sells directly.
Avg Competition — Average seller count per listing.
Quality Distribution — Breakdown of products by Green / Yellow / Red score.

Products Tab

A sortable, searchable table of eligible products, plus the instant lookup bar at the top. Click any row for the full product modal.

Lookup bar — paste an ASIN or Amazon URL for a SellerAmp-style report in 3-6 seconds.
Toggle Green Light to see only top-rated products.
Toggle Hide Amazon Buy Box to exclude products where Amazon holds the Buy Box.
Click ★ Watchlist to show only starred products; click the star on any row to add it.
Click any column header to sort ascending/descending.

Keyboard Shortcuts

/ — Focus the search bar
j / k — Navigate product rows up/down
Enter — Open product modal for the focused row
s — Toggle watchlist star on focused row
? — Show keyboard shortcuts help dialog
Esc — Close modals and overlays

Keepa Historical Data

Keepa provides 90-day historical pricing, sales rank trends, and competition data. This data helps you understand whether a product's current metrics are typical or unusual.

Keepa Metrics Explained

Price (30d / 90d avg)Average Amazon price over the last 30 and 90 days. Compare with current price to spot temporary discounts or inflation.

Price StabilityHow much the price fluctuates. Stable = predictable margins. Volatile = risky pricing.

Sales Rank TrendIs demand growing (Improving), steady (Stable), or shrinking (Declining) vs. the historical average?

Avg Sellers (90d)Average number of sellers over 90 days. Compare with current count to spot trends.

Competition TrendAre more sellers entering (Increasing) or leaving (Decreasing) this listing?

Monthly Sold (Amazon Badge)Amazon's own "bought in past month" data captured by Keepa. This is NOT an estimate — it's Amazon's actual badge shown on product pages.

BSR Drops (30d/90d/180d)Count of BSR improvements (high→low transitions) indicating sales. Each drop = at least 1 sale. Same data SellerAmp shows.

How Keepa Enrichment Works

A single background worker owns all Keepa calls. It continuously refreshes the shared pool at the 60 tokens/minute ceiling — one enrichment covers every tenant. You never need to trigger enrichment manually; the Data Quality card on the Overview shows the live coverage % and ETA to full coverage.

Keepa API — Important Notice

Do not change the Keepa API key unless you know exactly what you are doing. The key is pre-configured and linked to a paid subscription plan.
Do not modify Keepa settings in the code or environment variables. The token budget (1 token per product, 60 tokens/minute, ~86K/day theoretical max) is calibrated for the current subscription tier.
Token usage is automatic. The worker manages its own rate limiting and will pause when tokens run low. You do not need to manually manage tokens.
Single-ASIN lookup on the Products tab spends at most 1 Keepa token — zero if the shared catalog already has fresh (<24h) data for that ASIN.
Cost awareness: Keepa is a paid service. Excessive code changes or unnecessary lookups could push consumption beyond the monthly budget.

Green Light Score Guide

The Green Light Score uses a weighted 0–10 scale across five components:

Profit Quality (up to 2.5): Margin percentage and net profit per unit — higher margins score higher on a continuous curve
Sales Velocity (up to 2.0): Estimated monthly sales — uses Keepa's monthly sold when available, falls back to BSR estimate. Confidence penalty applied: HIGH (Keepa badge) = full weight, MED (BSR drops) = 0.7x, LOW (BSR formula) = 0.4x
Competition (up to 2.0): Amazon Buy Box absence (+1.0) and FBA seller count — fewer FBA sellers score higher
Price Point (up to 1.5): Sale price on a sliding scale — products $30+ score highest, under $8 score zero
Keepa Trends (up to 2.0): Price stability, sales rank trend, and competition trend from Keepa historical data

ROI Bonus (up to +0.5): Products with high Max Buy Cost (30% ROI) receive a small bonus.

BSR Safety Penalty: Products with BSR > 500,000 receive a penalty (very slow-moving items).

Private Label Risk: Products with fewer than 2 historic sellers (90-day Keepa avg) receive a -0.5 penalty for possible IP/PL risk.

Amazon Buy Box Override: If Amazon holds the Buy Box, the product is automatically scored Red (0) regardless of other criteria.

Score Interpretation

Green (7.0+): Strong opportunity. High margins, low competition, good demand.
Yellow (4.5–6.9): Moderate opportunity. One or two concerns — investigate further.
Red (0–4.4): Weak opportunity. Multiple red flags — likely not worth pursuing.

Data Export

Click the Export CSV button (top of the Eligible Products table) to download all eligible products as a spreadsheet. The export includes all columns visible in the table plus the Green Light score.

Tips & FAQ

Why are some products marked ineligible? Products are filtered out if they are gated (restricted), excluded-category (Books, Kindle, media), or blocked by seller-specific restrictions.
Why does Pool size (Overview) differ from my queue size (scan panel)? Pool size is the live shared catalog — it grows daily as the catalog cron adds new Top Sellers. Your queue was seeded from the pool at the moment your scan started, so it's a frozen snapshot. The scan bar tracks queue progress so it stays monotonic.
How accurate are sales estimates? Amazon Badge data (HIGH confidence) comes directly from Keepa's capture of Amazon's own "bought last month" label. BSR Drops (LOW) counts BSR improvements in the last 30 days — each drop = at least one sale. BSR Formula (LOW) is a category-calibrated model of last resort.
Can I run multiple scans? Only one scan runs per tenant at a time. Click Stop before starting a new one.
Does the scanner auto-save? Yes. All data is saved to the database in real-time. You can close your browser and come back — nothing is lost.
What does adding a 10th tenant cost? Zero additional Keepa tokens. The pool is shared across every tenant. Each new tenant only adds their own SP-API eligibility calls.

Company

Scanner

Technical

Reference

SaaS Scaling

About ADAW LLC

Bay Area e-commerce distribution company specializing in Amazon FBA wholesale and arbitrage.

Who We Are

ADAW LLC is an e-commerce distribution and fulfillment company headquartered in the San Francisco Bay Area, California. We specialize in Amazon FBA wholesale distribution and online arbitrage, using proprietary technology and data-driven sourcing to identify profitable product opportunities across Amazon's marketplace.

Our Mission

To democratize Amazon product research through automation and data intelligence. Our proprietary platform, DistroTrack (the scanner you are using right now), transforms what was once hours of manual product research into an automated, comprehensive analysis pipeline that scans Amazon's entire catalog.

What We Do

Wholesale Distribution

We source products from authorized distributors and brands at wholesale prices, selling through Amazon's FBA program for margin-positive returns.

Product Intelligence

Our DistroTrack platform scans Amazon's top-selling products to identify ungated, profitable, low-competition opportunities automatically.

Multi-Channel Fulfillment

We use Amazon's FBA infrastructure for storage, shipping, and customer service, enabling scalable operations without physical warehouse overhead.

Compliance & Licensing

Fully licensed for distribution across all 50 states with comprehensive insurance coverage and zero compliance violations on record.

Company Details

Company Name	ADAW LLC
Headquarters	San Francisco Bay Area, California
Industry	E-Commerce Distribution & Fulfillment
Specialization	Amazon FBA Wholesale & Online Arbitrage
Technology Platform	DistroTrack (Proprietary Product Intelligence)
Brand Partnerships	32+ Authorized Brands
Licensing	All 50 U.S. States

Team & Roles

Meet the team behind ADAW LLC and DistroTrack.

August Delicath

Business Development

Manages brand relationships, wholesale account acquisition, and strategic partnerships. Drives revenue growth through new distribution agreements and market expansion. Leads sourcing strategy and supplier negotiations.

Shota Tonari

Technical Lead

Designed and built the DistroTrack platform from the ground up. Manages all infrastructure, API integrations (SP-API, Keepa, Supabase), deployment pipelines, database architecture, and ongoing product development.

Addison Wong

E-Commerce Operations

Manages Amazon seller accounts, listing optimization, inventory management, and day-to-day operational workflows. Oversees product prep, shipping logistics, and customer experience across all sales channels.

Jaeyoung Choi

Operations Intern

Assists with product research, data analysis, and operational support. Contributes to process improvement initiatives, market analysis, and category research for brand expansion opportunities.

Organizational Structure

ADAW LLC ├── Business Development (August) ─── Brand partnerships, sourcing, wholesale accounts ├── Technology (Shota) ─────────────── DistroTrack platform, infrastructure, APIs ├── E-Commerce Operations (Addison) ── Amazon accounts, inventory, fulfillment └── Operations Support (Jaeyoung) ──── Research, data analysis, process support

Services

Our core service offerings spanning distribution, fulfillment, and technology.

📦

Wholesale Distribution

Direct sourcing from authorized distributors and brand partners. We maintain relationships with 32+ brands across multiple product categories, purchasing at wholesale pricing for resale on Amazon. Our distribution network covers health & household, beauty & personal care, grocery, home & kitchen, and more.

🚚

Amazon FBA Fulfillment

End-to-end fulfillment through Amazon's FBA program — from product listing and prep to shipping, customer service, and returns handling. We rely on Amazon's logistics network for 1-2 day delivery nationwide with Prime eligibility.

📈

DistroTrack Intelligence Platform

Our proprietary product-intelligence tool that scans Amazon's Top Sellers against a shared, continuously enriched Keepa catalog of 500K+ ASINs. Features include automated discovery, per-tenant eligibility checks, Green Light scoring (0–10 with confidence-tiered velocity), 90-day Keepa history, instant single-ASIN lookup, and CSV / SAS exports.

📋

Compliance Management

Full regulatory compliance across all 50 states. We maintain distribution licenses, tax registrations, W-9 documentation, and comprehensive business insurance. Our compliance-first approach ensures zero violations and sustainable operations.

💰

Market Intelligence & Analytics

Data-driven category analysis, pricing strategy, and competition monitoring. Integrated Keepa historical data provides 90-day price trends, sales-rank trajectories, and seller-count changes. The Insights tab surfaces category yield rates, price-band analysis, and brand-level performance across the shared catalog.

🌐

Multi-Channel Strategy

While Amazon FBA is our primary channel, our data infrastructure and product intelligence capabilities extend across e-commerce platforms. Category-level insights and brand relationships position ADAW for expansion into additional marketplaces.

Brand Portfolio

Our authorized brand partnerships and distribution agreements.

Authorized Brands

ADAW LLC maintains authorized distribution agreements with 32+ brands across multiple product categories including health & household, beauty & personal care, grocery, and home & kitchen.

Live Brand Data: For a complete, real-time view of all brands detected in your scan data — including ungated status, product counts, and revenue estimates — see the Brands tab in the main dashboard navigation.

Brand Relationship Overview

Authorized Distribution

Direct wholesale agreements with brand owners or their authorized distributors, ensuring authentic products and competitive pricing at scale.

Ungated Access

Our Amazon seller account is approved (ungated) to sell in restricted brand categories, giving us access to products most sellers cannot list.

Category Diversity

Portfolio spans multiple Amazon categories — reducing risk through diversification and enabling us to capitalize on seasonal trends across niches.

Continuous Expansion

Our business development team actively pursues new brand partnerships, with a focus on high-margin, low-competition product lines identified by DistroTrack.

How Brand Data Integrates with DistroTrack

When the scanner discovers eligible products, it automatically detects and tracks the brand associated with each listing. This data feeds into the Brands tab, which provides:

Brand-level analytics: Total products, average margins, and revenue estimates per brand
Ungated highlighting: Brands we are authorized to sell are visually highlighted for quick identification
Product drill-down: Click any brand to see all eligible products from that brand with full competitive analysis
Export capabilities: Export brand-level data for sourcing and purchasing decisions

Credentials & Compliance

Our licensing, insurance, and regulatory compliance documentation.

Compliance Overview

ADAW LLC maintains comprehensive compliance across all operational jurisdictions, ensuring legal and regulatory adherence for all distribution and sales activities.

Credential	Status	Details
State Distribution Licenses	Active — All 50 States	Licensed for wholesale distribution in every U.S. state
Compliance Record	Zero Violations	Clean compliance record with no violations, citations, or penalties
W-9 Tax Documentation	On File	Current W-9 form on file with all distribution partners and platforms
Business Insurance	Active	Comprehensive general liability and product liability coverage
Amazon Seller Account	Professional — Good Standing	Active Professional seller account with full FBA enrollment
Business Entity	Active LLC	Registered Limited Liability Company in the state of California
Resale Certificates	Active	Valid resale certificates for tax-exempt wholesale purchasing

Compliance Practices

Regulatory Monitoring

We actively monitor regulatory changes across all 50 states to ensure continued compliance with distribution and sales requirements.

Documentation Management

All licenses, permits, and compliance documents are tracked with renewal dates and maintained in a centralized system.

Amazon Policy Compliance

Full adherence to Amazon's seller policies, restricted product guidelines, and intellectual property requirements.

Brand Authorization

All products sold are sourced through authorized channels with proper documentation to prevent counterfeit or unauthorized listings.

Scanner Overview

What is ADAW Scanner and what it does for your product research.

What Is ADAW Scanner?

ADAW Scanner is a fully automated Amazon FBA product-intelligence tool for wholesale and online-arbitrage sellers. A background worker continuously enriches a shared catalog of 500K+ Top Seller ASINs with Keepa data; when a tenant runs a scan, the system checks each ASIN for the seller's specific eligibility, pulls live SP-API pricing, fees, and offers, scores the result, and surfaces ranked Green-light winners.

Unlike manual product research (clicking through Amazon listings one by one), ADAW Scanner automates the entire pipeline. It has one scan mode — Top Sellers — backed by the shared catalog:

Catalog
Enrichment worker keeps the shared 500K-ASIN pool fresh (1 hour cycle)

→

Seed
Per-tenant scan pulls a slice of the catalog into its own queue (zero Keepa cost)

→

Check
SP-API: eligibility, pricing, fees, offers per ASIN (parallel waves)

→

Score
Green Light Score 0–10 with confidence-tiered sales velocity

The end result is a ranked list of eligible products with margin, fees, competition, sales-velocity estimates, and investment recommendations — usually delivered overnight while you sleep.

Alerts & notifications: Discord webhooks fire for high-quality Green Light products (score 7.0+ with 100+ monthly sales). Browser notifications fire on scan completion and Green-light batch discoveries.

How Scanning Works

From shared catalog to scored opportunities — the per-tenant Top Sellers scan pipeline.

How Scanning Works

Top Sellers is the only scan mode (April 2026 pivot). Each scan runs against a shared, pre-enriched catalog of 500K+ ASINs that the enrichment worker maintains in PostgreSQL — the scanner itself never calls Keepa during a scan. The pipeline runs as four phases per tenant:

Phase 1 — Seed the queue

When a tenant clicks Scan, _populate_scan_from_shared_catalog() in finder.py copies a slice of the shared catalog into that tenant's scan_asins table. ASINs already checked recently are skipped. Zero Keepa tokens are spent here — everything the scanner needs (BSR, monthly_sold, drops, trends, prices) was already enriched in shared_catalog.

Phase 2 — Eligibility check (per-ASIN, serial)

_scan_phase_eligibility() pulls 100 ASINs at a time from scan_asins and runs Amazon's getListingsRestrictions for each one with a 0.2 second gap (the SP-API rate limit). Roughly 92% of ASINs come back ineligible (gated, restricted brands, excluded categories) and skip the rest of the pipeline. The remaining ~8% continue.

Phase 3 — Wave 1 (pricing + catalog, parallel)

For each eligible ASIN, two SP-API calls run in parallel via a 2-worker ThreadPoolExecutor:

Wave 1 (parallel): · getCompetitivePricing → sale price, list price · getCatalogItem → product name, brand, category, BSR, image

Both endpoints are rate-limited at 0.5 req/sec, so wave 1 takes ~0.5 s per ASIN.

Phase 4 — Wave 2 (fees + offers, parallel)

Wave 2 fires the two most expensive SP-API endpoints in parallel:

Wave 2 (parallel): · getMyFeesEstimate → total Amazon fees (referral + FBA) · listOffersByASIN → Buy Box holder, seller count, FBA count, Amazon-on-listing

These are limited to 0.5 req/sec each, so wave 2 takes ~2 s per ASIN. After wave 2, the result is scored and written to checked_asins.

Early skip-outs

Wave 2 is skipped for ASINs that clearly won't profit, saving ~50% of the SP-API call budget on bad listings:

Trigger	Threshold	What Happens
Low price	Sale price < $12	Skip fee estimate (margin will be negative); offers still fetched for Amazon-on-listing detection
Oversaturated	Seller count > 15	Skip fee estimate; offers still fetched for Buy Box detection
Ineligible	`getListingsRestrictions` rejected	Skip both waves entirely; record reason in `eligibility_cache`

Even early-skipped products still get basic data stored: estimated_monthly_sales, amazon_on_listing, fba_seller_count, buy_box_price, buy_box_seller. Realistic throughput is 30–55 ASINs/minute depending on the eligibility rate.

