Forem: CyberSolo The latest articles on Forem by CyberSolo (@cybersolo). https://forem.com/cybersolo https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3647004%2Fc87f9b82-148d-49d9-bef9-c71cfac70c84.png Forem: CyberSolo https://forem.com/cybersolo en Building a Production-Ready Data Marketplace: Architecture, Security, and Lessons Learned CyberSolo Thu, 04 Dec 2025 20:48:04 +0000 https://forem.com/cybersolo/building-a-production-ready-data-marketplace-architecture-security-and-lessons-learned-1l08 https://forem.com/cybersolo/building-a-production-ready-data-marketplace-architecture-security-and-lessons-learned-1l08 <p>After building three different data marketplaces over the past two years, I noticed a pattern: every project spent 4-6 weeks rebuilding the same infrastructure before we could focus on the actual product. Payment processing, token encryption, access control, concurrency handling - it's the same problems over and over.</p> <p>So I built <strong>UDAM</strong> (Unified Data Marketplace) - an open-source backend that provides all this infrastructure out of the box. In this article, I'll share the technical decisions, challenges, and solutions that went into it.</p> <h2> The Problem Space </h2> <p>Building a marketplace seems straightforward until you start coding:</p> <ul> <li> <strong>Payments</strong>: Integrating Stripe, handling webhooks, managing checkout sessions</li> <li> <strong>Security</strong>: Encrypting API keys, managing sessions, preventing attacks</li> <li> <strong>Concurrency</strong>: Preventing overselling when multiple buyers compete for the last unit</li> <li> <strong>Access Control</strong>: Issuing tokens, managing permissions, handling revocation</li> <li> <strong>Testing</strong>: Ensuring everything works reliably in production</li> </ul> <p>Each of these is a mini-project in itself. UDAM solves all of them.</p> <h2> Architecture Overview </h2> <p>UDAM follows a classic three-tier architecture, but with specific design choices optimized for marketplace needs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────┐ ┌──────────────┐ ┌─────────────┐ │ Frontend │─────▶│ Backend │─────▶│ PostgreSQL │ │ (Next.js) │ │ (Node.js) │ │ Database │ └─────────────┘ └──────────────┘ └─────────────┘ │ ▼ ┌──────────────┐ │ Stripe │ │ Payments │ └──────────────┘ </code></pre> </div> <h3> Tech Stack Choices </h3> <p><strong>Backend: Node.js + Express</strong></p> <ul> <li>Fast iteration for marketplace logic</li> <li>Excellent Stripe SDK support</li> <li>Large ecosystem for future extensions</li> </ul> <p><strong>Database: PostgreSQL</strong></p> <ul> <li>ACID transactions (critical for payments)</li> <li>Row-level locking (prevents race conditions)</li> <li>Mature, battle-tested in production</li> </ul> <p><strong>Frontend: Next.js</strong></p> <ul> <li>SSR capability for SEO (marketplace discoverability)</li> <li>Intentionally minimal - easy to customize</li> <li>API-first design</li> </ul> <h2> Deep Dive: Token Encryption </h2> <p>One of the most critical features is secure storage of API keys and credentials.</p> <h3> The Challenge </h3> <p>Sellers provide API keys that buyers need to access their services. These keys must be:</p> <ol> <li>Encrypted at rest (database compromise shouldn't expose keys)</li> <li>Decryptable for legitimate buyers (they need the actual key)</li> <li>Never logged or cached in plaintext</li> </ol> <h3> The Solution: AES-256-GCM </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">crypto</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">crypto</span><span class="dl">'</span><span class="p">);</span> <span class="kd">function</span> <span class="nf">encryptToken</span><span class="p">(</span><span class="nx">apiKey</span><span class="p">,</span> <span class="nx">masterKey</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">iv</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomBytes</span><span class="p">(</span><span class="mi">16</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cipher</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">createCipheriv</span><span class="p">(</span><span class="dl">'</span><span class="s1">aes-256-gcm</span><span class="dl">'</span><span class="p">,</span> <span class="nx">masterKey</span><span class="p">,</span> <span class="nx">iv</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">encrypted</span> <span class="o">=</span> <span class="nx">cipher</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="nx">apiKey</span><span class="p">,</span> <span class="dl">'</span><span class="s1">utf8</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="nx">encrypted</span> <span class="o">+=</span> <span class="nx">cipher</span><span class="p">.</span><span class="nf">final</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">authTag</span> <span class="o">=</span> <span class="nx">cipher</span><span class="p">.