Talk to us
The platform

Production infrastructure. Live in weeks, not years.

Exchange is the conversion lever. Clearance is the margin recovery. Both run on Repurch — headless, multi-brand, API-first infrastructure already in production on a real UK marketplace with 100,000+ registered buyers, ~3M monthly page views, 22,000+ live listings, and two years of fraud-pattern data baked in. Not a greenfield rebuild. Not slideware. Hardened on actual traffic. Your engineering team plugs in via documented APIs, not bespoke integration projects.

Talk to engineering See the architecture
Architecture

Headless front-of-house. Hardened back-of-house. Brand-context on every byte.

A Next.js front-end on Vercel for the partner-facing surfaces. A versioned REST API on top of a battle-tested WordPress core for the marketplace mechanics, escrow, anti-scam, and PHP IP we won't compromise. Multi-brand from byte one.

Tier 1 · Partner-branded surfaces
Next.js front-ends on Vercel — exchange.brand-a.co.uk, clearance.brand-a.co.uk, your domain & your tokens. Plus Sofalistic.co.uk on the same architecture.
Tier 2 · Gateway & auth
Repurch API Gateway v1 — JWT auth, brand-context propagation, per-partner rate limits, Redis edge cache.
REST · GraphQL 99.97% SLA Webhooks SDKs OpenAPI
Tier 3 · Core services · brand-context-aware
  • Listings · brand_id-aware · 22K+ live, multi-brand
  • Anti-scam · 322-test validator · PHP, 2yr UK data
  • Escrow & payouts · PayPal Commerce · reconciliation report
  • Messaging · validated, audited, dispute-ready
  • Credit ledger · per-partner accounting · webhook on issuance
Tier 4 · Storage
WP core · S3 · Redis · Postgres (Phase 3+)
Multi-brand from byte one

Brand-context is a first-class column. Not a feature flag.

Every listing, every user, every transaction, every message carries a brand_idsofalistic today, yours alongside when you join. Your data sits isolated from every other partner from byte one.

  • Data isolation by design. Per-partner queries filter on brand_id at the database level — not at the application boundary.
  • Cross-listing rules contractual. Default: partner-originated listings appear on both partner portal and main marketplace. Configurable per category.
  • No shared-state surprises. Each partner's settings, branding, fees, support routing are independent. One partner's config change can never affect another.
  • Partner-2 onboarding target: as little as 7 days. Not 12 weeks. The multi-brand architecture is the reason — the platform already exists.
LISTINGS TABLE · BRAND-CONTEXT INDEXED id brand_id title price status 4218 brand_a Carlton 3-seat grey £640 active 4217 brand_a Belmont corner mink £820 active 4216 sofalistic Vintage chesterfield £450 active 4215 brand_b Linden 2-seat sage £380 active 4214 sofalistic L-shape modular £890 pending 4213 brand_a Aria recliner £480 active -- query for brand_a only -- SELECT * FROM listings WHERE brand_id = 'brand_a' -- 14ms · 3 results
API-first integration

Standard REST. JWT. OpenAPI. Sandbox on day one.

Versioned REST API. Optional GraphQL. Webhooks. Per-language SDKs. Full OpenAPI spec. Sandbox keys on day one. No bespoke retailer integration projects — your engineers consume documented, stable contracts.

REST + GraphQL

REST for everything. Optional GraphQL for query-heavy partner dashboards. Versioned URLs (/v1/) with explicit deprecation windows.

Webhooks for every event

Listing created, listing sold, credit issued, dispute opened, payout settled — every state change pushed to your endpoint with retries, signatures, and replay support.

OpenAPI spec

Machine-readable contract for every endpoint. Auto-generated SDKs for TypeScript, PHP, Python. Postman collection on request.

Sandbox keys, day one

Full sandbox environment from the kick-off call (after signed Heads of Terms, before final MSA). Your engineers integrate against a working API while we run the contracting workstream in parallel.

Idempotency & retries

Idempotency keys on every mutation. Built-in retry budget on webhooks. Engineered for partners running their own integration tier.

Works with your existing stack

Salesforce Commerce Cloud, Shopify Plus, BigCommerce, Magento, SAP Hybris — Repurch's credit-redemption API plugs into the standard promo-code layer every modern ecommerce platform already supports. No bespoke connector build required.

Security & compliance

Compliance-native. Payments-regulated. SOC 2 path. Built for InfoSec scrutiny.

Built for partners with mature InfoSec teams. JWT auth with short-lived tokens, refresh rotation, and per-partner key isolation. PayPal Commerce Platform for regulated payment flows and seller-of-record handling. Regional data residency configurable per partner. SOC 2 audit on the compliance roadmap; engagement scoped pre-launch.