Sales estimation tiers

Monthly-sales estimates come from the shared_catalog data the enrichment worker already populated. Each estimate carries a confidence tier that's used as a multiplier on the Sales Velocity score component:

Tier	Source	Multiplier	When It Fires
HIGH	Keepa Amazon Badge (validated)	1.0×	Badge value matches 30-day BSR drops within a 0.3–3.0 ratio — both signals agree.
MEDIUM	Keepa Amazon Badge (unvalidated)	0.85×	Badge present but no recent drops to cross-check against, or drops not yet enriched.
LOW	30-day BSR Drops	0.35×	No badge, but Keepa observed BSR rank drops (each drop ≈ 1 sale).
NONE	BSR Formula (no Keepa)	0.1×	Pure category-calibrated math while enrichment is still pending. Last resort.

BSR Formula (NONE-tier fallback)

When neither badge nor drops are available, estimate_monthly_sales(bsr, category) uses a power-curve calibrated against SellerAmp SAS ground truth:

estimate = factor × bsr ^ exponent

Category-specific (factor, exponent) pairs are defined for ~27 categories (e.g., Home & Kitchen: 114069 × BSR^-0.77; Electronics: 237841 × BSR^-0.75). The formula requires the root category BSR from Keepa — subcategory BSRs from SP-API produce wildly inaccurate numbers.

Concurrency model: ASINs are processed serially within a tenant scan; within each ASIN, Wave 1 and Wave 2 each fan out to two SP-API endpoints in parallel. The enrichment worker runs in a separate process and never blocks the scanner. Tenant scans never compete for Keepa tokens because shared_catalog is pre-warmed.

Scoring System

The Green Light Score and how products are rated on a weighted 0-10 scale.

Scoring & Green Light System

Every eligible product is scored using the Green Light Score, a composite rating based on real-world arbitrage viability criteria derived from extensive SellerAmp SAS analysis.

Hard Rejects (Instant Red)

This condition immediately disqualifies a product with a score of 0 (Red), regardless of all other criteria:

Condition	Why
Amazon Holds Buy Box	FBA sellers cannot compete with Amazon on the Buy Box. Amazon will always win the sale. Products where Amazon is the Buy Box holder receive an automatic score of 0 and grade F (Avoid).

Weighted Components (0-10 scale)

The total theoretical maximum is ~11.0 points, clamped to 10.0. Products without Keepa enrichment are rescaled from 0–9.5 to 0–10.0 so they aren't unfairly capped below the Green threshold while their Keepa data is still being fetched.

Component	Max Points	What It Measures
Profit Quality	2.5	Fee-margin curve gated by net-profit floor (uses `PREP_COST = $0.20` constant). Margin tiers: 60%+ = 2.5, 50% = 2.0, 40% = 1.5, 30% = 1.0, 20% = 0.5, 15% = 0.3. Net profit below $1 zeroes the component; $1–$3 scales it down.
ROI Signal	2.0	Based on `max_buy_cost_30_roi` (maximum buy cost that still yields 30% ROI). >$20 = 2.0, >$15 = 1.5, >$10 = 1.0, >$7 = 0.7, >$5 = 0.4, >$3 = 0.2. Bonus +0.2 if 50% ROI is also achievable.
Sales Velocity	2.5	Continuous curve over `estimated_monthly_sales`: ≥5K = 2.5, ≥2K = 2.3, ≥1K = 2.2, ≥500 = 2.0, ≥300 = 1.7, ≥200 = 1.4, ≥100 = 1.0, ≥50 = 0.8, ≥30 = 0.5, ≥10 = 0.2. Multiplied by a confidence factor: high = 1.0×, medium = 0.85×, low = 0.35×, none = 0.1× (see Sales Estimation Tiers below).
Competition	2.0	Amazon absent on listing = +1.0. FBA seller count: 0 = 0, 1 = −0.2, 2–3 = +0.5, 4–7 = +1.0, 8–15 = +0.8, 16–25 = +0.5, >25 = +0.2. If FBA count is unavailable, falls back to total seller count: ≤1 = −0.5, ≤3 = +0.4, ≤10 = +0.7, ≤20 = +0.5, >20 = +0.2.
Keepa Trends	1.5	Price stability (coefficient of variation): <0.10 = +0.6, <0.15 = +0.45, <0.25 = +0.2. Sales rank trend: improving = +0.55, stable = +0.25. Competition trend: decreasing = +0.35, stable = +0.2. Only available once enrichment has run.
Price Point	0.5	Light bonus for higher-priced items that absorb Amazon fees better: ≥$50 = +0.5, ≥$30 = +0.35, ≥$20 = +0.2, ≥$12 = +0.1.

Sales Estimation Tiers

The confidence factor on Sales Velocity comes from where the monthly-sales number was sourced:

Tier	Source	Multiplier	When It's Used
HIGH	Keepa Amazon Badge (validated)	1.0×	Badge value is consistent with 30-day BSR drops (ratio between 0.3 and 3.0). Highest trust.
MEDIUM	Keepa Amazon Badge (unvalidated)	0.85×	Badge present but no recent drops to cross-check, or drops data not yet enriched.
LOW	30-day BSR Drops	0.35×	No badge, but Keepa observed BSR improvements (each drop ≈ 1 sale).
NONE	BSR Formula (no Keepa)	0.1×	Pure category-calibrated math. Last-resort estimate while Keepa enrichment is still pending.

Penalties

Modifier	Points	What It Measures
BSR Safety	−0.5 to −1.0	BSR > 500,000 = −0.5; BSR > 1,000,000 = −1.0. Extremely slow-moving products get penalized regardless of other signals.
Private Label Risk	−0.5	Triggered when Keepa's 90-day average offer count is < 2.0. Products with historically few sellers may be private-label — risky for resale due to potential IP complaints.
Demand Floor	cap at 6.9	If estimated monthly sales < 100 OR confidence is "none", the score is capped at Yellow (6.9) regardless of other signals. Green requires meaningful demand evidence.

Score Labels

GREEN

7.0+

Strong opportunity. High weighted score across profit, sales, competition, price, and Keepa trends.

YELLOW

4.5-6.9

Moderate opportunity. Some strong signals but needs further research before investing.

RED

0-4.4

Low opportunity. Hard reject, thin margins, Amazon dominance, weak sales, or monopoly.

Top Opportunities Quality Gates

Products must pass ALL of these filters to appear in Top Opportunities:

Gate	Condition	Why
No Amazon on listing	`amazon_on_listing = false`	Amazon as seller kills buy-box share for 3P sellers
No Amazon Buy Box	`buy_box_seller ≠ "Amazon"`	Even if Amazon isn't "on listing," they can hold Buy Box
Healthy competition	`seller_count ≥ 5`	5+ sellers = IP-safe distributed listing, healthy 3P presence
FBA seller present	`fba_seller_count ≥ 1`	At least 1 FBA seller confirms the product is suitable for FBA arbitrage
Not Red score	`score_label ≠ "Red"`	Only Yellow and Green products pass (some viable criteria met)
Minimum profit	`profit_per_unit ≥ $3.00`	Below $3 profit, FBA prep costs and shipping eat into margins

Opportunity Score Formula

Products that pass all quality gates are ranked by a composite opportunity score:

base_score = (monthly_sales × margin × retailer_penalty × competition_factor) / max(seller_count, 1) Where: margin = (sale_price - total_amazon_fees) / sale_price retailer_penalty = 0.3 if Amazon on listing, else 1.0 competition_factor: ≤ 1 seller = 0.1 (monopoly = very bad) 2 sellers = 0.5 (duopoly = risky) ≥ 3 sellers = 1.0 (healthy competition)

Keepa Multipliers

If Keepa data is available, the base score is multiplied by trend factors:

Factor	Condition	Multiplier
Sales rank trend	Improving (growing demand)	× 1.2
Sales rank trend	Declining (shrinking demand)	× 0.8
Price stability	CV < 0.15 (stable pricing)	× 1.1
Price stability	CV > 0.25 (volatile pricing)	× 0.9
Competition trend	Increasing (more sellers entering)	× 0.9

The top 10 products by opportunity score are displayed on the Overview tab. Scoring is continuous (0–10) plus the Green / Yellow / Red label — there is no letter-grade overlay; ranking is by raw opportunity score.

Insights

Category performance analytics from your scan data.

Category Intelligence

After running a Top Sellers scan, the Insights tab shows category-level analytics including hit rates, average margins, competition levels, and price sweet spots. Use this data to understand which product categories offer the best opportunities.

From-Scratch Setup

Complete guide to recreate the entire system from zero. No prior knowledge required.

Prerequisites

Requirement	Version	Why
Python	3.11+	Runtime for the backend (Flask, scanner engine, Keepa client)
Git	Any	Clone the repository, push deploys
GitHub Account	—	Host the repository, trigger Railway auto-deploys
Amazon Professional Seller Account	—	Required for SP-API access (Individual plan won't work)
Amazon SP-API Developer Registration	—	API credentials for product data, eligibility, fees

Step 1: Amazon SP-API Setup

The scanner uses Amazon's Selling Partner API for all product data. You need 6 credentials:

Register as SP-API Developer: Go to sellercentral.amazon.com → Apps & Services → Develop Apps → Register as developer. Choose "Self-authorization" (you're accessing your own seller account).
Create an IAM User: In the AWS Console, create an IAM user with sts:AssumeRole permission. Save the Access Key ID and Secret Access Key.
Create an IAM Role: Create an IAM role with a policy that allows execute-api:Invoke on arn:aws:execute-api:*:*:*. Set the trust policy to allow your IAM user to assume the role. Copy the Role ARN.
Create an LWA App: In Seller Central → Develop Apps, create a new app. After approval, note the LWA Client ID and LWA Client Secret.
Self-Authorize: Authorize the app on your own seller account. This generates a Refresh Token.
Get your Seller ID: In Seller Central → Account Info → Your Merchant Token (also called Seller ID).

You now have these 6 values:

SP_API_REFRESH_TOKEN=Atzr|... (long token from self-authorization) SP_API_LWA_APP_ID=amzn1.application-oa2-client.abc123... SP_API_LWA_CLIENT_SECRET=amzn1.oa2-cs.v1.abc123... SP_API_AWS_ACCESS_KEY=AKIA... (IAM user access key) SP_API_AWS_SECRET_KEY=wJalr... (IAM user secret key) SP_API_ROLE_ARN=arn:aws:iam::123456789012:role/SellingPartnerAPIRole

Also set your marketplace and seller:

SELLER_ID=A1B2C3D4E5F6G7 (your Amazon Merchant Token) MARKETPLACE_ID=ATVPDKIKX0DER (US marketplace, this is the default)

Step 2: Supabase Auth Setup

Supabase provides user authentication (login/logout, JWT tokens, password reset). It's free for small projects.

Go to supabase.com and create a free account.
Create a new project. Choose a name and set a database password (you won't use the DB directly).
Go to Settings → API and copy:
- Project URL → this is your SUPABASE_URL
- anon / public key → this is your SUPABASE_ANON_KEY
- JWT Secret (under "JWT Settings") → this is your SUPABASE_JWT_SECRET
Go to Authentication → Providers and ensure Email is enabled.
Go to Authentication → Users and create a user with email + password. This will be your login credential.

SUPABASE_URL=https://xxxxx.supabase.co SUPABASE_ANON_KEY=eyJhbGciOiJI... (long JWT-format key) SUPABASE_JWT_SECRET=your-jwt-secret-here ALLOWED_EMAILS=yourname@email.com (optional, comma-separated allowlist)

Local dev shortcut: If you leave SUPABASE_JWT_SECRET empty, all authentication is skipped. Useful for local testing without a Supabase account.

Step 3: Keepa API Setup (Optional)

Keepa provides 90-day historical data (price trends, sales rank, competition changes). Without it, the scanner still works but scores max at 8/10 instead of 10/10 (the Keepa Trends component adds up to 2.0 points).

Go to keepa.com and create an account.
Subscribe to the API Starter Plan (€49/mo). This gives you 20 tokens/minute.
Go to your API settings and copy your API key.

KEEPA_API_KEY=your-keepa-api-key-here

Token budget: Each product query costs 1 token. At 20 tokens/min you can enrich ~1,200 products/hour.

Step 4: Clone & Install

# Clone the repository git clone https://github.com/sh0takun/amazon-fba-finder.git cd amazon-fba-finder # Create a virtual environment python -m venv venv # Activate it # Windows: venv\Scripts\activate # macOS/Linux: source venv/bin/activate # Install dependencies pip install -r requirements.txt

The requirements.txt includes: flask, python-amazon-sp-api, gunicorn, PyJWT, keepa, numpy, python-dotenv, psutil.

Step 5: Configure Environment Variables

Create a .env file in the project root with all your credentials:

# Amazon SP-API (required) SP_API_REFRESH_TOKEN=Atzr|... SP_API_LWA_APP_ID=amzn1.application-oa2-client... SP_API_LWA_CLIENT_SECRET=amzn1.oa2-cs.v1... SP_API_AWS_ACCESS_KEY=AKIA... SP_API_AWS_SECRET_KEY=wJalr... SP_API_ROLE_ARN=arn:aws:iam::123456789012:role/YourRole SELLER_ID=YOUR_SELLER_ID MARKETPLACE_ID=ATVPDKIKX0DER # Supabase Auth (leave JWT_SECRET empty for local dev without auth) SUPABASE_URL=https://xxxxx.supabase.co SUPABASE_ANON_KEY=eyJhbGciOiJI... SUPABASE_JWT_SECRET= ALLOWED_EMAILS= # Keepa (optional) KEEPA_API_KEY= # Database (optional, defaults to checked_asins.db in script directory) DB_PATH=

Step 6: Run Locally

# Start the dashboard (dev mode, auto-reload on file changes) python dashboard.py

Open http://localhost:5000 in your browser. If SUPABASE_JWT_SECRET is empty, you'll be logged in automatically.

The SQLite database (checked_asins.db) is auto-created on first run with all required tables and schema migrations.

Step 7: Deploy to Railway

Push your code to a GitHub repository.
Go to railway.app and create a new project. Choose "Deploy from GitHub repo" and select your repository.
Add a persistent volume: In your Railway service, go to Settings → Volumes → Add Volume. Mount it at a path like /data. Set DB_PATH=/data/scanner.db so the database survives redeploys.
Set environment variables: In Settings → Variables, add all the env vars from Step 5 (with real values this time, including SUPABASE_JWT_SECRET).
Add a custom domain (optional): In Settings → Networking → Custom Domain, point your domain to Railway.
Railway auto-deploys on every push to main. The Procfile tells Railway how to start:
web: gunicorn dashboard:app --bind 0.0.0.0:$PORT --workers 2 --timeout 120

Step 8: Verify Everything Works

Check	How	Expected
Dashboard loads	Visit your URL	Login screen or dashboard appears
Login works	Enter Supabase user credentials	Dashboard loads with "Start Scan" button
Scan starts	Click "Start Scan"	Status shows "RUNNING", categories begin appearing
Products appear	Wait 5-10 min, check Products tab	Eligible products populate with prices, scores
Keepa enrichment	Click a product → "Refresh Live"	Keepa Insights section fills with trend data
Database persists	Redeploy (push a commit)	Products tab still shows previous scan data

Complete Environment Variables Reference

Variable	Required	Description
`SP_API_REFRESH_TOKEN`	Yes	OAuth refresh token from self-authorization in Seller Central
`SP_API_LWA_APP_ID`	Yes	Login With Amazon app client ID
`SP_API_LWA_CLIENT_SECRET`	Yes	Login With Amazon app client secret
`SP_API_AWS_ACCESS_KEY`	Yes	IAM user access key with sts:AssumeRole
`SP_API_AWS_SECRET_KEY`	Yes	IAM user secret key
`SP_API_ROLE_ARN`	Yes	IAM role ARN with execute-api:Invoke permission
`SELLER_ID`	Yes	Your Amazon Merchant Token / Seller ID
`MARKETPLACE_ID`	No	Amazon marketplace (default: ATVPDKIKX0DER = US)
`SUPABASE_URL`	For auth	Supabase project URL
`SUPABASE_ANON_KEY`	For auth	Supabase public/anon key (safe to expose)
`SUPABASE_JWT_SECRET`	For auth	JWT signing secret. Leave empty to disable auth (local dev)
`ALLOWED_EMAILS`	No	Comma-separated email allowlist. Empty = all authenticated users allowed
`KEEPA_API_KEY`	No	Keepa API key. Without it, historical data unavailable but scanner still works
`DB_PATH`	No	SQLite database file path. Default: `checked_asins.db` in script directory
`DISCORD_WEBHOOK_URL`	No	Discord webhook URL for Green Light product alerts (score 7.0+ with 100+ sales)
`ENRICHMENT_MODE`	No	Set to `1` on the enrichment worker to route Procfile to `python enrichment.py`
`ENRICHMENT_INTERVAL_HOURS`	No	Hours between enrichment cycles (default: 4). Controls how often the enrichment service refreshes stale catalog entries.
`ENRICHMENT_DAILY_BUDGET`	No	Maximum Keepa tokens the enrichment service can spend per day

Project File Structure

amazon-fba-finder/ dashboard.py — Flask web server + full frontend (~13,400 lines) finder.py — Scanner engine, SP-API integration, DB schema (~3,900 lines) keepa_client.py — Keepa API wrapper + data extraction (~820 lines) db.py — SQLite/PostgreSQL adapter with auto-translation (~540 lines) requirements.txt — Python dependencies Procfile — Railway/Heroku deployment command .env — Local environment variables (not committed) checked_asins.db — SQLite database (auto-created on first run)

Top Sellers Scan

Scan Amazon's best-selling products using Keepa's bestseller rankings.

