Login and sessions
Authenticated workspace routes are protected by request security checks. Session state and CSRF tokens help reject unsafe form submissions.
Security
Security for a seller operations workspace
Evargo is designed so signed-out visitors see marketing and information pages, while marketplace data remains behind login and ownership checks.
Account ownership
Seller data is scoped to the current user and connected accounts. Operational pages are not intentionally exposed to signed-out visitors.
Integration checks
External callbacks, webhooks, cron endpoints, marketplace tokens, Shopify events, and eBay events use dedicated validation or token/HMAC-style guardrails where configured.
Credential handling
Evargo includes services for protecting connected marketplace credentials and keeping sensitive integration settings out of the public marketing site.