The “Standard” Problem with Non-Standard Auth
In a perfect world, every retail system would use OAuth 2.0. You’d fetch a token, refresh it when needed, and move on with your day.
But retail isn’t a perfect world. It’s a landscape of:
- Legacy ERPs that only accept a static custom header or basic base64 encoded credentials.
- Homegrown WMS systems requiring complex HMAC signatures or signed requests for every call.
- On-premise middleware using non-standard “multi-step” auth flows.
For a developer, these systems are “special snowflakes.” They require bespoke code, manual credential handling, and constant maintenance. When authentication logic lives inside a custom script, the integration becomes brittle and difficult for anyone else to manage.
Real-World Friction: When One-Click Becomes Two-Weeks
We’ve all seen it: a project looks simple until you realise the ERP requires a session ID from an auxiliary “handshake” endpoint before you can even query stock levels.
- The Microsoft Dynamics Challenge: Integrating with Dynamics 365 Commerce often involves managing Microsoft Entra service-to-service authentication, device tokens for POS, and specific identity providers—all while ensuring e-commerce sites can retrieve order history without a hitch.
- The NetSuite Narrative: Brands like Belstaff use NetSuite as their single system of record. Coordination between headless Shopify storefronts and NetSuite requires a backbone that ensures real-time data flows without the “handshake” failing during peak trading like Black Friday.
Why Bespoke Auth Logic is a Liability
When you’re forced to write custom code just to connect to a system, you’re inheriting significant technical debt:
- Security Risk: Hard-coding logic or storing keys across various services is an audit nightmare.
- Maintenance Debt: If the legacy system changes its signature requirements, you have to dig into code to find where the handshake is failing.
- Lack of Visibility: When a “401 Unauthorised” hits, is it an expired token or a malformed signature?
The Solution: Standardising the Bespoke
The goal isn’t to force your legacy system to change; it’s to wrap it in a modern layer that makes it behave like a standard API.
In the Patchworks Connector Builder, custom authentication is a first-class citizen. Instead of writing a one-off script, you define the authentication flow once at the connector level.
What this looks like in practice:
- Dynamic Header Injection: Need to pass custom headers like X-Patchwork-State or proprietary keys? You define that logic once and it’s applied across all endpoints.
- Automated Handshakes: If your system requires a pre-request call to get a session ID, Patchworks can manage that multi-step flow and inject the result into every subsequent call automatically.
- Protocol Flexibility: Whether it’s SOAP for mature enterprise systems, GraphQL for precision queries, or SFTP for bulk data transfers, the auth is managed centrally regardless of the protocol.
The Architecture: Connect Once, Integrate Everywhere
By moving authentication out of the flow and into the Connector, you change the operational reality for your dev team.
| Traditional Custom Build | The Patchworks Approach |
| Auth logic is duplicated in every script. | Auth is defined once at the Connector level. |
| Silent expiry stops data flows. | Refresh cycles are handled automatically. |
| Debugging requires checking multiple logs. | Full visibility into auth issues in one dashboard. |
| Repetitive and time-consuming. | Faster implementation and fewer failure points. |
Final Thought: Authentication Should Be Boring
Authentication isn’t where your team creates value—it’s just the price of entry. It should be a solved problem that quietly works in the background so you can focus on the actual business logic of your retail orchestration.
Stop fighting with legacy connections. Make your auth “boring” again.
Want to see how it works in practice?
👉 Watch a demo: https://www.wearepatchworks.com/pages/watch-a-demo
👉 Explore the docs: https://doc.wearepatchworks.com/
👉 Talk to the team: https://wearepatchworks.com/contact/