How It Works

Top Sellers is the only scan mode (April 2026 pivot). It runs against the global shared_catalog — a pre-enriched pool of 500K+ Amazon best-selling ASINs that the enrichment worker keeps fresh independently of any tenant's scan. When you click Scan, the system seeds a per-tenant queue from the shared pool and runs SP-API eligibility checks. The scanner itself spends zero Keepa tokens.

Process Flow

Seed — _populate_scan_from_shared_catalog() copies a slice of shared_catalog into your tenant's scan_asins queue. Already-checked ASINs are skipped. Zero Keepa cost.
Eligibility — SP-API getListingsRestrictions runs serially per ASIN (0.2s gap, 100 ASINs per batch). Roughly 92% are filtered out as ineligible.
Wave 1 — For eligible ASINs: getCompetitivePricing + getCatalogItem in parallel (2-worker thread pool).
Wave 2 — getMyFeesEstimate + listOffersByASIN in parallel. Skipped for sale price < $12 or seller count > 15.
Score & persist — Compute Green Light Score 0–10, write to checked_asins, fire Discord webhook for new Greens.

Token Cost

Phase	SP-API calls	Notes
Seed from shared catalog	0	Pure DB read; data is pre-enriched
Eligibility (per ASIN)	1	`getListingsRestrictions`, 0.2s rate limit
Wave 1 (per eligible ASIN)	2	Pricing + catalog, parallel
Wave 2 (per qualifying ASIN)	2	Fees + offers, parallel; skipped for cheap or oversaturated listings
Total per scan	1–5 per ASIN	Keepa cost is amortized into the global enrichment budget (1 token/ASIN, 1-hour cycle)

Why This Design?

One Keepa refresh covers every tenant. Adding the 100th tenant adds zero Keepa cost — only their own SP-API eligibility calls.
Deterministic scan time. No more waiting on Keepa's bestseller endpoint mid-scan; the catalog is always pre-warmed.
Lower failure surface. Keepa rate limits / outages don't block scans — the enrichment worker absorbs them.

Safeguards

Stacking prevention — Won't start if >100K unchecked ASINs are already queued for your tenant.
Resume support — Stop and Scan again resumes from where you left off; Restart wipes scan data and starts fresh while preserving session history.
Tenant isolation — Each tenant's queue and results are filtered by tenant_id on every query.
Legacy fallback — If shared_catalog is empty (rare; happens on first SQLite/dev boot), the scanner falls back to the live-Keepa bestseller path. This is dev-only; production always has a populated catalog.

Architecture

Technology stack, system components, and data flow overview.

Technology Stack

ADAW Scanner is built with a modern, lightweight stack designed for reliability and speed:

Layer	Technology	Purpose
Backend	Python 3.12 + Flask	Web server, API endpoints, scan orchestration
WSGI Server	Gunicorn (2 workers, 120s timeout)	Production HTTP server with max-requests recycling (50 + jitter 10)
Database	PostgreSQL (Railway) / SQLite (local dev)	Multi-tenant persistent storage. db.py auto-translates SQL between both dialects.
Amazon API	SP-API (python-amazon-sp-api)	Official Amazon Selling Partner API for eligibility, pricing, fees, offers, catalog
Historical Data	Keepa API	90-day price/BSR trends, sales rank drops, monthly sold badge, competition tracking
Keepa Cache	keepa_cache table (global)	Persistent tenant-independent Keepa data cache. Enrichment worker processes stale entries via queue.
Authentication	Supabase Auth (JWT)	User login, token management, session security
Payments	Stripe	Scout ($49), Pro ($99), Enterprise ($179) subscriptions with webhooks
Frontend	Vanilla HTML/CSS/JS + Chart.js	Single-page dashboard with no build step. 8 tabs, product modal, real-time polling.
Hosting	Railway	Cloud deployment with auto-deploy on git push to main
Version Control	Git + GitHub	Source code management, CI/CD trigger for Railway auto-deploy

Why no React/Vue? The entire frontend is embedded in a single Python file (dashboard.py) as inline HTML/CSS/JS. This means zero build tools, zero npm dependencies, and instant deploys. The dashboard is served as a single HTML page by Flask. This makes the system extremely portable and easy to maintain.

Architecture Overview

The system consists of several core files:

File	Lines	Responsibility
`dashboard.py`	~13,400	Flask web server: API endpoints, embedded HTML/CSS/JS frontend, Supabase auth, sales intelligence, scan control, scoring, all dashboard UI (8 tabs + help docs)
`finder.py`	~3,900	Scanner engine: SP-API integration, browse tree discovery, ASIN scanning, eligibility checking, fee calculations, BSR-to-sales estimation, DB schema & migrations, ThreadPoolExecutor concurrency
`keepa_client.py`	~820	Keepa API wrapper: historical pricing, sales rank trends, competition tracking, monthly sold extraction, token budget system, bug #221 monkey-patch
`db.py`	~700	Database connection layer: pooled psycopg2 connections with stale-conn retry; SQL is written native PostgreSQL throughout. A thin SQLite shim (test-mode only) maps a small set of PG-isms (%s placeholders, ILIKE, ::int casts) to SQLite syntax. Multi-tenant support with tenant_id columns.
`stripe_config.py`	~160	Stripe subscription plans (Scout/Pro/Enterprise), price IDs, plan limits, feature gates

Data Flow

Browser ↔ Flask web service ↔ PostgreSQL ↔ Enrichment worker ↔ Keepa API | (shared DB) (sole Keepa caller) ↔ Supabase Auth | ↔ Stripe billing | ↔ Scanner subprocess ↔ Amazon SP-API (eligibility, fees, offers)

The web service spawns finder.py as a subprocess when a scan starts. The scanner reads pre-enriched data from shared_catalog, runs SP-API eligibility per ASIN, and writes results back to PostgreSQL. The dashboard polls the DB on an adaptive interval. The enrichment worker is a separate Railway service running the same image with ENRICHMENT_MODE=1; it owns every Keepa API call and writes to shared_catalog independently.

Key Processes

Process	How It Runs	Purpose
Top Sellers scan	Subprocess: `python finder.py bestsellers` (alias: `scan`)	Per-tenant pipeline: seed from `shared_catalog` → SP-API eligibility → wave-1 (pricing + catalog parallel) → wave-2 (fees + offers parallel) → score
Enrichment worker	Separate Railway service: `python enrichment.py` (`ENRICHMENT_MODE=1`)	Sole Keepa API consumer. Refreshes `shared_catalog` on a 1-hour cycle (50 ASINs/batch, 1 token/ASIN). Triggers Discord webhook on Green discoveries.
Dashboard	Gunicorn: `dashboard:app` · 2 workers · 120s timeout	Flask web service: serves the SPA, ~66 API endpoints, manages scan lifecycle, applies security headers + gzip + immutable static cache

Shared Catalog & Enrichment Service

A background enrichment service (enrichment.py) runs as a separate Railway worker, maintaining a global shared_catalog table with Keepa sales data for 500K+ ASINs. All tenants share this data — ADAW absorbs the Keepa API cost so customers don't need their own Keepa subscription. The service refreshes on a configurable interval (default 1 hour, ENRICHMENT_INTERVAL_HOURS) at 1 token/ASIN with a default 80,000-token daily budget.

Web service — dashboard.py via Gunicorn (serves UI + API + scanner subprocess)
Enrichment service — enrichment.py (background Keepa loop, sole token spender)
PostgreSQL — shared database between both services

Frontend Build Pipeline

Production serves two minified bundles built by node build.js: app.min.js (~200 KB raw, ~55 KB gzipped) and app.min.css (~234 KB raw, ~41 KB gzipped). Development serves the unminified modules separately so source-mapped debugging works. Both modes append ?v=<mtime> for cache-busting; production also serves them with Cache-Control: immutable for one-year browser caching.

System Diagram

Two Railway services share one PostgreSQL database. The web service runs the dashboard and scanner. The enrichment service is the sole Keepa consumer and refreshes the shared catalog independently.

Web Service

scanner.adawllc.com

dashboard.py Flask API + embedded SPA
finder.py scan engine (subprocess)
~66 API endpoints · 8 tabs · adaptive polling
Gunicorn · 2 workers · 120s timeout

↔

PostgreSQL

Shared Database

13 tables · 500K+ catalog ASINs
shared_catalog Keepa enrichment
checked_asins per-scan results
scan_sessions + scan_asins queue
Multi-tenant via tenant_id

↔

Enrichment Service

ENRICHMENT_MODE=1

enrichment.py background loop
Sole Keepa caller · 1 token/ASIN
1-hour cycles · 50 ASINs/batch
Drops, trends, prices, badge data

Scan Pipeline (Top Sellers, post-2026-04 pivot)

Top Sellers is now the only scan mode. When a tenant starts a scan, the system progresses through these phases:

Seed Queue

Populate scan_asins from shared_catalog (zero Keepa tokens)

→

Eligibility

SP-API ListingsRestrictions per ASIN, batched 100, 0.2s gap

→

Wave 1 (parallel)

GetCompetitivePricing + GetCatalogItem

→

Wave 2 (parallel)

GetMyFeesEstimate + ListOffersByASIN

→

Score

Green Light Score 0–10 with confidence-tiered velocity

Concurrency: ASINs are processed serially per tenant; within each ASIN, Wave 1 (pricing + catalog) and Wave 2 (fees + offers) each run their two SP-API calls in parallel via a 2-worker ThreadPoolExecutor. Ineligible ASINs (~92% of the catalog) skip Wave 2 entirely. Enrichment data comes pre-warmed from shared_catalog — the scanner never calls Keepa.

Data Enrichment Cycle

The enrichment service runs independently on a 4-hour cycle, fetching fresh Keepa data for products in the shared catalog:

Stale Query

Find ASINs not refreshed in 3 days

→

Keepa API

Batch of 20 ASINs · 60 tokens used

→

Extract

Drops, rank, trends, prices, badge

→

Save

Update shared_catalog + re-score

↺

Wait

Token refill · ~60s between batches

Sales Estimation Hierarchy

When displaying estimated monthly sales, the system uses verified Keepa data in priority order:

BSR Drops (Keepa)

Each BSR rank drop = ~1 sale. Most reliable real-time signal from Keepa enrichment.

High

BSR Formula

Category-specific power curves calibrated against SellerAmp data. Uses root category BSR.

Medium

Pending

No Keepa data yet. Product is queued for enrichment. No guessing — honest "no data."

None

Why no Amazon badge? The "bought in past month" badge counts unique customers (not units), shows only rounded ranges (50+, 100+, 200+), and is frequently stale. BSR drops and formula give more accurate per-listing sales estimates.

External Integrations

Amazon SP-API

Product eligibility, competitive pricing, fee estimates, offer details, catalog search, browse tree reports. Rate limited per endpoint.

Keepa API

90-day BSR history, sales rank drops, price trends, competition tracking, monthly sold badge, category tree. 60 tokens/min, 1 token/product.

Supabase Auth

User authentication via JWT tokens. Login, signup, session refresh. Tenant isolation via user_id mapping.

Stripe

Subscription billing: Scout ($49), Pro ($99), Enterprise ($179). Webhooks for plan changes, cancellations, renewals.

Discord Webhooks

Real-time product alerts for Green Light products (score 7.0+, sales 100+). Rate limited to 10/hour with DB-backed dedup.

API & Rate Limits

Amazon SP-API rate limits and scanner throughput estimates.

API Rate Limits & Performance

Amazon's SP-API enforces strict rate limits per endpoint. The scanner is designed to operate at maximum efficiency within these constraints:

API Endpoint	Rate Limit	Used For
Catalog Search	2 req/s	Discovering ASINs in categories (Phase 2)
Product Eligibility	5 req/s	Checking if you can sell a product
Competitive Pricing	2 req/s	Getting current listing price
Catalog Items	2 req/s	Product details (name, BSR, brand)
Product Fees	0.5 req/s	Amazon referral + FBA fees (slowest endpoint)
Item Offers	0.5 req/s	Buy Box holder, offer count

Performance bottleneck: The Product Fees endpoint (0.5 req/s = one call every 2 seconds) is the limiting factor. The scanner mitigates this by running Wave 1 and Wave 2 API calls in parallel using thread pools, and by skipping Wave 2 entirely for products priced below $12 (which are unlikely to be profitable after fees).

Throughput Estimates

Category discovery: ~4 pages/second (limited by Catalog Search rate)
Eligibility checking: ~30-55 ASINs/minute (depends on how many pass the $12 threshold)
Top Sellers scan: ~2 minutes for discovery (500K+ ASINs), then eligibility pipeline runs
Keepa enrichment: ~1,200 products/hour (1 token/product, 20 tokens/min on Starter plan)

Dashboard API Endpoints

The Flask backend exposes 50+ authenticated API endpoints. All require a valid JWT token via the Authorization: Bearer header (except the public waitlist POST and /health endpoint).

Stats & Analysis

Method	Endpoint	Purpose
GET	`/api/stats`	Aggregate scan statistics (products, categories, score breakdown)
GET	`/api/stats/data-quality`	Diagnostic: count products with missing fields
GET	`/api/analysis`	Product intelligence for dashboard charts and Top Opportunities

Products & Details

Method	Endpoint	Purpose
GET	`/api/products`	Paginated list of eligible products (with search, filters, sorting)
GET	`/api/product/<asin>`	Single product detail for the product modal
POST	`/api/product/<asin>/refresh-keepa`	On-demand Keepa refresh for a single product
GET	`/api/opportunities`	Paginated top opportunities (sorted by composite score)

Insights & Analytics

Method	Endpoint	Purpose
GET	`/api/insights/categories`	Per-browse-tree category intelligence (hit rates, scores, averages)
GET	`/api/insights/price-analysis`	Price sweet spots — product count & avg margin per price band
GET	`/api/insights/keepa-trends`	Keepa trend analysis for enriched eligible products

Scan Control

Method	Endpoint	Purpose
POST	`/api/scan/start`	Start Top Sellers scan (also aliased as /api/scan/start-bestsellers)
POST	`/api/scan/stop`	Stop the active scan
GET	`/api/scan/log`	Last 200 lines of scan.log
GET	`/api/categories/list`	Distinct category names from eligible products

Scan History & Sessions

Method	Endpoint	Purpose
GET	`/api/scan/sessions`	All scan sessions, newest first
GET	`/api/scan/sessions/<id>/products`	Products from a specific scan session
POST	`/api/scan/session/finalize`	Finalize current scan session

Keepa & Enrichment

Method	Endpoint	Purpose
GET	`/api/keepa/status`	Keepa API token balance & enriched product count
GET	`/api/keepa/estimate`	Token cost estimates: unenriched/stale/fresh counts & estimated time
POST	`/api/keepa/reenrich`	Smart re-enrichment with modes: stale_only, unenriched, green_first
GET	`/api/keepa/reenrich/progress`	Re-enrichment progress polling (status, done/total, percent)

Export & Brands

Method	Endpoint	Purpose
GET	`/api/export/sas`	ASINs as newline-separated text (for SAS batch lookup)
GET	`/api/export/sas-csv`	Full CSV with scores, pricing, competition data
GET	`/api/brands`	Auto-detected brand data with stats from scanned products
GET	`/api/export/brands-csv`	Export all brand listings as CSV

Waitlist (Public)

Method	Endpoint	Purpose
POST	`/api/waitlist`	Public: collect email for SaaS waitlist (no auth required)
GET	`/health`	Health check: returns `{"status":"ok","db":"connected"}` (no auth required)
GET	`/api/diagnostic/shared-catalog`	Shared catalog health: total ASINs, enrichment coverage %, freshness
GET	`/api/watchlist`	List user's watchlisted ASINs
POST	`/api/watchlist/<asin>`	Add ASIN to watchlist
DELETE	`/api/watchlist/<asin>`	Remove ASIN from watchlist
GET	`/api/waitlist`	Admin: view all waitlist signups

Database Schema

PostgreSQL database tables, columns, and multi-tenant data model.

