Technical Deep Dive
Patent-Pending Broker Architecture.
AES-256 Credential Isolation.
Your OAuth tokens never touch your CMS. The broker holds everything, encrypted at rest, mediating every authenticated request.
Patent Pending · U.S. App. No. 19/440,404
How the Broker Architecture Works
Sources & Destinations Connect
You connect your creative tools (Lightroom, Figma, Canva) and your CMS destinations (WordPress, Shopify, etc.). Both sets of credentials travel to the broker — never stored in your browser, plugin, or CMS database.
Broker Encrypts & Isolates
AES-256 encryption at rest. Source OAuth tokens and destination API credentials are stored separately in the broker's isolated credential vault. Your license key is the only reference — no raw tokens in any API response.
Broker Fetches & Delivers
When syncing, the broker uses source credentials to download your assets and destination credentials to upload them. Each credential only touches its own system — source tokens never reach your CMS, CMS keys never reach your creative tools.
MCP: Same Security, Conversational Control
When using Claude AI via MCP, a per-account token authenticates your session to the broker. Claude never sees your source OAuth tokens or destination API keys — it sends commands, and the broker executes them using the same encrypted credential vault. The security model is identical whether you click a button or type a message.
Security Layers
AES-256 Encryption at Rest
Every OAuth token is encrypted before storage using the same standard that protects classified government data.
Credential Isolation
Source credentials and destination credentials are stored separately. Compromising one does not expose the other.
No Plugin-Side Credentials
Unlike every sync plugin on the market, Syncific stores zero credentials in WordPress, Shopify, or any CMS database.
Per-Installation License Keys
Each Syncific installation communicates with the broker via a unique license key — never a raw OAuth token. Keys can be revoked instantly.
Audit Logging
Every credential access, token refresh, and asset delivery is logged. Full audit trail for compliance.
Patent-Pending Architecture
U.S. Patent Application No. 19/440,404 covers the broker pattern, multi-surface activation, and credential isolation.
Broker vs. Plugin-Stored Credentials
| Syncific Broker | Typical Plugin | |
|---|---|---|
| Credential storage | Encrypted broker server | CMS database (often plaintext) |
| Encryption standard | AES-256 at rest | Varies (often none) |
| Plugin has raw tokens? | Never | Always |
| Attack surface | 1 hardened broker | N CMS databases |
| Token revocation | Instant, centralized | Per-plugin, manual |
| Audit trail | Full logging | Usually none |
Frequently Asked Questions
What is a broker architecture for creative asset publishing? +
A broker architecture places a secure intermediary server between creative tools and CMS destinations. The broker holds all OAuth credentials server-side, encrypted at rest. Neither the creative tool nor the CMS plugin ever handles raw credentials — the broker mediates every authenticated request on behalf of both sides.
Why is storing OAuth credentials in a CMS plugin a security risk? +
CMS plugins store credentials in the site's database, often in plaintext or weakly encrypted. If the database is compromised, every connected service's credentials are exposed simultaneously. A broker eliminates this by ensuring credentials never reach the plugin layer at all.
How does Syncific's broker protect my credentials? +
Syncific's broker encrypts all OAuth tokens at rest using AES-256. Credentials are stored only on the broker server — never in WordPress, Shopify, or any other destination. The plugin or web app communicates with the broker using a per-installation license key, not the raw OAuth token.
Is Syncific's broker architecture patented? +
Syncific's broker-based OAuth architecture for creative asset synchronization is patent pending under U.S. Patent Application No. 19/440,404, filed with priority date December 9, 2025. The application covers the broker pattern, multi-surface activation, and credential isolation architecture.
What does AES-256 encryption at rest mean for my credentials? +
AES-256 is the encryption standard used by governments and financial institutions for classified data. 'At rest' means credentials are encrypted when stored on disk — even if the broker's storage were compromised, credentials would be unreadable without the encryption key, which is stored separately.
What is the single-token multi-surface activation pattern? +
This is a novel pattern covered in Syncific's patent continuation matter. A single authentication event on one surface (such as connecting Syncific inside Claude.ai) simultaneously activates the agent inside multiple surfaces (such as the WordPress dashboard and the Syncific web app) without requiring separate login flows on each.
How is Syncific's security different from a direct API integration? +
A direct API integration stores credentials in the application using them — meaning each WordPress plugin, each Shopify app, and each CMS connector holds its own copy of your OAuth tokens. Syncific centralizes credential storage in one hardened broker, reducing the attack surface from N credential stores to one, with AES-256 encryption and audit logging at every access point.
The only creative asset platform built on a patent-pending broker architecture.
No plugin required on destination sites. Cancel anytime.