</span><span class="nf">getAuthTag</span><span class="p">();</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">encrypted</span><span class="p">,</span> <span class="na">iv</span><span class="p">:</span> <span class="nx">iv</span><span class="p">.</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">),</span> <span class="na">authTag</span><span class="p">:</span> <span class="nx">authTag</span><span class="p">.</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">)</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <p><strong>Key Points:</strong></p> <ul> <li> <strong>GCM mode</strong>: Provides both encryption and authentication</li> <li> <strong>Random IV</strong>: Each encryption uses a unique initialization vector</li> <li> <strong>Auth tag</strong>: Detects tampering attempts</li> <li> <strong>Master key</strong>: Stored securely in environment variables (never in code)</li> </ul> <p>This approach means even if someone gets database access, they can't decrypt the API keys without the master key.</p> <h2> Concurrency Control: The Overselling Problem </h2> <p>Here's a scenario that will break naive implementations:</p> <ul> <li> <strong>T=0</strong>: Listing has 1 unit available at $10</li> <li> <strong>T=1</strong>: Buyer A starts purchase</li> <li> <strong>T=2</strong>: Buyer B starts purchase (sees 1 unit still available)</li> <li> <strong>T=3</strong>: Buyer A completes purchase (units → 0)</li> <li> <strong>T=4</strong>: Buyer B completes purchase (units → -1) ❌ OVERSOLD!</li> </ul> <h3> The Solution: Row-Level Locking </h3> <p>PostgreSQL's <code>FOR UPDATE</code> clause is our hero:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">BEGIN</span><span class="p">;</span> <span class="c1">-- Lock the row for this transaction</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">listings</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="o">=</span> <span class="err">$</span><span class="mi">1</span> <span class="k">FOR</span> <span class="k">UPDATE</span><span class="p">;</span> <span class="c1">-- Check availability</span> <span class="n">IF</span> <span class="n">available_units</span> <span class="o">&gt;=</span> <span class="n">units_requested</span> <span class="k">THEN</span> <span class="k">UPDATE</span> <span class="n">listings</span> <span class="k">SET</span> <span class="n">available_units</span> <span class="o">=</span> <span class="n">available_units</span> <span class="o">-</span> <span class="err">$</span><span class="mi">2</span> <span class="k">WHERE</span> <span class="n">id</span> <span class="o">=</span> <span class="err">$</span><span class="mi">1</span><span class="p">;</span> <span class="k">INSERT</span> <span class="k">INTO</span> <span class="n">orders</span> <span class="p">(...)</span> <span class="k">VALUES</span> <span class="p">(...);</span> <span class="k">END</span> <span class="n">IF</span><span class="p">;</span> <span class="k">COMMIT</span><span class="p">;</span> </code></pre> </div> <p><strong>How it works:</strong></p> <ol> <li> <code>FOR UPDATE</code> locks the row until transaction completes</li> <li>Other transactions wait for the lock to be released</li> <li>Only one transaction can decrement units at a time</li> <li>Impossible to oversell</li> </ol> <p>We verified this works under load with a CI test that spawns 5 concurrent purchase attempts for 3 available units - exactly 3 orders succeed, 2 fail with "insufficient units".</p> <h2> Payment Flow: Instant vs. Stripe Checkout </h2> <p>To optimize user experience, we support two payment flows:</p> <h3> Instant Token Issuance (Small Orders) </h3> <p>For orders under a configurable threshold (e.g., $5):</p> <ol> <li>Order is created</li> <li>Tokens are issued immediately</li> <li>No payment confirmation needed</li> </ol> <p><strong>Why?</strong> For small amounts, the friction of Stripe checkout hurts conversion more than the risk of fraud.</p> <h3> Stripe Checkout (Large Orders) </h3> <p>For orders above the threshold:</p> <ol> <li>Create Stripe Checkout session</li> <li>Redirect user to Stripe</li> <li>Webhook confirms payment</li> <li>Tokens issued after confirmation</li> </ol> <p><strong>Implementation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="nx">totalPrice</span> <span class="o">&lt;=</span> <span class="nx">SMALL_LIMIT</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Instant issuance</span> <span class="k">await</span> <span class="nf">issueTokens</span><span class="p">(</span><span class="nx">orderId</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">payment_requires_confirmation</span><span class="p">:</span> <span class="kc">false</span> <span class="p">};</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c1">// Stripe checkout</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">stripe</span><span class="p">.</span><span class="nx">checkout</span><span class="p">.