Database & Data Model

Production runs PostgreSQL on Railway; the test suite uses SQLite (in-memory or on-disk file). All SQL is written in native PostgreSQL syntax (%s placeholders, ON CONFLICT, ILIKE, ::int casts). db.py contains a small SQLite shim that maps these PG-isms to SQLite equivalents in test mode only; production paths go straight to psycopg2 unchanged. All tables include a tenant_id column for multi-tenant isolation. The keepa_cache table is the exception — it is global (shared across all tenants) to avoid re-fetching the same ASIN data per user. Schema migrations run automatically on startup.

Table: checked_asins (Products)

The main products table. Every ASIN that has been evaluated is stored here, regardless of eligibility.

Column	Type	Description
`asin`	TEXT PK	Amazon Standard Identification Number
`product_name`	TEXT	Product title from catalog
`is_eligible`	BOOLEAN	Whether seller can list this ASIN
`restriction_reason`	TEXT	Why ineligible (NOT_ELIGIBLE, APPROVAL_REQUIRED, ASIN_NOT_FOUND)
`sale_price`	REAL	Lowest New listing price from CompetitivePricing API
`total_amazon_fees`	REAL	Referral + FBA fulfillment fee estimate at sale_price
`max_buy_cost_30_roi`	REAL	Max buy cost for 30% ROI: (price - fees - $0.20) / 1.30
`max_buy_cost_50_roi`	REAL	Max buy cost for 50% ROI: (price - fees - $0.20) / 1.50
`seller_count`	INTEGER	Number of New condition offers on listing
`category`	TEXT	Amazon browse-tree category display name
`bsr`	INTEGER	Best Seller Rank (top-level category rank)
`estimated_monthly_sales`	REAL	Monthly sales estimate (from 3-tier hierarchy)
`sales_data_source`	TEXT	Which method estimated sales: "Amazon Badge", "BSR Drops", or "BSR Estimate"
`amazon_on_listing`	BOOLEAN	Amazon is a seller on this listing (True/False/NULL)
`fba_seller_count`	INTEGER	Count of FBA-fulfilled sellers specifically
`buy_box_price`	REAL	Current Buy Box winner price
`buy_box_seller`	TEXT	"Amazon" if Amazon holds Buy Box, else raw seller ID
`bsr_formula_version`	INTEGER	BSR estimation model version (2 = current Books-calibrated)
`scan_session_id`	INTEGER	FK to scan_sessions.session_id
`checked_at`	TIMESTAMP	When this ASIN was last evaluated
Keepa Enrichment Columns (populated by Keepa API)
`keepa_avg_price_30`	REAL	30-day average price (dollars)
`keepa_avg_price_90`	REAL	90-day average price (dollars)
`keepa_price_stability`	REAL	Price coefficient of variation (0-1, lower = more stable)
`keepa_sales_rank_avg_30`	REAL	30-day average BSR
`keepa_sales_rank_avg_90`	REAL	90-day average BSR
`keepa_sales_rank_trend`	TEXT	"improving", "stable", or "declining" (recent vs historical BSR)
`keepa_offer_count_avg`	REAL	90-day average seller count
`keepa_competition_trend`	TEXT	"increasing", "stable", or "decreasing" (seller count trend)
`keepa_buy_box_price`	REAL	Latest Buy Box price from Keepa stats
`keepa_monthly_sold`	INTEGER	Amazon "bought in past month" badge value
`keepa_sales_rank_drops_30`	INTEGER	BSR drops in last 30 days (~1 sale per drop)
`keepa_sales_rank_drops_90`	INTEGER	BSR drops in last 90 days
`keepa_sales_rank_drops_180`	INTEGER	BSR drops in last 180 days
`keepa_last_updated`	TEXT	When Keepa data was last refreshed (ISO timestamp)

Table: scan_categories (Browse Tree)

Column	Type	Description
`node_id`	TEXT PK	Amazon browse node ID
`node_name`	TEXT	Category display name
`parent_node_id`	TEXT	Parent category node ID (for tree hierarchy)
`is_leaf`	BOOLEAN	True if searchable leaf category (vs folder node)
`scan_status`	TEXT	pending, in_progress, done, or error
`asins_found`	INTEGER	Count of ASINs discovered in this category
`pages_scanned`	INTEGER	Search result pages scanned so far
`last_page_token`	TEXT	SP-API pagination token for resume
`error_message`	TEXT	Error details if scan_status is "error"
`created_at`	TIMESTAMP	When category was added to the tree
`updated_at`	TIMESTAMP	Last status change time

Table: scan_asins (Discovery Queue)

Column	Type	Description
`asin`	TEXT PK	Discovered ASIN
`source_node_id`	TEXT	Which browse node discovered it
`discovered_at`	TIMESTAMP	When discovered
`eligibility_checked`	BOOLEAN	False until processed by eligibility checker

Table: scan_sessions (History)

Column	Type	Description
`session_id`	INTEGER PK	Auto-increment session ID
`started_at`	TIMESTAMP	When scan started
`stopped_at`	TIMESTAMP	When scan stopped (NULL if still running)
`status`	TEXT	"running" or "stopped"
`scan_type`	TEXT	"full", "targeted", or "smart"
`target_categories`	TEXT	Comma-separated node IDs (for targeted scans)
`categories_scanned`	INTEGER	Categories discovered this session
`asins_discovered`	INTEGER	ASINs found this session
`asins_checked`	INTEGER	ASINs evaluated for eligibility
`eligible_found`	INTEGER	Products that passed eligibility
`not_eligible`	INTEGER	Products that failed eligibility
`green_count`	INTEGER	Score ≥ 7.0
`yellow_count`	INTEGER	Score 4.5–6.9
`red_count`	INTEGER	Score < 4.5

Table: scan_meta (Key-Value Store)

Column	Type	Description
`key`	TEXT PK	Metadata key (e.g., "scan_phase", "current_session_id", "daemon_status")
`value`	TEXT	Metadata value

Table: waitlist (SaaS Signups)

Column	Type	Description
`id`	INTEGER PK	Auto-increment ID
`email`	TEXT UNIQUE	Signup email address
`created_at`	TIMESTAMP	Signup time (default: now)

Table: shared_catalog (Global Sales Data)

Column	Type	Description
`asin`	TEXT PK	Amazon product identifier
`monthly_sold`	INTEGER	Amazon "bought in past month" badge value
`estimated_sales`	INTEGER	Computed sales estimate after stale detection
`sales_source`	TEXT	"Badge", "BSR Drops", or "BSR Formula"
`sales_confidence`	TEXT	"high", "medium", "low"
`enriched_at`	TIMESTAMP	When Keepa data was last fetched
`enrichment_count`	INTEGER	Number of times enriched

Table: watchlist (User Favorites)

Column	Type	Description
`tenant_id`	UUID FK	References tenants(id)
`asin`	TEXT	Watchlisted product ASIN
`added_at`	TIMESTAMP	When the product was starred
`notes`	TEXT	Optional user notes

Indexes

idx_session on checked_asins(scan_session_id) — fast session-based product filtering
idx_scan_categories_status on scan_categories(is_leaf, scan_status) — fast pending-category lookups
idx_scan_asins_unchecked on scan_asins(eligibility_checked) — fast unchecked-ASIN batch fetching

Keepa Integration

90-day historical pricing, sales rank trends, and competition tracking.

Keepa Integration

Keepa provides 90-day historical data for every product, enriching the scanner's real-time data with trends and context:

Price history: Track price stability via coefficient of variation (CV). CV < 0.15 = stable pricing, CV > 0.25 = volatile
Sales rank trends: Identify products with improving (growing demand) or declining (shrinking demand) sales rank over 90 days
Competition changes: Monitor seller count fluctuations — increasing seller count triggers a -1 scoring penalty
Monthly sold estimate: Keepa's proprietary "bought in past month" badge data, often more accurate than BSR-based calculations
Sales rank drops: Count of 30-day rank drops (BSR dips that indicate sales events)

How It Works

Keepa data is maintained by the Shared Catalog enrichment service (enrichment.py), which runs as a background Railway worker refreshing sales and price history continuously. Each product lookup costs approximately 1 Keepa token. ADAW absorbs the Keepa API cost, so users don't need their own Keepa subscription. The dashboard reads from the shared_catalog table first, falling back to per-tenant Keepa columns if unavailable. The Data Enrichment card on the Overview tab shows live coverage and freshness.

Token Budget & Rate Limits

The Keepa enrichment service is the sole owner of all Keepa API calls in production — no other code path calls Keepa. It runs as a separate Railway worker process (ENRICHMENT_MODE=1) and pulls from a per-tenant daily token budget that's synced with the tenant's plan.

Parameter	Value
Tokens per product lookup	1 token (no offers / buybox params; verified empirically in `keepa_client.py`)
Default daily budget	80,000 tokens (`DAILY_TOKEN_BUDGET` in `enrichment.py`)
Per-plan daily budgets	Scout 100 / Pro 500 / Enterprise 1,500 / Admin 80,000
Refill rate	~60 tokens/minute (Keepa server-side)
Cycle interval	1 hour (`ENRICHMENT_INTERVAL_HOURS`, configurable)
Batch size per cycle	50 ASINs (`BATCH_SIZE`)
Token wait logic	If insufficient tokens, sleeps `min(120, max(10, 60 - tokens*3))` seconds, retries up to 3 times

Monthly Sold: 3-Tier Priority

The scanner extracts monthly sales data from Keepa using a 3-tier priority to get the freshest value:

Priority	Source	Description
Tier 1	`monthlySoldHistory`	Array of timestamped snapshots — takes the last value (newest). This is the freshest source.
Tier 2	`product.monthlySold`	Static field on the product object. May lag behind history data.
Tier 3	`stats.monthlySold`	Stats-level aggregate. Last resort if both above are missing.

Each tier is validated: value must be non-null and > 0 before use. If all three are missing, the scanner falls back to BSR-based estimation.

Live Refresh (`update=1`)

When the product modal requests live Keepa data, the enrichment worker processes the request via the enrichment queue. The Keepa API default is update=1, which refreshes data if it's older than 1 hour — matching SellerAmp SAS freshness.

Monkey-Patch for Keepa Library Bug #221

The official keepa Python library has a known bug (#221) where update_status() overwrites self.status from a proper Status dataclass to a raw Python dict, causing 'dict' object has no attribute 'refillRate' errors.

The scanner patches this in keepa_client.py with a replacement _safe_update_status() that detects dict corruption and reconstructs a proper Status dataclass with all attributes.

Numpy Type Safety (`_safe_scalar()`)

Keepa returns numpy types (arrays, scalars) that fail Python boolean comparisons (if val and val > 0 raises "ambiguous truth value" errors). The _safe_scalar() utility converts numpy types to plain Python scalars before comparison. It handles: numpy integers/floats (.item()), single-element arrays, multi-element arrays (returns None), and passes through regular Python values unchanged.

Price & Rank Data Handling

Prices stored in cents: Keepa stores all prices as integers in cents — divided by 100 for dollar values
Price priority: Amazon price first, falls back to New (marketplace) price if unavailable
Buy Box price: Extracted from stats index 17 (BUY_BOX_SHIPPING) in the current array
Invalid values: -1 = out of stock/unavailable, NaN = no data. Both filtered before analysis
Keepa epoch: Times stored as integer minutes since 2011-01-01 00:00:00 UTC

Backfill API: Trigger manual Keepa enrichment via POST /api/keepa/backfill. Check enrichment status via GET /api/keepa/status. The scanner also auto-enriches products during scans.

Deployment

Railway hosting, auto-deploy, environment variables, and infrastructure.

Deployment & Infrastructure

Railway Platform

The application is hosted on Railway, a modern cloud platform:

Auto-deploy: Every push to the main branch on GitHub triggers an automatic deployment
Build time: ~1-2 minutes for Docker image build
Container creation: ~3-5 minutes for new container startup
Total deploy time: ~5-7 minutes end to end
Zero-downtime: Railway performs rolling deploys (new container starts before old one stops)
Persistent volume: SQLite database stored on mounted volume (web-volume) that persists across deploys

Procfile & Gunicorn

The Procfile branches on ENRICHMENT_MODE so the same image powers two Railway services:

web: if [ "$ENRICHMENT_MODE" = "1" ]; then python enrichment.py; else gunicorn dashboard:app --bind 0.0.0.0:$PORT --workers 2 --timeout 120 --max-requests 50 --max-requests-jitter 10; fi

Web service (default): Gunicorn with 2 workers, 120s timeout, graceful restart every 50 requests with ±10 jitter (prevents long-tail memory creep)
Enrichment worker (ENRICHMENT_MODE=1): runs python enrichment.py, the sole owner of Keepa API calls
$PORT is set automatically by Railway

Both services deploy from the same GitHub repo on every push to main; they're differentiated only by the ENRICHMENT_MODE env var on the worker service.

Environment Variables

All sensitive configuration is stored as Railway environment variables (never in code). See the From-Scratch Setup page for the complete reference table. Key groups:

Group	Variables	Purpose
SP-API	`SP_API_REFRESH_TOKEN`, `SP_API_LWA_APP_ID`, `SP_API_LWA_CLIENT_SECRET`, `SP_API_ACCESS_KEY`, `SP_API_SECRET_KEY`, `SP_API_ROLE_ARN`	Amazon Selling Partner API credentials
Supabase	`SUPABASE_URL`, `SUPABASE_ANON_KEY`, `SUPABASE_JWT_SECRET`	Authentication (leave JWT secret empty for local dev)
Keepa	`KEEPA_API_KEY`	Historical data enrichment (optional)
App	`MARKETPLACE_ID`, `DB_PATH`, `ALLOWED_EMAILS`	App configuration

Orphan Session Cleanup

When Railway redeploys, any running scan processes are killed. On startup, the application automatically calls _cleanup_orphaned_sessions() which:

Queries all sessions with status = 'running'
Updates each to status = 'stopped' with stopped_at = current timestamp
Logs the count and IDs of orphaned sessions found

This prevents stale "Running" indicators on the dashboard after a redeploy.

Database Persistence

The SQLite database (checked_asins.db) is stored on a Railway persistent volume. The DB_PATH environment variable points to the volume mount location. If DB_PATH is not set, the database is created in the script's working directory. The database is auto-created with all tables and indexes on first run via init_db().

Enrichment Service

The enrichment service runs as a separate Railway worker using the same GitHub repo but with ENRICHMENT_MODE=1 environment variable. The Procfile conditional routes to python enrichment.py instead of Gunicorn.

Required variables: DATABASE_URL, KEEPA_API_KEY, ENRICHMENT_DAILY_BUDGET, ENRICHMENT_INTERVAL_HOURS, ENRICHMENT_MODE=1

Discord Webhook Alerts

Set DISCORD_WEBHOOK_URL on the web service to receive Discord notifications for high-quality Green Light products (score 7.0+ with 100+ monthly sales). The webhook is non-blocking and fires from the /api/analysis endpoint during dashboard polling.

Deployment checklist: After pushing to GitHub, verify: (1) Railway build succeeds, (2) Container starts without errors, (3) Dashboard loads at your domain, (4) Authentication works, (5) Scanner can start/stop scans.

Authentication

Supabase JWT authentication, token management, and API security.

Authentication & Security

The dashboard uses Supabase Authentication (an open-source Firebase alternative) for user management.

Supabase Setup

To set up authentication from scratch:

Create a free project at supabase.com
Enable Email/Password auth in Authentication → Providers
Copy three values from Project Settings → API:
- SUPABASE_URL — Project URL (e.g., https://xxxxx.supabase.co)
- SUPABASE_ANON_KEY — Public anon key (safe to embed in frontend)
- SUPABASE_JWT_SECRET — JWT signing secret (under Settings → API → JWT Secret)
Create your user account in Authentication → Users → Invite User

How Authentication Works

Component	How It Works
Login	User submits email/password → Supabase validates → returns JWT + refresh token → stored in `localStorage`
API requests	All API calls go through `authFetch()` which attaches `Authorization: Bearer <token>` header
Server validation	`@require_auth` decorator decodes JWT using HS256 algorithm with `SUPABASE_JWT_SECRET`, audience `"authenticated"`
Token refresh	On 401 response, `authFetch()` calls `_sb.auth.refreshSession()`. If refresh succeeds, retries request with new token. If refresh fails, redirects to login screen.
Password reset	Email-based flow through Supabase's built-in password reset

Email Allowlist

The ALLOWED_EMAILS environment variable restricts dashboard access to specific email addresses:

ALLOWED_EMAILS=yourname@email.com,partner@email.com

Comma-separated list. If empty or not set, all authenticated Supabase users can access the dashboard. If set, users whose email is not in the list receive a 403 "Access denied" response even with a valid JWT.

