Verify Orders Received by a Webhook
How orders are sent to a POS from Deliverect
We send orders from online channels to a POS via an order webhook. View a guide on how to configure the webhook.
Verify orders are coming from Deliverect
Each call made to your order webhook includes an HMAC header (a hash signature that we set based on the payload and a secret). It allows you to validate that we are the ones calling your endpoints. We use the SHA256 cryptographic hash function to calculate it.
The HMAC secret is configured for every integration partner and securely communicated to you when you move to our production environment. In our staging environment, the requests are signed using the channelLinkId
as the HMAC secret. The channelLinkId
is the ID of the channel linked to the location of your staging account.
When calculating the HASH on your end, make sure you do this based on the payload as received and don't process, parse, or otherwise modify it beforehand.
Various online resources further explain HMAC (e.g., Wikipedia).
Verify an HMAC
You can use an online checker to verify an HMAC (e.g., FreeFormatter.com.
Updated 11 months ago