  • Regional data residency. Customer PII, listings, messages, and transactions stored in your partnership’s contracted region. Cross-border processing only with documented consent.
  • JWT auth, per-partner keys. Compromised partner credentials can’t pivot to other partners. Token rotation enforced.
  • Third-party penetration testing programme. Scoped as part of the Phase 1 launch plan. Cadence, scope, and report-sharing terms shared under NDA in commercial discussions.
  • GDPR + UK consumer rights. Joint-controllership contracting available. Data-portability and erasure endpoints in API. DPIA support provided as part of partner onboarding.
Security posture
Live
Data Residency
Multi-region
ACTIVE · DEFAULT POLICY
SOC TYPE 1
SOC 2 path
Roadmap scoped
ENGAGEMENT TBC · UNDER NDA
Security event log · last 24h
streaming…
JWT rotation completed 02:14 UTC
Backup verified · primary + DR 02:00 UTC
Anomaly scan · no findings 00:00 UTC
Dep audit · 2 minor, queued Yesterday
Pen-test remediation closed 2d ago
Scale & reliability

Built for enterprise-scale throughput. From day one.

Every part of the platform is sized for enterprise listing volumes from the architecture upward — not retrofitted under partner load. Redis edge cache, S3 image pipelines, multi-region failover, observability baked in. Sized to grow with you, not throttle when you ramp.

Redis-backed caching

Hot listing surfaces cached for read-heavy partner load. Tunable invalidation tuned per partner traffic profile.

Object-storage + CDN image delivery

Architecture sized for object-storage + CDN-edge image delivery. Designed to remove the WP media-library bottleneck under partner-scale image volume.

Multi-region resilience

Cross-region replication architected into the platform. Recovery objectives (RPO / RTO) agreed contractually per enterprise partner.

Enterprise SLA tier

Specific uptime commitment, public status page, and incident post-mortem cadence agreed contractually per enterprise partner.

Per-partner observability

Per-partner dashboards, traces, error budgets architected in from the start. Webhook alerts to your incident-management tooling.

Per-partner rate limits

Per-partner request quotas, burst capacity, queue-based smoothing. One partner's traffic spike can't degrade another's.

Built on a real marketplace

Built on a working marketplace. Evolved, not rebuilt.

Sofalistic has 100,000+ registered buyers (growing daily), ~3M monthly page views, 22,000+ live listings, real SEO, irreplaceable PHP IP (especially the 322-test anti-scam validator), and two years of UK marketplace data. We're not asking you to bet on a rebuild — we're asking you to plug into a platform that already works at consumer scale, hardened for partner load.

  • No SEO collapse risk. Existing marketplace SEO is preserved. New partner surfaces live alongside, not instead of.
  • No rewrite risk. Battle-tested PHP IP (anti-scam, messaging, listings) stays where it is, exposed via API.
  • Live and configurable. Production today. Your branded portal renders day one; full partner integration in as little as 7 days. There's nothing to wait for.
  • Handoff-friendly from day one. ADRs, OpenAPI, conventions doc, real test suite. Hand to a new engineering team and they're shipping in two weeks.
PLATFORM STATUS LIVE In production Marketplace · live UK traffic since 2024 Anti-scam validator · 322 tests, 2yrs UK fraud data Escrow & payouts · PayPal Commerce Multi-brand API · brand-context per partner Two-man furniture delivery · pre-integrated network ESG reporting · Scope 3, GRI-aligned Partner onboarding Day 1 · Sandbox API keys + OpenAPI spec Week 1 · Branded portal scaffolded against existing surfaces 7 days · Full integration, partner live in production Nothing to build. Integration only.
Common questions

What engineering & procurement teams ask first.

Where does our customer data live?

Production today is EU-region (Amsterdam, NL) with documented DR posture. Cross-border processing for UK customers is covered by the UK–EU adequacy decision and Standard Contractual Clauses. UK-specific or other regional data residency available per partner contract where procurement requires it — per-jurisdiction segregation by design.

What's the integration effort on our side?

Minimal. Credit redemption is the headline: Repurch issues a single-use code in the seller's dashboard the moment their listing sells. The customer pastes it into the same promo-code / store-credit field you already have at checkout. Your team adds one API call (POST /v1/codes/redeem) — we return validity and the £-amount, you apply it. No new loyalty system, no new identity layer, monthly reconciliation report. Optional add-ons for Anchor-tier partners: SSO via JWT against your IdP, webhook push into your existing loyalty platform, CRM event sync. A single engineer can ship the MVP integration in 1–2 weeks of part-time work.

How does deployment work?

Continuous-deployment pipeline behind per-partner feature flags. Sandbox + staging + production environments. No release windows — features deploy dark and activate per-partner, so you see what’s shipping before it goes live in your portal.

What's your incident response posture?

24/7 on-call coverage. P1 acknowledgement, status-page update, and post-mortem cadence committed contractually per partner tier. Major-incident comms tree pre-agreed with each partner.

Can we export our data?

Yes — bulk exports of your partner data on demand. Automated snapshot exports configurable per partner contract. Standard data-portability + data-erasure endpoints in the API for the GDPR-compliance flows you need to expose.

What happens at end-of-contract?

Pre-agreed exit clauses. Data export, branded surface migration assistance, buyer-network handoff terms. Designed so partners can leave cleanly — we'd rather earn renewal on value than retention via lock-in.

Want to put your engineering team on the platform?

We'll walk through the architecture in detail, share the OpenAPI spec, and stand up a sandbox environment for your team to integrate against. Engineering-to-engineering.

Talk to us See the economics