Local Development Mode

When SUPABASE_JWT_SECRET is empty or not set, the @require_auth decorator allows all requests through without authentication. This lets you develop and test locally without setting up Supabase:

# Local dev: just run without setting SUPABASE_JWT_SECRET python dashboard.py # Dashboard loads at http://localhost:5000 with no login required

authFetch() Flow

Every API call from the frontend JavaScript uses authFetch() instead of plain fetch():

1. Attach Bearer token from current session to request headers 2. Make the fetch request 3. If response is 401 (unauthorized): a. Call _sb.auth.refreshSession() b. If refresh returns new session → update _session, retry request c. If refresh fails → show login screen, throw "Session expired" 4. If response is other error → throw server error 5. Return successful response

Security note: JWT tokens are validated on every API request. The @require_auth decorator checks token validity, expiration, and email allowlist. Expired tokens return 401 (triggering auto-refresh), invalid tokens return 401, and disallowed emails return 403.

Dashboard Guide

Detailed walkthrough of every dashboard tab and feature.

Dashboard Tabs Explained

Overview Tab

Your command center. Surfaces live scan state and aggregate metrics:

Scan Progress: Status pill (idle / running / stopped), pool size from shared_catalog, your tenant's checked count, eligible vs. ineligible split.
Eligibility bar: Live progress bar tracking your tenant's queue burn-down. Throughput in ASINs/min plus an ETA.
Last 5 Greens: A live feed of Green-light products discovered in the current session.
Product Intelligence: Average profit per unit, average fee margin, Amazon presence, average competition, and the Green / Yellow / Red distribution.
Data Enrichment: Coverage % of the shared catalog with fresh Keepa data, plus an ETA to full coverage at the current throughput.
Top 10 Opportunities: Ranked by composite opportunity score (sales velocity × margin / competition factor) among products that pass all quality gates.

Products Tab

Sortable, searchable table of eligible products plus instant single-ASIN lookup:

Lookup bar: Paste any ASIN or Amazon URL for a SellerAmp-style report in 3–6 seconds. Spends at most 1 Keepa token; zero if the catalog already has fresh data for the ASIN.
Quick filter chips: Green Only, Hide Amazon Buy Box, Watchlist (starred), category, price range. Mobile-friendly tap targets.
Search: Filter by product name, ASIN, brand, or category in real-time.
Column sorting: Click any column header to sort ascending / descending. Default sort is score DESC.
Product Modal: Click any row for the full report — per-seller forecast, competition analysis, Keepa history, fee breakdown, max-buy-cost calculator.
SAS Export: ASIN-only or full CSV for SellerAmp / SAS workflows.
Watchlist: Star products to save them across sessions; toggle the watchlist filter to show stars only.
Keyboard shortcuts: / focus search, j/k row nav, Enter open modal, s toggle star, ? shortcut help.
Mobile cards: Below 768 px the table converts to vertically-stacked cards.

Categories Tab

Aggregated category-level breakdown of the products you've checked. Each row shows the number of products checked in that category, how many are eligible, the hit rate, average score, and average margin — useful for spotting which categories yield the best opportunities for your seller account.

Brands Tab

Brand-level intelligence across all your scan data, using a two-pass detection algorithm:

Pass 1 — Known Brands: Matches product names against a curated dictionary of brand keywords. Matched brands are labeled Ungated.
Pass 2 — Auto-detected: For unmatched products, extracts the first meaningful word of the product name (filtering articles, colors, numbers). Labeled as auto-detected.
Minimum 3 products: Brands with fewer than 3 listings are filtered out as noise.
Deduplication: Case-insensitive merging (e.g., "CLOROX" and "Clorox" become one brand).

Each brand card shows product count, ungated status, parent company, categories, and all listings with prices, margins, sales, and scores. CSV export available.

Insights Tab

Strategic analytics across your scan results:

Category Intelligence: Composite category score (0–100) blending hit rate, margin, sales volume, and competition.
Price Sweet Spots: Distribution and green-rate across price bands ($10–15, $15–25, etc.).
Competition Landscape: Average seller count by category, Amazon presence rates.
Keepa Trend Analysis: Aggregated rank-trend and price-stability signals.

History Tab

Complete record of every scan session run by your tenant:

Session cards: Timestamp, status (running / completed / stopped), duration, and result counts.
Type badges: All scans now run in Top Sellers mode (the only scan mode after the April 2026 pivot). Older sessions may show legacy badges (FULL / TARGETED / SMART) for historical reference.
Quality breakdown: Green / Yellow / Red counts per session.
Drill-down: Click any session card to see its products.

Top Opportunities (on Overview)

The Overview tab features a Top 10 Opportunities section — the highest-ranked products that pass all quality gates: no Amazon on listing, no Amazon Buy Box, ≥5 sellers, ≥1 FBA seller, non-Red score, ≥$3 profit per unit. Each card shows the opportunity score and key metrics. Ranking is by raw opportunity score (sales velocity × margin ÷ competition factor) — there is no letter-grade overlay.

Help & Account & Docs

Help is the user-facing reference for filters, modal fields, scoring, and keyboard shortcuts. Account shows plan tier, usage, billing portal, Discord webhook setup, and tenant settings. Docs (admin only) is this comprehensive technical documentation hub.

FAQ & Troubleshooting

Common questions and solutions for the scanner and dashboard.

FAQ & Troubleshooting

Q: Why does the scan seem slow?

Amazon's SP-API rate limits are the bottleneck, not the scanner. The Product Fees endpoint only allows 1 request every 2 seconds. The scanner uses parallel threading to maximize throughput within these constraints. The Top Sellers discovery is fast (~2 min), but the eligibility pipeline processes each ASIN individually.

Q: Why does it say "Error loading product data" when I click a product?

Some products may be missing SP-API fields (like price or BSR) if they were discovered but not fully checked. This is a data completeness issue, not a bug. Re-running the scan will fill in missing data.

Q: What does "Idle (X% Scanned)" mean on the Overview?

It means the scanner is not currently running, and X% of discovered ASINs have been checked so far. Start another Top Sellers scan to discover new products.

Q: How accurate are the monthly sales estimates?

Estimates come from a four-tier source ladder, each with its own confidence multiplier on the Sales Velocity score. HIGH (1.0×) uses Keepa's Amazon Badge value cross-validated against 30-day BSR drops within a 0.3–3.0 ratio. MEDIUM (0.85×) uses the badge alone when no drops exist yet to validate it. LOW (0.35×) uses 30-day BSR drops alone (each drop ≈ 1 sale). NONE (0.1×) is a category-calibrated BSR formula used only while Keepa enrichment is still pending. The Demand Floor caps the score at Yellow when sales are < 100/mo or confidence is "none".

Q: How do I export data for Seller Assistant (SAS)?

On the Products tab, click either "SAS Export (ASINs)" for a plain ASIN list, or "SAS Export (CSV)" for a full spreadsheet with all product data. The CSV includes pricing, competition, scores, and Keepa trends.

Q: Why are some products shown as "Unknown" category?

Some products have their category field stored as a node ID rather than a readable name. This typically happens with products from the fallback eligibility query. The data is still correct; the display name just wasn't resolved from the browse tree.

Q: Can I run the scanner locally?

Yes. See the From-Scratch Setup page in the Technical section for a complete step-by-step guide. Short version: clone the repo, install deps with pip install -r requirements.txt, set SP-API environment variables (Supabase optional for local dev), then run python dashboard.py. Dashboard loads at http://localhost:5000 with no login required when SUPABASE_JWT_SECRET is empty.

Q: Why do some Green Light products have DG/IP alerts in SellerAmp SAS?

Known limitation. The scanner does not detect Dangerous Goods (Hazmat) or IP-protected brands. A product can pass all Green Light criteria but still be flagged by SAS for DG restrictions or intellectual property complaints. Always cross-reference with SAS before purchasing inventory.

Q: Why was a product removed from Top Opportunities?

Top Opportunities has strict quality gates: no Amazon on listing, Amazon doesn't hold Buy Box, ≥5 sellers, ≥1 FBA seller, not Red score, and ≥$3 profit per unit. The FBA seller gate (≥1 FBA seller) ensures products are suitable for FBA arbitrage — products with 0 FBA sellers are excluded even if they score Green.

Q: How accurate is the Amazon "Bought in Past Month" badge?

The badge counts unique customers, not units, and shows rounded ranges (50+, 100+, 200+). The scanner uses it — but only when 30-day BSR drops corroborate the value within a 0.3–3.0 ratio (HIGH-confidence tier). When the badge exists but drops can't validate it, it's MEDIUM-confidence. When the badge looks stale relative to drops, the scanner falls back to drops alone (LOW). When neither exists, a category-calibrated BSR formula is the last resort (NONE).

Q: How does the 0-10 scoring work?

Six weighted components on a 0–10 clamped scale: Profit Quality (2.5), ROI Signal (2.0), Sales Velocity (2.5, × confidence multiplier), Competition (2.0), Keepa Trends (1.5), Price Point (0.5). Penalties: BSR Safety (−0.5 to −1.0), Private Label Risk (−0.5), Demand Floor (caps at Yellow if monthly sales < 100). Hard reject: Amazon holds the Buy Box → score 0. Thresholds: 7.0+ = Green, 4.5–6.9 = Yellow, < 4.5 = Red. See the Scoring System page for the full breakdown.

Q: What are the Amazon Seller IDs the scanner detects?

The scanner identifies two Amazon seller IDs: ATVPDKIKX0DER (Amazon.com retail, also the US marketplace ID) and A2R2RITDJNW1Q6 (Amazon.com Services LLC). If either appears as the Buy Box holder or in the offer list, the product is flagged as having Amazon on the listing.

Q: How does the Watchlist work?

Click the star icon next to any ASIN to save it. Toggle the Watchlist filter to show only starred products. Persists across sessions.

Q: What is the Shared Catalog?

A global PostgreSQL table (shared_catalog) holding 500K+ ASINs with Keepa-enriched sales data, prices, BSR drops, and trend signals. The enrichment worker (a separate Railway service) refreshes it on a 1-hour cycle at 1 Keepa token per ASIN. All tenants score against the same pool — one Keepa refresh covers every user, so adding the 100th tenant costs zero additional Keepa tokens.

SaaS Scaling — Overview & Architecture

Last updated: 2026-04-26

Goal: Convert scanner.adawllc.com from a single-tenant internal FBA scanner into a multi-tenant SaaS product listed on the Amazon Selling Partner Appstore, with Stripe subscription billing.

Why Go Multi-Tenant?

Right now, the scanner uses our own Amazon SP-API credentials (refresh token, seller ID, etc.) hardcoded in environment variables. Only we can scan. The eligibility endpoint (getListingsRestrictions) is per-seller — it returns whether that specific seller can list a product. So if another seller wants eligibility results personalized to their account, they must connect their own Amazon account via OAuth. That’s the fundamental driver for multi-tenancy.

Current Architecture (As-Is)

Component	Technology	Details
Backend	Python 3.12 / Flask	`dashboard.py` (11,696 lines)
Scanner Engine	Python subprocess	`finder.py` (2,951 lines)
Keepa Client	Python	`keepa_client.py` (569 lines)
Database	SQLite (WAL mode)	`checked_asins.db` on Railway volume
Auth	Supabase JWT (optional)	HS256, audience="authenticated"
Frontend	Vanilla JS/HTML/CSS	Embedded in `dashboard.py` (~7,000 lines)
Deployment	Railway (3 services)	Web (Gunicorn), Enrichment (`enrichment.py`), PostgreSQL
Job Queue	None	Scan runs as subprocess
Cache	None	—

Target Architecture (To-Be)

                    +---------------------------+
                    |   Amazon Selling Partner   |
                    |   Appstore (discovery)     |
                    +------------+--------------+
                                 | OAuth authorize
                                 v
+----------------------------------------------------------------+
|                    scanner.adawllc.com                          |
|                                                                |
|  +----------+   +--------------+   +---------------------+    |
|  | React    |   | Flask API    |   | Celery Workers      |    |
|  | Frontend |-->| (REST + Auth)|-->| (per-tenant scans)  |    |
|  | (Vercel) |   | (Railway)    |   | (Railway)           |    |
|  +----------+   +------+-------+   +----------+----------+    |
|                        |                       |               |
|                        v                       v               |
|               +----------------------------------+             |
|               | PostgreSQL (multi-tenant, RLS)    |             |
|               | tenants, checked_asins,           |             |
|               | scan_sessions, usage_tracking     |             |
|               +----------------------------------+             |
|                        |                                       |
|               +--------+--------+                              |
|               | Redis            |                              |
|               | (Celery broker   |                              |
|               |  + rate limit    |                              |
|               |  + cache)        |                              |
|               +------------------+                              |
|                                                                |
|  +-------------+  +--------------+  +------------------+      |
|  | Stripe      |  | Amazon SP-API|  | Keepa API        |      |
|  | (payments)  |  | (per-tenant  |  | (enrichment,     |      |
|  |             |  |  credentials)|  |  shared API key)  |      |
|  +-------------+  +--------------+  +------------------+      |
+----------------------------------------------------------------+

What Changes From Current Architecture

Aspect	Current (Single-Tenant)	Target (Multi-Tenant SaaS)
Database	SQLite on Railway volume	PostgreSQL with `tenant_id` on every table
SP-API Credentials	Hardcoded env vars (one seller)	Per-tenant encrypted refresh tokens in DB
Auth	Optional Supabase JWT	Required Supabase Auth + tenant provisioning
Scan Execution	Subprocess on same machine	Celery workers with per-tenant queues
Payments	None	Stripe Checkout + webhooks
Frontend	Embedded in Flask	Separate React app (Vercel) — later
Rate Limiting	Per-endpoint in-memory	Per-tenant token buckets in Redis
Keepa	Shared API key	Shared API key (cost absorbed or tiered)
User Onboarding	None	Signup → Pay → Connect Amazon → Scan

Core Files (Current)

dashboard.py — Flask web server. Serves the entire UI (embedded HTML), all REST API endpoints, scan orchestration (start/stop/monitor), Supabase JWT auth, Keepa enrichment triggers, and stats/analytics.
finder.py — Scanner engine. Runs as a subprocess spawned by dashboard.py. Three-phase scan: (1) download Amazon browse tree XML, (2) discover ASINs via CatalogItems API, (3) check eligibility via parallel API calls. Uses ThreadPoolExecutor with Wave 1 (3 threads) and Wave 2 (2 threads).
keepa_client.py — Keepa API wrapper. Lazy init with monkey-patch for keepa library bug #221. Provides enrich_product() and enrich_batch(). Extracts 18 metric columns.
backfill_offers.py, backfill_sales_estimates.py — Utility scripts for backfilling missing data.

Current Environment Variables

Variable	Required	Purpose
`SP_API_REFRESH_TOKEN`	Yes	Amazon SP-API auth
`SP_API_LWA_APP_ID`	Yes	Login with Amazon app ID
`SP_API_LWA_CLIENT_SECRET`	Yes	LWA client secret
`SP_API_AWS_ACCESS_KEY`	Yes	AWS IAM access key
`SP_API_AWS_SECRET_KEY`	Yes	AWS IAM secret key
`SP_API_ROLE_ARN`	Yes	AWS IAM role ARN
`SELLER_ID`	Yes	Amazon seller ID (e.g., A1XXXXXXXXXXXX)
`MARKETPLACE_ID`	No	Default: ATVPDKIKX0DER (US)
`KEEPA_API_KEY`	No	Keepa API key
`SUPABASE_URL`	Yes	Supabase project URL
`SUPABASE_ANON_KEY`	Yes	Supabase anon key
`SUPABASE_JWT_SECRET`	Yes	For JWT verification
`ALLOWED_EMAILS`	No	Comma-separated email allowlist
`DB_PATH`	No	Default: ./checked_asins.db

Amazon SP-API Public App Registration

Last updated: 2026-04-26

What Is a Public SP-API App?

A public app is one that can be authorized by any Amazon seller (not just you). It gets listed on the Selling Partner Appstore inside Seller Central, where sellers discover and connect third-party tools. This is how every competitor (Jungle Scout, Helium 10, SellerAmp, BoxEm, etc.) integrates with Amazon.

Contrast with a private app: only works for your own seller account, doesn’t need Appstore listing, and is exempt from developer fees. Our current setup is effectively a private app.