</span><span class="nx">sessions</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">payment_method_types</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">card</span><span class="dl">'</span><span class="p">],</span> <span class="na">line_items</span><span class="p">:</span> <span class="p">[{</span> <span class="na">price_data</span><span class="p">:</span> <span class="p">{</span> <span class="na">currency</span><span class="p">:</span> <span class="dl">'</span><span class="s1">usd</span><span class="dl">'</span><span class="p">,</span> <span class="na">product_data</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">listing</span><span class="p">.</span><span class="nx">service_name</span> <span class="p">},</span> <span class="na">unit_amount</span><span class="p">:</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">round</span><span class="p">(</span><span class="nx">totalPrice</span> <span class="o">*</span> <span class="mi">100</span><span class="p">)</span> <span class="p">},</span> <span class="na">quantity</span><span class="p">:</span> <span class="mi">1</span> <span class="p">}],</span> <span class="na">mode</span><span class="p">:</span> <span class="dl">'</span><span class="s1">payment</span><span class="dl">'</span><span class="p">,</span> <span class="na">success_url</span><span class="p">:</span> <span class="nx">SUCCESS_URL</span><span class="p">,</span> <span class="na">cancel_url</span><span class="p">:</span> <span class="nx">CANCEL_URL</span> <span class="p">});</span> <span class="k">return</span> <span class="p">{</span> <span class="na">payment_requires_confirmation</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">stripe_checkout_url</span><span class="p">:</span> <span class="nx">session</span><span class="p">.</span><span class="nx">url</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h2> Session Management: Security Without Overhead </h2> <p>Many marketplace tutorials use JWT, but we chose session-based auth:</p> <p><strong>Advantages:</strong></p> <ul> <li>Instant revocation (crucial for logout)</li> <li>Server-side control</li> <li>No token expiration edge cases</li> </ul> <p><strong>Implementation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Login creates session</span> <span class="kd">const</span> <span class="nx">sessionToken</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomBytes</span><span class="p">(</span><span class="mi">32</span><span class="p">).</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="dl">'</span><span class="s1">INSERT INTO sessions (user_id, session_token, expires_at) VALUES ($1, $2, $3)</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">userId</span><span class="p">,</span> <span class="nx">sessionToken</span><span class="p">,</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">(</span><span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="o">+</span> <span class="mi">7</span> <span class="o">*</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">)]</span> <span class="p">);</span> <span class="c1">// Middleware validates session</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">requireAuth</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">?.</span><span class="nf">replace</span><span class="p">(</span><span class="dl">'</span><span class="s1">Bearer </span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span> <span class="dl">'</span><span class="s1">SELECT * FROM sessions WHERE session_token = $1 AND expires_at &gt; NOW()</span><span class="dl">'</span><span class="p">,</span> <span class="p">[</span><span class="nx">token</span><span class="p">]</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">session</span><span class="p">.</span><span class="nx">rows</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">req</span><span class="p">.</span><span class="nx">userId</span> <span class="o">=</span> <span class="nx">session</span><span class="p">.</span><span class="nx">rows</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">user_id</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> </code></pre> </div> <h2> Testing: CI/CD for Critical Flows </h2> <p>We have comprehensive E2E tests running on every push:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">E2E small-limit flow</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">TOKEN=$(curl -X POST /auth/login ...)</span> <span class="s">LISTING_ID=$(curl -X POST /listings ...)</span> <span class="s">ORDER=$(curl -X POST /orders ...)</span> <span class="s">TOKENS=$(curl /tokens ...)