Verify Orders Received by a Webhook

How orders are sent to a POS from Deliverect

We send orders from online channels to a POS via an order webhook. View a guide on how to configure the webhook.

Verify orders are coming from Deliverect

Each call made to your order webhook includes an HMAC header (a hash signature that we set based on the payload and a secret). It allows you to validate that we are the ones calling your endpoints. We use the SHA256 cryptographic hash function to calculate it.

The HMAC secret is configured for every integration partner and securely communicated to you when you move to our production environment. In our staging environment, the requests are signed using the channelLinkId as the HMAC secret. The channelLinkId is the ID of the channel linked to the location of your staging account.


When calculating the HASH on your end, make sure you do this based on the payload as received and don't process, parse, or otherwise modify it beforehand.

Various online resources further explain HMAC (e.g., Wikipedia).

Verify an HMAC

You can use an online checker to verify an HMAC (e.g.,