Prerequisites

Professional Amazon Seller Account ($39.99/mo from Amazon) — OR register via Solution Provider Portal without one
Must be the primary account user (not a sub-user)
AWS account with an IAM Role configured for SP-API
Publicly accessible website (HTTPS) with privacy policy, terms of service, and clear business description
Business email address

10-Step Registration Process

Estimated time: 1–3 days for registration, 3–4 weeks for Appstore listing review.

Step 1: Prepare

Read and understand these three documents before starting:

Acceptable Use Policy (AUP) — What you can and cannot do with seller data
Data Protection Policy (DPP) — Security requirements (encryption, pen testing, vuln scanning)
Solution Provider Agreement — Legal terms for being an SP-API developer

Step 2: Create Solution Provider Portal Account

Go to https://developer.amazonservices.com and sign up. This is separate from Seller Central — it’s the developer portal where you manage your API applications.

Step 3: Create Developer Profile

Identity verification (~20 min) — Amazon verifies your business identity
Security control questionnaire — Answer questions about your data handling practices
Use case description (under 500 words) — Describe what your app does. For us: “Product scanning tool that helps FBA sellers discover eligible products by scanning Amazon’s category tree, checking eligibility restrictions, analyzing competitive pricing, and calculating profitability with a proprietary Green Light scoring system.”

Step 4: Register Sandbox Application

Create a test application in the SP-API sandbox environment. This lets you make API calls against Amazon’s test data without affecting real listings.

Step 5: Make First Sandbox API Call

Verify connectivity by making a simple API call (e.g., getCatalogItem) against the sandbox. This proves your IAM role, credentials, and OAuth flow all work.

Step 6: Set Up Authorization Workflow

Implement the full OAuth 2.0 flow (Login with Amazon / LWA). This is the mechanism by which sellers authorize your app to access their data. See the OAuth Flow page for full details.

Step 7: Register Production Application

Create your production app and select the API roles you need:

Product Listing — gives access to CatalogItems API and Listings Restrictions API
Pricing — gives access to Product Pricing API and Product Fees API

Neither role is “restricted” (restricted roles involve PII and require extra security controls).

Step 8: Call SP-API in Production

Test with the version=beta parameter to verify your production app works with real data.

Step 9: Test Your Application

Validate all endpoints work with real seller data. Run through the full scan pipeline: browse tree download → ASIN discovery → eligibility check → pricing/fees.

Step 10: List Your Application

Submit to the Selling Partner Appstore for review. You’ll need:

App name and description
Feature list (bulleted)
Target audience description
Product URL (must be HTTPS)
Pricing model (free, starting at $X/month, free trial with duration, etc.)
Search page image + up to 6 screenshots
Categories matching your registered app

Approval timeline: Amazon targets 3–4 weeks. If issues found, they contact via case log.

Key URLs

Resource	URL
Solution Provider Portal	`https://developer.amazonservices.com`
SP-API Documentation	`https://developer-docs.amazon.com/sp-api`
Appstore Listing Guide	`https://developer-docs.amazon.com/sp-api/docs/list-your-app-on-the-selling-partner-appstore`

Authorization Limits

Stage	Max Seller OAuth Connections
Before Appstore listing approved	25 sellers
After Appstore listing approved	Unlimited
Self-authorizations (for testing)	10

Important: Submit your Appstore listing BEFORE you reach 25 beta users. The review takes ~3–4 weeks, so plan ahead.

OAuth Authorization Flow

Last updated: 2026-04-26

What Is OAuth and Why Do We Need It?

OAuth 2.0 is a protocol that lets a user (an Amazon seller) grant our app permission to access their Amazon data without sharing their password. Amazon’s implementation is called Login with Amazon (LWA).

We need OAuth because the getListingsRestrictions API (which checks if a seller can sell a specific product) requires a sellerId parameter that must match the seller whose OAuth token is being used. You literally cannot check Seller A’s eligibility with Seller B’s token.

Two Entry Points

Flow 1: From Your Website

User clicks “Connect Amazon Account” on scanner.adawllc.com, which triggers the OAuth flow.

Flow 2: From the Selling Partner Appstore

Seller finds your app inside Seller Central → Apps & Services, clicks “Authorize.” Same OAuth flow, different entry point.

Complete OAuth Flow (Step by Step)

1. User clicks "Connect Amazon Account" on scanner.adawllc.com

2. Your app redirects to Amazon consent page:
   https://sellercentral.amazon.com/apps/authorize/consent
     %sapplication_id=YOUR_APP_ID
     &state=RANDOM_CSRF_TOKEN
     &redirect_uri=https://scanner.adawllc.com/api/auth/amazon/callback

3. Seller logs into Seller Central (if not already logged in)

4. Amazon shows consent page listing requested permissions

5. Seller clicks "Confirm"

6. Amazon redirects back to YOUR redirect URI with params:
   %sspapi_oauth_code=AUTH_CODE
   &state=RANDOM_CSRF_TOKEN
   &selling_partner_id=SELLER_ID

7. Your backend validates the state parameter (CSRF protection)

8. Your backend POSTs to https://api.amazon.com/auth/o2/token:
   {
     "grant_type": "authorization_code",
     "code": "AUTH_CODE",
     "redirect_uri": "https://scanner.adawllc.com/api/auth/amazon/callback",
     "client_id": "YOUR_LWA_CLIENT_ID",
     "client_secret": "YOUR_LWA_CLIENT_SECRET"
   }

9. Amazon returns:
   {
     "access_token": "short-lived (1 hour)",
     "refresh_token": "long-lived (365 days)",
     "token_type": "bearer",
     "expires_in": 3600
   }

10. Store refresh_token ENCRYPTED (AES-256) in tenants table

11. User is now connected — can start scanning

Token Lifetimes

Token	Lifetime	Notes
Authorization code	5 minutes	Must exchange immediately after user authorizes
Access token	1 hour	Use for API calls, refresh when expired
Refresh token	365 days	Must re-authorize annually. Amazon sends reminder 30 days before expiry

At Runtime (Making API Calls for a Tenant)

1. Retrieve tenant's encrypted refresh_token from PostgreSQL
2. Decrypt refresh_token
3. POST to https://api.amazon.com/auth/o2/token:
   {
     "grant_type": "refresh_token",
     "refresh_token": "TENANT_REFRESH_TOKEN",
     "client_id": "YOUR_LWA_CLIENT_ID",
     "client_secret": "YOUR_LWA_CLIENT_SECRET"
   }
4. Receive new access_token (valid 1 hour)
5. Use access_token in Authorization header for SP-API calls
6. Cache access_token in Redis (TTL: 50 minutes) to avoid unnecessary refreshes

Security Requirements

Two separate state parameters used to prevent CSRF attacks — validate both
Refresh tokens must be stored encrypted at rest (AES-256 or similar)
Never log or expose tokens in error messages
Handle token expiry gracefully — if 401 returned, refresh and retry once
The selling_partner_id returned in the callback is the seller’s ID — store it in the tenants table

SP-API Roles & Permissions

Last updated: 2026-04-26

What Are SP-API Roles?

When you register an SP-API application, you select which roles your app needs. Each role unlocks specific API endpoints. Amazon has two categories:

Non-restricted roles — Product data, pricing, fees. No PII involved. Easier approval.
Restricted roles — Orders, shipping, buyer messaging. Involves PII (names, addresses). Requires additional security controls and justification.

Roles We Need (Both Non-Restricted)

Role	APIs Unlocked	Restricted?
Product Listing	CatalogItems API (`searchCatalogItems`, `getCatalogItem`), Listings Restrictions API (`getListingsRestrictions`)	No
Pricing	Product Pricing API (`getCompetitivePricing`, `getItemOffers`, `getItemOffersBatch`), Product Fees API (`getMyFeesEstimate`, `getMyFeesEstimates`)	No

Neither role is restricted because our use case avoids PII entirely — we only deal with product data, pricing, and eligibility.

What Each API Does in Our Scanner

API	Endpoint	Purpose in Our Scanner
CatalogItems	`searchCatalogItems`	Discovery phase: find ASINs by category/keyword
CatalogItems	`getCatalogItem`	Get product name, category, BSR
ListingsRestrictions	`getListingsRestrictions`	Check if THIS seller can list THIS ASIN
CompetitivePricing	`getCompetitivePricing`	Get sale price, seller count (batch of 20)
ItemOffers	`getItemOffers` / `getItemOffersBatch`	Amazon on listing? FBA count, Buy Box info
ProductFees	`getMyFeesEstimates`	Referral fee, FBA fee, total (batch of 20)
Reports	`GET_XML_BROWSE_TREE_DATA`	Download category tree (one-time per scan)

Critical: Eligibility Is Per-Seller

getListingsRestrictions requires the sellerId parameter and it MUST match the seller whose OAuth token is being used. You cannot check Seller A’s eligibility with Seller B’s token. This is the fundamental reason each user must connect their own Amazon account.

Eligibility varies per seller because of:

Brand approvals (ungating)
Category gating (e.g., Grocery, Topicals, Health & Beauty)
Hazmat certifications
IP complaint history
Account age and performance metrics

SP-API Rate Limits & Developer Fees

Last updated: 2026-04-26

Rate Limits Are Per App+Seller Pair

Good news for multi-tenant: Rate limits are scoped to your app + each individual seller’s authorization. Each connected seller gets their own rate limit bucket. 10 sellers scanning simultaneously each get full throughput.

Rate Limit Table

API Operation	Rate (req/sec)	Burst	Items/Request	Effective Throughput
`getListingsRestrictions`	5	10	1 ASIN	5 ASINs/sec
`searchCatalogItems`	2	2	20 ASINs/page	40 ASINs/sec
`getCompetitivePricing`	0.5	1	20 ASINs	10 ASINs/sec
`getItemOffers`	0.5	1	1 ASIN	0.5 ASINs/sec
`getItemOffersBatch`	0.5	1	20 ASINs	10 ASINs/sec
`getMyFeesEstimates`	0.5	1	20 ASINs	10 ASINs/sec

Bottleneck Analysis (Single Seller)

The bottleneck is getListingsRestrictions at 5 ASINs/sec (no batch endpoint exists).

Scan Size	Eligibility Time	Pricing Time	Total Estimate
100 ASINs	~20 sec	~10 sec	~30 sec
1,000 ASINs	~200 sec (3.3 min)	~100 sec	~5 min
10,000 ASINs	~33 min	~17 min	~50 min
50,000 ASINs	~2.8 hours	~1.4 hours	~4 hours

Rate Limit Strategy for Multi-Tenant

Implement per-tenant token bucket rate limiters in Redis
Mirror SP-API’s limits exactly (refill rates, burst capacity)
Queue requests that exceed limits — don’t drop them
Use exponential backoff with jitter for 429 (throttled) responses
Batch wherever possible: CompetitivePricing, ItemOffersBatch, FeesEstimates all accept 20 ASINs
Cache catalog data aggressively (product names/categories change slowly)

SP-API Developer Fees (2026)

Annual Subscription

Fee	Amount	Effective Date
Annual subscription	$1,400/year	January 31, 2026 (ALREADY IN EFFECT)

Monthly Usage Tiers (GET Calls Only)

Tier	Monthly GET Calls	Monthly Fee	Effective Date
Basic	Up to 2,500,000	Free	April 30, 2026
Pro	Up to 25,000,000	$1,000/month	April 30, 2026
Plus	Up to 250,000,000	$10,000/month	April 30, 2026
Enterprise	Custom	Custom pricing	April 30, 2026
Overage	Beyond tier limit	$0.40 per 1,000 GET calls	April 30, 2026

What Counts as a GET Call?

Only GET HTTP methods are metered
POST, PUT, PATCH are NOT metered (free)
This means fee estimates (POST getMyFeesEstimates) and token exchanges (POST) don’t count

Cost Estimate by Scale

Tenants	Scans/Month	Est. GET Calls	Tier	Monthly API Cost
1–10	20–100	~200K–1M	Basic	$0
10–50	100–500	~1M–2.5M	Basic	$0
50–100	500–1,000	~2.5M–5M	Pro	$1,000
100–500	1,000–5,000	~5M–25M	Pro	$1,000

Important Notes

Private developers are exempt from these fees (apps only for your own business). Since we’re going public (multi-tenant SaaS), the fees apply.
Amazon does NOT take revenue share. The $1,400/yr + usage fees are your only costs to Amazon. This is fundamentally different from Apple/Google app stores (which take 15–30%).

Multi-Tenant PostgreSQL Schema

Last updated: 2026-04-26

Migration Strategy: SQLite → PostgreSQL

We’re migrating from SQLite (single file on Railway volume) to PostgreSQL. Options:

Railway’s PostgreSQL add-on — Simple, same platform as our app
Supabase Postgres — Free tier includes RLS, built-in auth integration

Schema Pattern: Pool Model

We’re using the pool model: a single shared database where every table has a tenant_id column. This is the simplest, cheapest, and recommended approach for our scale (tens to low hundreds of tenants).

Other patterns (silo model = separate DB per tenant, bridge model = separate schema per tenant) are overkill for our scale and add operational complexity.

New Tables

`shared_catalog`

Column	Type	Description
`asin`	TEXT PK	Amazon product identifier
`monthly_sold`	INTEGER	Amazon "bought in past month" badge value
`estimated_sales`	INTEGER	Computed sales estimate after stale detection
`sales_source`	TEXT	"Badge", "BSR Drops", or "BSR Formula"
`sales_confidence`	TEXT	"high", "medium", "low"
`enriched_at`	TIMESTAMP	When Keepa data was last fetched
`enrichment_count`	INTEGER	Number of times enriched

`tenants`

CREATE TABLE tenants (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    user_id UUID NOT NULL REFERENCES auth.users(id),
    email TEXT NOT NULL,
    display_name TEXT,

    -- Stripe
    stripe_customer_id TEXT,
    stripe_subscription_id TEXT,
    plan TEXT NOT NULL DEFAULT 'scout',
      -- scout / pro / enterprise / admin
    plan_status TEXT NOT NULL DEFAULT 'active',
      -- active / past_due / canceled / trialing

    -- Amazon SP-API (encrypted)
    sp_api_refresh_token TEXT,  -- AES-256 encrypted
    seller_id TEXT,
    marketplace_id TEXT DEFAULT 'ATVPDKIKX0DER',
    amazon_connected_at TIMESTAMP,
    amazon_token_expires_at TIMESTAMP,
      -- refresh_token expiry (365 days from auth)

    -- Limits (per-plan, enforced via stripe_config.get_plan_limits())
    -- scout: 10,000 scans/mo / pro: 50,000 / enterprise: unlimited / admin: unlimited
    scan_limit_monthly INTEGER DEFAULT 10000,
    keepa_daily_budget INTEGER DEFAULT 100,

    -- Timestamps
    created_at TIMESTAMP DEFAULT NOW(),
    updated_at TIMESTAMP DEFAULT NOW()
);

`usage_tracking`

CREATE TABLE usage_tracking (
    id SERIAL PRIMARY KEY,
    tenant_id UUID NOT NULL REFERENCES tenants(id),
    month TEXT NOT NULL,           -- '2026-03'
    scans_started INTEGER DEFAULT 0,
    asins_scanned INTEGER DEFAULT 0,
    api_calls_made INTEGER DEFAULT 0,
    keepa_tokens_used INTEGER DEFAULT 0,
    UNIQUE(tenant_id, month)
);

Modified Existing Tables

Every existing table gets tenant_id UUID NOT NULL REFERENCES tenants(id):

-- checked_asins: add tenant_id, change PK
ALTER TABLE checked_asins ADD COLUMN tenant_id UUID NOT NULL;
ALTER TABLE checked_asins DROP CONSTRAINT checked_asins_pkey;
ALTER TABLE checked_asins ADD PRIMARY KEY (tenant_id, asin);

-- Same pattern for all other tables:
-- scan_categories: add tenant_id
-- scan_asins: add tenant_id
-- scan_sessions: add tenant_id
-- scan_meta: add tenant_id

The primary key for checked_asins changes from (asin) to (tenant_id, asin) because different sellers can have different eligibility results for the same ASIN.

Row-Level Security (RLS)

If using Supabase Postgres, you can enable RLS so that queries automatically filter by the current tenant — an extra safety net beyond application-level filtering:

ALTER TABLE checked_asins ENABLE ROW LEVEL SECURITY;

CREATE POLICY tenant_isolation ON checked_asins
    USING (tenant_id = current_setting('app.current_tenant')::uuid);

In your Flask app, set the tenant context at the start of each request:

@app.before_request
def set_tenant_context():
    tenant_id = get_tenant_from_jwt(request)
    db.execute("SET app.current_tenant = %s", [str(tenant_id)])

Current SQLite Schema (For Reference)

The full current database schema with all columns and types is documented on the Database Schema page under the Technical section. When migrating, every table gets tenant_id added and composite primary keys where applicable.