</span> </code></pre> </div> <p><strong>What we test:</strong></p> <ul> <li>✅ Full purchase flow (login → create listing → buy → get tokens)</li> <li>✅ Session revocation (logout → can't access protected routes)</li> <li>✅ Concurrency (5 simultaneous purchases for 3 units)</li> <li>✅ Payment webhooks (in dev mode)</li> </ul> <h2> Performance Considerations </h2> <h3> Database Indexes </h3> <p>Critical indexes for marketplace queries:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_listings_status</span> <span class="k">ON</span> <span class="n">listings</span><span class="p">(</span><span class="n">status</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_orders_buyer</span> <span class="k">ON</span> <span class="n">orders</span><span class="p">(</span><span class="n">buyer_id</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_tokens_buyer</span> <span class="k">ON</span> <span class="n">tokens</span><span class="p">(</span><span class="n">buyer_id</span><span class="p">);</span> <span class="k">CREATE</span> <span class="k">INDEX</span> <span class="n">idx_sessions_token</span> <span class="k">ON</span> <span class="n">sessions</span><span class="p">(</span><span class="n">session_token</span><span class="p">);</span> </code></pre> </div> <h3> Query Optimization </h3> <p>The token retrieval query joins three tables efficiently:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">t</span><span class="p">.</span><span class="o">*</span><span class="p">,</span> <span class="n">l</span><span class="p">.</span><span class="n">service_name</span><span class="p">,</span> <span class="n">pgp_sym_decrypt</span><span class="p">(</span><span class="n">t</span><span class="p">.</span><span class="n">encrypted_access_token</span><span class="p">,</span> <span class="err">$</span><span class="mi">2</span><span class="p">)</span> <span class="k">as</span> <span class="n">decrypted_token</span> <span class="k">FROM</span> <span class="n">tokens</span> <span class="n">t</span> <span class="k">JOIN</span> <span class="n">listings</span> <span class="n">l</span> <span class="k">ON</span> <span class="n">t</span><span class="p">.</span><span class="n">listing_id</span> <span class="o">=</span> <span class="n">l</span><span class="p">.</span><span class="n">id</span> <span class="k">WHERE</span> <span class="n">t</span><span class="p">.</span><span class="n">buyer_id</span> <span class="o">=</span> <span class="err">$</span><span class="mi">1</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="n">t</span><span class="p">.</span><span class="n">created_at</span> <span class="k">DESC</span><span class="p">;</span> </code></pre> </div> <h2> Lessons Learned </h2> <h3> What Worked Well </h3> <ol> <li> <strong>Row-level locking</strong>: Zero overselling issues in production</li> <li> <strong>AES-256-GCM</strong>: Provides both security and integrity</li> <li> <strong>Instant vs. Stripe</strong>: Improved conversion for small orders</li> <li> <strong>API-first design</strong>: Easy to build any frontend</li> </ol> <h3> What I'd Do Differently </h3> <ol> <li> <strong>Add caching earlier</strong>: Listing browsing could be cached aggressively</li> <li> <strong>Rate limiting</strong>: Should have been built-in from day one</li> <li> <strong>Better logging</strong>: More structured logs for debugging</li> <li> <strong>GraphQL option</strong>: Some users want more flexible queries</li> </ol> <h3> Common Pitfalls to Avoid </h3> <ol> <li> <strong>Don't store API keys in plaintext</strong> (even with "secure" database access)</li> <li> <strong>Don't skip transaction isolation</strong> (race conditions WILL happen)</li> <li> <strong>Don't trust client-side validation</strong> (always validate server-side)</li> <li> <strong>Don't hardcode secrets</strong> (environment variables from day one)</li> </ol> <h2> What's Next </h2> <p>UDAM is open source (MIT license) and actively maintained. We're looking for contributors in:</p> <ul> <li> <strong>UI/UX</strong>: Creating beautiful frontend templates</li> <li> <strong>Integrations</strong>: Additional payment providers, OAuth, analytics</li> <li> <strong>Security</strong>: Audits, penetration testing, best practices</li> <li> <strong>Documentation</strong>: Deployment guides, tutorials, translations</li> </ul> <p><strong>Check it out:</strong></p> <ul> <li><a href="https://github.com/data-agent-marketplace/data-agent-marketplace" rel="noopener noreferrer">GitHub Repository</a></li> <li><a href="https://github.com/data-agent-marketplace/data-agent-marketplace/blob/main/API.md" rel="noopener noreferrer">API Documentation</a></li> <li><a href="https://github.com/data-agent-marketplace/data-agent-marketplace/blob/main/ARCHITECTURE.md" rel="noopener noreferrer">Architecture Details</a></li> </ul> <h2> Conclusion </h2> <p>Building marketplace infrastructure is complex, but it doesn't need to be custom every time. UDAM provides a production-ready foundation so you can focus on your actual product - the data services you're selling.</p> <p>Whether you use UDAM directly or just learn from the architecture, I hope this article helps you build better marketplaces faster.</p> <p><strong>Questions? Feedback?</strong> Drop a comment or open a GitHub issue. I'm always happy to discuss marketplace architecture!</p> <p><em>Found this useful? Star the repo on GitHub and follow me for more deep dives into building production systems.</em></p> opensource node agents data