How Unific Works

What Authentication & Security protocols does Unific use?

We use industry standard authentication and security protocols to make sure the data is not compromised.

1. Shopify -> Unific

We use OAuth 2.0 protocol to connect with Shopify which is the industry-standard protocol for authorization. You can get more information about the protocol here:

We also take specific security measures so that no 3rd party can modify the data.

  • {nonce} - A randomly selected value provided by Unific, which is unique for each authorization request. During the OAuth callback phase, Unific checks that this value matches the one we provided during authorization.
  • Each webhook request includes a base64-encoded X-Shopify-Hmac-SHA256 header, which is generated using the app's shared secret along with the data sent in the request. We verify each request came from Shopify and compute the HMAC digest by following a crypto algorithm and check to make sure that the data has not been compromised.

2. Unific

All Unific backend services are hosted on our own Virtual Private Cloud (VPC).

3. Unific -> HubSpot

We use OAuth 2.0 protocol to connect with HubSpot which is the industry-standard protocol for authorization and the data will be transmitted over HTTPS.

Our HubSpot access tokens are short lived. We refresh the Access tokens every 2 hours which invalidates the previous tokens.