Background Job System (Celery + Redis)

Last updated: 2026-04-26

Why Do We Need a Job Queue?

Currently, scans run as a Python subprocess on the same machine as the web server. This works for a single user, but with multiple tenants scanning simultaneously, we need:

Concurrent scan execution — multiple scans at once without blocking the web server
Per-tenant isolation — one user’s scan can’t starve another’s
Retries and error handling — failed API calls retry automatically
Monitoring — track progress, cancel scans, report status

What Is Celery?

Celery is a Python distributed task queue. It takes jobs from your web application and runs them in separate worker processes. Redis acts as the “message broker” — the queue that connects your Flask API to Celery workers.

Architecture

Flask API
  |
  | celery_app.send_task('run_scan', args=[tenant_id, config])
  v
Redis Queue (broker)
  |
  | Worker picks up task
  v
Celery Worker Process
  |
  | Uses tenant's SP-API credentials
  v
SP-API (Amazon) + PostgreSQL (results)

Implementation Example

# tasks.py
from celery import Celery

celery_app = Celery('scanner', broker='redis://localhost:6379/0')

@celery_app.task(bind=True, max_retries=3)
def run_scan(self, tenant_id, scan_config):
    # Run a full scan for a specific tenant.
    tenant = get_tenant(tenant_id)
    sp_client = create_sp_client(
        tenant.sp_api_refresh_token,
        tenant.seller_id
    )

    # Phase 1: Tree (skip if already downloaded)
    # Phase 2: Discovery (searchCatalogItems)
    # Phase 3: Eligibility (Wave 1 + Wave 2)
    # All results written to PostgreSQL with tenant_id

Railway Setup

# Procfile (updated for multi-service)
web: gunicorn dashboard:app --bind 0.0.0.0:$PORT --workers 4 --timeout 120
worker: celery -A tasks worker --loglevel=info --concurrency=4

Railway runs the web and worker as separate services (each with their own container). Redis is also a separate Railway service. All three share the same internal network.

Why Celery + Redis (Not Alternatives)?

Option	Pros	Cons
Celery + Redis (chosen)	Python ecosystem standard, mature, well-documented, Railway-compatible	Adds operational complexity
RQ (Redis Queue)	Simpler than Celery	Less features, fewer tutorials
Subprocess (current)	Simple, no dependencies	No concurrency, no retry, no monitoring
AWS Lambda	Serverless, auto-scaling	Different platform, cold starts, 15 min limit

Current state: The enrichment service currently uses a simple Python loop (enrichment.py) instead of Celery+Redis. It runs as a separate Railway worker with ENRICHMENT_MODE=1 and processes the shared_catalog table on a configurable interval. Celery+Redis is planned for future scaling when concurrent per-tenant scan queuing is needed.

Stripe Payment Integration

Last updated: 2026-04-26

What Is Stripe?

Stripe is a payment processing platform that handles subscription billing, credit card processing, invoicing, and tax compliance. It’s the industry standard for SaaS products.

Components Implemented

Component	Purpose
Stripe Checkout	Hosted payment page for initial subscription. User picks a plan, enters card, Stripe handles everything.
Stripe Customer Portal	Self-service page where users manage billing: change plan, update card, download invoices, cancel.
Stripe Webhooks	Backend events that notify us when things happen (payment succeeded, failed, subscription canceled, etc.).
Stripe Products/Prices	Plan tiers (Scout, Pro, Enterprise) and their prices configured in the Stripe dashboard.

User Flow (End to End)

1. User signs up (Supabase Auth — email/password or Google OAuth)
2. Redirect to Stripe Checkout (plan selection page)
3. User enters credit card and pays
4. Stripe fires checkout.session.completed webhook
5. Backend creates tenant record (plan='scout', status='active')
6. User sees "Connect Amazon Account" button
7. Amazon OAuth flow → refresh_token stored
8. User can now scan

Webhook Events Handled

# Endpoint: POST /api/webhooks/stripe

checkout.session.completed
  → User completed payment
  → Activate tenant, set plan, update plan_status='active'

invoice.paid
  → Recurring payment succeeded
  → Extend subscription, reset monthly usage counters

invoice.payment_failed
  → Payment failed
  → Set plan_status='past_due'
  → Grace period (7 days), then suspend scans

customer.subscription.updated
  → Plan change (upgrade/downgrade)
  → Update plan and limits in tenants table

customer.subscription.deleted
  → Subscription canceled
  → Set plan_status='canceled'
  → Revoke scan access, keep data for 30 days

Webhook Security

Every webhook request from Stripe includes a Stripe-Signature header. You must verify this signature using your STRIPE_WEBHOOK_SECRET to prevent spoofed webhook events.

event = stripe.Webhook.construct_event(
    payload=request.data,
    sig_header=request.headers['Stripe-Signature'],
    secret=STRIPE_WEBHOOK_SECRET
)

Environment Variables

Variable	Purpose
`STRIPE_SECRET_KEY`	Backend API key (`sk_live_...`)
`STRIPE_PUBLISHABLE_KEY`	Frontend key (`pk_live_...`)
`STRIPE_WEBHOOK_SECRET`	Webhook signature verification (`whsec_...`)
`STRIPE_SCOUT_PRICE_ID`	Stripe Price ID for Scout tier
`STRIPE_PRO_PRICE_ID`	Stripe Price ID for Pro tier
`STRIPE_ENTERPRISE_PRICE_ID`	Stripe Price ID for Enterprise tier

Authentication & User Management

Last updated: 2026-04-26

Current State

We already use Supabase Auth with JWT verification. It’s optional (controlled by ALLOWED_EMAILS env var). For multi-tenant, auth becomes required and we add tenant provisioning on top.

Full Auth Flow

1. Supabase Auth handles signup, login, password reset, MFA
2. On signup, Supabase creates a user in auth.users
3. After Stripe payment, our backend creates a row in tenants
   table linked to auth.users.id
4. JWT from Supabase includes user_id claim
5. Backend maps user_id → tenant_id on every request
6. All database queries scoped to tenant_id

JWT Claims (Extended)

{
  "sub": "user-uuid",
  "email": "seller@example.com",
  "aud": "authenticated",
  "role": "authenticated",
  "app_metadata": {
    "tenant_id": "tenant-uuid",
    "plan": "pro"
  }
}

Request Middleware

@app.before_request
def require_auth():
    token = request.headers.get('Authorization', '')
    token = token.replace('Bearer ', '')
    payload = jwt.decode(
        token,
        SUPABASE_JWT_SECRET,
        algorithms=['HS256'],
        audience='authenticated'
    )
    g.user_id = payload['sub']
    g.tenant_id = get_tenant_id_for_user(payload['sub'])

    # Enforce plan limits
    tenant = get_tenant(g.tenant_id)
    if tenant.plan_status != 'active':
        abort(402, 'Subscription required')

What Changes From Current Auth

Aspect	Current	Multi-Tenant
Auth required?	Optional	Required for all API endpoints
User → tenant mapping	N/A (single tenant)	`user_id → tenant_id` lookup on every request
Plan enforcement	N/A	Check `plan_status` before allowing scans
Signup flow	Email allowlist	Open signup → Stripe payment → tenant creation

Compliance & Security Requirements

Last updated: 2026-04-26

Amazon Data Protection Policy (DPP)

As a public SP-API developer, Amazon requires you to meet ongoing security obligations. Non-compliance can result in revocation of your API access.

Requirement	Frequency	Details
Vulnerability scanning	Every 180 days	Automated scanning of your app and infrastructure
Penetration testing	Every 365 days	Must be done by an entity DIFFERENT from whoever built the app
Code scanning	Before each release	Static analysis for security issues
Encryption at rest	Always	Refresh tokens must be encrypted (AES-256)
Encryption in transit	Always	HTTPS everywhere
Incident response plan	Always	Document what happens if tokens are leaked

Amazon Acceptable Use Policy (AUP)

You MUST NOT:

Aggregate data across sellers to sell to third parties
Scrape Amazon outside of the SP-API
Facilitate violations of Amazon’s Business Solutions Agreement
Store data longer than necessary
Share one seller’s data with another seller

You MUST:

Only collect data you need for your stated purpose
Delete seller data if they disconnect or request deletion
Maintain audit logs of data access
Respond to Amazon audit requests

Penetration Testing Notes

Budget: ~$2,000–$10,000/year depending on scope. The pen test must be performed by a different entity than whoever built the application. Amazon may request evidence at any time.

Our Security Checklist

☐ Encrypt refresh tokens at rest (AES-256)
☐ HTTPS on all endpoints (Railway provides this)
☐ Webhook signature verification (Stripe + Amazon)
☐ CSRF protection on OAuth flow (state parameter)
☐ Rate limiting per tenant (Redis token buckets)
☐ Audit logging for data access
☐ Incident response plan document
☐ First vulnerability scan (within 180 days of launch)
☐ First pen test (within 365 days of launch)
☐ Data deletion on tenant disconnect

Competitor Analysis

Last updated: 2026-04-26

Why This Matters

We researched 6+ competitors to validate that our planned architecture is correct. The result: every single competitor uses the exact same pattern — public SP-API app + OAuth per-seller + Appstore listing. This confirms our approach.

Direct Competitors (Product Sourcing/Scanning)

Tool	Type	SP-API?	Appstore?	Pricing	Notes
SellerAmp	Product analysis, eligibility	Yes	Yes	~$14–28/mo	Shows “No” eligibility without connection
ScanUnlimited	Wholesale list scanning	Yes	Yes (Carbon6)	~$40–80/mo	Upload spreadsheets, bulk analysis
Tactical Arbitrage	Retail/online arbitrage	Yes	Yes (Threecolts)	~$50–100/mo	Scans 1,500+ retail sites
BuyBotPro	Product analysis Chrome ext	Yes	Yes	~$30–50/mo	Chrome extension focused
Seller Assistant	Product analysis	Yes	Yes	~$16–50/mo	Integrates Keepa + SP-API

Adjacent Competitors (Broader FBA Tools)

Tool	Type	Pricing	Notes
Jungle Scout	Full suite (research + tracking)	~$49–129/mo	Massive dataset, own API
Helium 10	Full suite (research + optimization)	~$39–249/mo	Owned by Pacvue
BoxEm	Shipment/inventory/analytics	$23–70/mo	US only, 14-day trial

Key Validation Findings

All use public SP-API app + OAuth — No competitor uses a different integration method
Eligibility requires per-seller credentials — getListingsRestrictions needs sellerId matching the OAuth token
Only 2 non-restricted roles needed — Product Listing + Pricing (no PII involved)
Rate limits scale linearly — Per app+seller pair, so more tenants = more capacity
Amazon takes NO revenue share — Only developer fees ($1,400/yr + usage)
PostgreSQL pool model is industry standard — Shared DB with tenant_id column

Our Differentiation

Our scanner’s unique value is the automated category-wide eligibility scanning with Green Light scoring. Most competitors check one ASIN at a time or require a pre-built list. Our tool discovers products autonomously by scanning Amazon’s category tree — finding opportunities the seller didn’t even know about.

Pricing Model & Revenue

Last updated: 2026-04-26

Recommended Tiers

Tier	Price	Includes
Scout	$49/mo	10,000 scans/mo, Keepa 100 tokens/day (~1,000 enrichments/mo), score-gated auto-enrichment
Pro	$99/mo	50,000 scans/mo, Keepa 500 tokens/day (~5,000 enrichments/mo), all eligible enriched
Enterprise	$179/mo	Unlimited scans, Keepa 1,500 tokens/day (~15,000 enrichments/mo), priority queue

What’s Included in All Tiers

Green Light scoring (7-point system with Keepa bonuses)
Eligibility checking (per-seller, real-time via their own Amazon account)
Competitive pricing analysis
Fee estimation (referral + FBA fees)
Category tree scanning
Keepa enrichment (if available)
Opportunity ranking and filtering

Pro/Enterprise Extras

Pro+: Keepa integration, category insights, complete scan-session history
Enterprise: Priority scan queue, API access for custom integrations, team members / sub-accounts

Revenue Projections

Scenario	Tenants	Avg Revenue/Tenant	Monthly Revenue	Annual Revenue
Early	25	$40	$1,000	$12,000
Growth	100	$55	$5,500	$66,000
Scale	500	$65	$32,500	$390,000

Cost Structure

Cost	Monthly	Annual
Railway (web + worker + Redis + Postgres)	~$20–50	~$240–600
Amazon SP-API developer fee	—	$1,400
Amazon SP-API usage (Basic tier)	$0	$0
Keepa API	~$55 (€49)	~$660
Stripe fees (2.9% + $0.30/txn)	Variable	~3% of revenue
Pen testing	—	~$2,000–5,000
Total fixed costs	~$200	~$5,000–8,000

Break-Even Analysis

With ~$200/month in fixed costs, break-even is at ~5–7 paying customers on the Scout plan, or ~3 customers on Pro.

Implementation Phases

Last updated: 2026-04-26

Phase 1: Foundation (2–4 weeks) ✅ Complete

#	Task	Status
1	Register as public SP-API developer on Solution Provider Portal	☐
2	Set up PostgreSQL on Railway (or Supabase Postgres)	☐
3	Migrate SQLite schema → PostgreSQL with `tenant_id` on all tables	☐
4	Create `tenants` and `usage_tracking` tables	☐
5	Set up Stripe: create products, prices, checkout session	☐
6	Build signup → payment → dashboard flow	☐
7	Add `tenant_id` enforcement to all API queries	☐

Phase 2: Multi-Tenant Scanning (3–5 weeks) ✅ Complete

#	Task	Status
1	Implement Amazon OAuth flow (LWA authorization + token exchange)	☐
2	Build “Connect Amazon Account” UI flow	☐
3	Store per-tenant SP-API refresh tokens (encrypted AES-256)	☐
4	Modify `finder.py` to accept tenant context and use tenant’s credentials	☐
5	Set up Celery + Redis for background scan jobs	☐
6	Implement per-tenant scan queuing and rate limiting	☐
7	Add scan progress WebSocket/SSE for real-time updates	☐

Phase 3: Polish & Launch (2–3 weeks) 🔄 In Progress

#	Task	Status
1	Stripe webhook handling (payment failures, upgrades, cancellations)	☐
2	Usage metering and plan enforcement (scan limits, ASIN limits)	☐
3	Tenant settings page (billing, Amazon connection status, usage)	☐
4	Onboarding tour for new users	☐
5	Landing page with pricing table	☐
6	Submit app to Selling Partner Appstore for review	☐
7	Vulnerability scan + pen test (for Amazon DPP compliance)	☐

Phase 4: Growth (Post-Launch)

#	Task	Status
1	Chrome extension for on-page product analysis	☐
2	Additional marketplaces (UK, CA, EU)	☐
3	Team/sub-account support	☐
4	API access for Enterprise tier	☐
5	Separate React frontend (if needed)	☐

Key Technical Decisions

Decided

Decision	Choice	Rationale
Database	PostgreSQL	Multi-tenant RLS, scalability, industry standard
App type	Public SP-API app on Appstore	Required for multi-seller OAuth, unlimited connections
Payments	Stripe	Industry standard SaaS billing
Job queue	Celery + Redis	Python ecosystem standard, mature, Railway-compatible
Auth	Supabase Auth	Already in use, handles full user lifecycle

To Decide

Decision	Options	Notes
PostgreSQL host	Railway Postgres vs Supabase Postgres	Supabase has free tier + built-in RLS
Frontend	Keep embedded HTML (MVP) vs React	Embedded is faster to ship
Keepa cost	Absorb in plan price vs separate add-on	Most competitors include data enrichment
SP-API app count	Single app vs multiple registrations	Single is fine until rate limits become an issue

Glossary

Last updated: 2026-04-26

Terms and definitions used throughout the SaaS scaling documentation. If you encounter an unfamiliar term, check here first.

Term	Definition
ASIN	Amazon Standard Identification Number — a unique 10-character alphanumeric product ID assigned by Amazon to every product in its catalog.
BSR	Best Seller Rank — a number representing how well a product sells compared to others in its category. Lower = better. Updated hourly by Amazon.
Buy Box	The “Add to Cart” button area on a product page. Multiple sellers can list the same product, but only one “wins” the Buy Box at any time. Winning the Buy Box means your offer is the default purchase option.
Celery	A Python distributed task queue library for processing background jobs asynchronously. Used to run scans in separate worker processes.
DPP	Data Protection Policy — Amazon’s security requirements for SP-API developers, including encryption, vulnerability scanning, and penetration testing.
FBA	Fulfillment by Amazon — a service where sellers ship inventory to Amazon warehouses. Amazon handles storage, packing, shipping, and customer service.
FBM	Fulfillment by Merchant — the seller handles their own storage, packing, and shipping directly to the customer.
Green Light Score	Our proprietary weighted 0–10 scoring system that evaluates product opportunity quality based on profit margin, sales velocity, competition (FBA sellers), price point, and Keepa trends.
IAM	Identity and Access Management — an AWS service for managing API credentials and permissions. SP-API requires an IAM Role for authentication.
LWA	Login with Amazon — Amazon’s implementation of OAuth 2.0. Used to let sellers authorize our app to access their SP-API data.
MWS	Marketplace Web Service — Amazon’s old API for seller tools. Fully sunset in March 2024. Replaced by SP-API.
OAuth	Open Authorization — a protocol that lets a user (Amazon seller) grant our app permission to access their data without sharing their password.
Pool Model	A multi-tenant database pattern where all tenants share one database and tables, with a `tenant_id` column on every row for isolation. Simplest and cheapest approach.
Redis	An in-memory data store used as a message broker (Celery queue), cache (access tokens), and rate limiter (token buckets).
RLS	Row-Level Security — a PostgreSQL feature that restricts which rows a query can see based on the current session context. Provides an extra layer of tenant isolation beyond application code.
SP-API	Selling Partner API — Amazon’s current REST API for third-party seller tools. Replaced MWS in 2024.
Stripe	A payment processing platform that handles subscription billing, credit card processing, invoicing, and tax compliance for SaaS products.
Tenant	A single customer (Amazon seller) in our multi-tenant system. Each tenant has their own data, credentials, and scan results, isolated from other tenants.
WAL	Write-Ahead Logging — a SQLite journaling mode that allows concurrent reads while writing. Used in our current single-tenant setup.
Webhook	An HTTP callback — when an event happens (payment succeeded, subscription canceled), the external service (Stripe/Amazon) sends a POST request to our server to notify us.

Changelog

91 commits across 12 days — comprehensive system overhaul by Claude Opus.

v3.0 — April 2026 (Current)

Architecture

Shared Catalog: global shared_catalog table (550K+ ASINs) replaces per-tenant Keepa enrichment
Enrichment Service: background worker (enrichment.py) on separate Railway instance
Frontend: 14 JS modules + 5 CSS files, minified to 2 production bundles
Hash Routing: deep-linkable URLs (#/overview, #/products, etc.)
HTML Templates: product rows, history cards, opportunity items use <template> cloning
Adaptive Polling: 2s during scan, 10s when idle (was fixed 5s)
PWA: manifest.json + service worker for installable app experience

Features

Watchlist/Favorites: star products, filter by watchlist, persisted per tenant
Product Comparison: side-by-side view of 2-3 products
Keyboard Shortcuts: /, j/k, Enter, s, %s for power users
Interactive Charts: click quality/category/price bars to filter Products tab
Browser Notifications: scan complete + Green Light batch alerts
Discord Webhook: real-time alerts for Green products (score 7.0+, sales 100+)
Mobile Card Layout: products table converts to cards on phones
Loading Skeletons: shimmer placeholders during data loads

Accuracy

Private Label Detection: -0.5 score penalty when avg sellers < 2.0
Stale Badge Detection: CHECK 3 drops-vs-badge divergence (5x ratio)
BSR Fallback: Keepa rank used when SP-API returns no BSR
Keepa Price Validation: hide misleading prices that diverge >3x from sale price
Top Opportunities: minimum 100 sales/mo gate added

Infrastructure

Health Endpoint: /health for Railway monitoring
Diagnostic Endpoint: /api/diagnostic/shared-catalog for catalog health
Python Logging: structured logging module (replacing 444 print statements)
Test Suite: 10 pytest tests (scoring, health, security)
Security: removed hardcoded Discord webhook, env-var only
Font Consistency: global font-family: inherit fix for all buttons/inputs

v2.0 — March 2026

Complete system overhaul: new scan modes, redesigned UI, cost optimizations, performance improvements, and 30+ bug fixes.

New Features

Feature	Description	Impact
Top Sellers Scan	New scan mode using Keepa Best Sellers API to discover 100K+ top-selling ASINs across all categories. Bypasses category browsing entirely.	10x faster product discovery
Eligibility-First Pipeline	Check eligibility BEFORE pricing/catalog. Non-eligible ASINs (92%) cost 1 API call instead of 5.	75% fewer SP-API calls
Shared Eligibility Cache	Global cache with 7-day TTL prevents re-checking 300K+ non-eligible ASINs on subsequent scans.	80% fewer eligibility calls
Shared Sales Catalog	Global `shared_catalog` table with 550K+ ASINs and Keepa enrichment data. Background enrichment service refreshes stale entries daily. All tenants share the same sales data — ADAW absorbs the Keepa API cost.	90% Keepa cost reduction
Discord Webhook Alerts	Real-time Discord notifications for high-quality Green Light products (score 7.0+ with 100+ monthly sales). Set via `DISCORD_WEBHOOK_URL` environment variable.	Instant product alerts
Per-Category BSR Curves	27 category-specific BSR-to-sales formulas replace one-size-fits-all. High-volume categories get steeper decay curves.	40% more accurate sales estimates
Sales Intelligence Panel	Product modal shows all 3 data sources (Badge, BSR Drops, BSR Formula) with confidence levels and cross-validation.	Transparent sales data
Live Product Feed	Products page shows LIVE/NEW badges on recently discovered products with green glow animation.	Real-time discovery visibility
Scan Type Badges	Visual indicators for FULL SCAN vs TOP SELLERS mode in header and stat cards.	Clear scan mode awareness
Yield Analytics Redesign	Summary stats (Current/Trend/Peak/Average), improved chart with deduped x-axis labels.	Better yield insights
ETA Indicators	Live time-remaining estimates on Eligibility, Yield, and Data Enrichment cards.	Scan progress predictability
Restart Scan	Full scan restart with history preservation. Clears scan data while keeping historical sessions.	Clean re-scan capability

UI/UX Improvements

Change	Before	After
Products default sort	Newest first (checked_at)	Best first (score DESC)
Buy Box column	"Retailers" with %s badges	"Buy Box" with Amazon/3P Seller/Open badges
Brand column	Often empty (SP-API doesn't always return)	Removed — saves space
Score tinting	All rows same style	Green/Yellow left border accent
Image fallbacks	Blank square	Initial letter in dark circle
Missing data	Dashes (---)	"Pending" text with opacity
Pipeline cards	4 cards (Discovery, Eligibility, Refresh, Yield)	3 cards (removed Refresh)
Keepa section	Large card with buttons	Compact "Data Enrichment" bar
Mobile responsive	Horizontal scroll issues	Locked axis, stacked layouts
Polling rate	Every 1 second	Every 5 seconds (80% less load)

Performance Optimizations

Optimization	Metric	Improvement
SELECT * → specific columns	Brands endpoint	5.9MB → 1.5MB response
Analysis cache (30s TTL)	Dashboard poll	6x fewer heavy queries
Brands cache (5min TTL)	Brands page	Eliminated 502 timeouts
Stats cache (3s TTL)	All pages	60% fewer COUNT queries
Eligibility-first pipeline	Per-ASIN processing	4-5x throughput increase
Database indexes	asin, is_eligible, category	Faster queries on 300K+ rows
Lazy brand detail rendering	Brands expand/collapse	Instant page load vs 10s+ lag
Client-side brand caching	Tab switching	Instant re-render from memory

API Cost Optimization

Strategies implemented to minimize SP-API and Keepa costs while maximizing data quality.

Cost Architecture

The scanner uses two external APIs with usage-based costs. Our optimization strategy reduces total API calls by ~80% without sacrificing data quality.

SP-API Call Reduction

Strategy	How It Works	Savings
Eligibility-First Pipeline	Check eligibility BEFORE pricing/catalog. 92% of ASINs are rejected at this gate (1 call) instead of running the full 5-call pipeline.	75% fewer calls
Shared Eligibility Cache	Non-eligible results cached globally with 7-day TTL. Subsequent scans skip SP-API entirely for known-rejected ASINs.	80% on re-scans
Early Price Rejection	Products under $12 or with 15+ sellers skip Wave 2 (fees + offers), saving 2 API calls per product.	~20% of eligible

Keepa Token Optimization

Strategy	How It Works	Savings
Global Keepa Cache	289K+ ASINs cached globally. When any user scans an ASIN already enriched, data served from cache (0 tokens).	60-80% at scale
Smart Budget Management	When daily budget < 50%, daemon skips Red products and focuses tokens on Green + Yellow products only.	70% token savings
Tiered Freshness TTL	BSR <10K = 2-day refresh, BSR <50K = 5-day, BSR >50K = 10-day. Fast movers get fresher data.	50% daemon savings
Pre-Score Threshold	Only products scoring ≥3.5 pre-Keepa get enriched. Low-quality products skip enrichment entirely.	~30% fewer enrichments

The Shared Catalog architecture further reduces costs by 90%: one Keepa plan (~$100/mo) serves all tenants via the shared_catalog table, vs $500+/mo for per-tenant enrichment.

Per-Product API Cost Breakdown

Non-Eligible ASIN (92% of all): 1x ListingsRestrictions check ............ 1 SP-API call, 0 Keepa tokens Total: 1 call Eligible ASIN (8% of all): 1x ListingsRestrictions check ............ 1 SP-API call 1x CompetitivePricing (batch 20) ......... 0.05 calls (amortized) 1x CatalogItems .......................... 1 SP-API call 1x ProductFees ........................... 1 SP-API call 1x ItemOffers ............................ 1 SP-API call 1x Keepa enrich (batch 20) ............... 1 token (amortized) Total: ~4 calls + 1 Keepa token Per 1,000 ASINs (8% eligible rate): 920 non-eligible x 1 call = 920 SP-API calls 80 eligible x 4 calls = 320 SP-API calls 80 eligible x 1 token = 80 Keepa tokens TOTAL: 1,240 SP-API calls + 80 Keepa tokens

Bugs Fixed

30+ production bugs identified and resolved during the March 2026 overhaul.

Critical Fixes

Bug	Root Cause	Fix
Scan crashes after 5 ASINs	`UnboundLocalError` on `_keepa_batch_buffer` — reassignment inside function made Python treat global as local	Added `global _keepa_batch_buffer` declaration
PostgreSQL transaction abort	`init_db()` DDL failures left connection in `InFailedSqlTransaction` state, poisoning all subsequent queries	Wrapped each DDL in try/except with explicit commit/rollback
Brands 500 error	`SELECT *` loading 135K+ rows into memory caused timeout. Also, pagination code mutated cached objects via `pop()`	Added `is_eligible = TRUE` filter (11K vs 135K rows) + shallow copy instead of mutation
502 server overload	Frontend polling every 1 second with 2 gunicorn workers. 600+ requests queued.	Reduced polling to 5 seconds, added analysis cache (30s TTL)
12.3M duplicate ASINs	Clicking Top Sellers multiple times stacked ASINs in scan_asins without dedup. No guard against concurrent starts.	Added `is_scan_running()` check + dedup on insert + cleanup endpoint
Silent Keepa failures	50+ `except: pass` blocks hiding real errors. Production debugging impossible.	Replaced with `except Exception as e: print()` for visibility
Amazon grade incorrect	Products with Amazon on Buy Box scored C/Hold instead of F/Avoid	Hardcoded grade override: Amazon BB = F grade + AVOID badge
0/10 scores on valid products	Score computation used fee_margin from DB (often NULL) instead of calculating from price/fees	Compute margin inline if DB value is NULL
NULL sort crashes	Sorting by score put NULL-score products randomly in results	Added NULLS LAST to all sort columns
History card shows zeros	Running scan session queried only finalized data, not live counts	Added live query fallback for active sessions
Keepa price mismatch	Badge data diverging >3x from sale price displayed misleading prices	Hidden with warning when divergence exceeds 3x
Stale badge CHECK 3	Drops-vs-badge ratio >5x not detected, inflating sales estimates	Added cross-validation check; capped at 3x BSR estimate
N+1 query	shared_catalog per-product queries caused slow dashboard loads	Replaced with batch preload on analysis endpoint
Font fallback	17+ buttons using Arial instead of system font	Global `font-family: inherit` fix for all buttons/inputs
Watchlist table creation	PostgreSQL `CREATE TABLE IF NOT EXISTS` not running on startup	Added watchlist table to `init_db()` migration

UI/UX Fixes

Bug	Fix
HTML tags rendered in Quality Distribution (`<span>` visible)	Fixed template escaping
Product Type showing underscores (PRECISION_MEASURING)	Added title case + space conversion
Yield chart x-axis showing "Mar 5, Mar 5, Mar 5..." repeating	Deduplicated labels, show only on date change
Mobile horizontal scroll on all pages	Added overflow-x:hidden, responsive breakpoints
Top Opportunities not sorted correctly	Fixed opportunity_score sort to use DESC
Alert/confirm dialogs blocking UI	Replaced with non-blocking showToast() notifications
Docs page not mobile-friendly	Added responsive sidebar, stacked layout

Current plan Active

—

Usage this month

0% used

0 / 0 ASIN checks

0 products scanned this month

Profile

Your identifiers and quick-access utilities.

Email —

Tenant ID —

Onboarding tour

Amazon Seller (SP-API)

Connect your own Seller Central account so eligibility checks and pricing data come from your seller credentials, not the shared master account. Get your LWA refresh token →

Eligibility Overrides

Force a specific ASIN or brand to force_eligible (you have a brand grant Amazon's API doesn't surface) or force_ineligible (your "do-not-source" list). Overrides take precedence over the cache and live SP-API result.

IP Complaint History

Track copyright, trademark, patent, and authenticity complaints Amazon has issued against your seller account. Open complaints hide the matching ASINs and brands from your Top Opportunities (when ENABLE_COMPLAINT_FILTER is on). Upload a CSV export from Seller Central or add manually.

Open complaints 0 of 0 total

Notifications

Send alerts to a Discord channel when new Green-light products land in your dashboard (score ≥ 7.0, 100+ monthly sales, 2+ sellers, Amazon not in buy box). How do I create a webhook?

Webhook URL

Enable alerts Off

Active source —

Plans

Switch plans any time. Pro-rated to your billing cycle by Stripe.

Shared catalog savings

Aggregate platform stats from the shared-pool architecture.

—

Keepa tokens saved

—

Estimated $ saved

—

Multi-tenant hits

—

ASINs cached

Brand Intelligence

All brands detected in your scan data — ungated brands are highlighted.

Quick Picks

/	Focus search
j / k	Navigate rows down / up
Enter	Open product detail
s	Toggle watchlist star
Esc	Close modal / dialog
%s	Show this help

Scan Amazon's top sellers. Find your next product.

Choose a plan

Hit Scan

Watch enrichment fill in

Review the Top Opportunities

Everything you need to flip on Amazon

Autonomous scans, real Amazon data

90 days of Keepa history per product

Smart filtering & export

Brand manager

Discord alerts

Ready to run your first scan?

Simple, Transparent Pricing

Scout

Pro

Enterprise

Common questions

Run a scan.

Start your first scan

Products

Insights

History

Take the interactive tour

Getting Started

How It Works

Starting a Scan

Dashboard Sections

Overview

Data Quality

Product Intelligence

Products Tab

Keyboard Shortcuts

Product Detail Modal

Keepa Historical Data

Keepa Metrics Explained

Keepa API — Important Notice

Green Light Score Guide

Score Interpretation

Data Export

Tips & FAQ

Who We Are

Our Mission

What We Do

Wholesale Distribution

Product Intelligence

Multi-Channel Fulfillment

Compliance & Licensing

Company Details

Organizational Structure

Wholesale Distribution

Amazon FBA Fulfillment

DistroTrack Intelligence Platform

Compliance Management

Market Intelligence & Analytics

Multi-Channel Strategy

Authorized Brands

Brand Relationship Overview

Authorized Distribution

Ungated Access

Category Diversity

Continuous Expansion

How Brand Data Integrates with DistroTrack

Compliance Overview

Compliance Practices

Regulatory Monitoring

Documentation Management

Amazon Policy Compliance

Brand Authorization

What Is ADAW Scanner?

How Scanning Works

Phase 1 — Seed the queue

Phase 2 — Eligibility check (per-ASIN, serial)

Phase 3 — Wave 1 (pricing + catalog, parallel)

Phase 4 — Wave 2 (fees + offers, parallel)

Early skip-outs

Sales estimation tiers

BSR Formula (NONE-tier fallback)

Scoring & Green Light System

Hard Rejects (Instant Red)

Weighted Components (0-10 scale)

Live Refresh (`update=1`)