Authentication

A client_id and client_secret are unique credentials provided to any partner beginning an integration with Deliverect. These can be used to access all customer accounts which we've connected to your partner account.

If you have already been provided a partner account and credentials, you can obtain an OAuth token with our Machine to Machine token endpoint and begin making calls with our API.

Don't forget to cache this token. You should only request a new one when your current one has expired.

You can use this tool to see the contents of the token.

Only certified integrations will be provided partner credentials for our production environment.

Never share your partner credentials with anyone else

📘

API Credentials

Please be aware that we provide one clientId and one clientSecret which allows access to all connected customer accounts and these credentials don't change per integrated account.

When we call your endpoint

With every call we make to an endpoint on your system, we include an HMAC header. HMAC stands for Keyed-Hashing for Message Authentication code and is a HASH signature that we set based on the payload and a pre-shared secret.

We use the SHA256 cryptographic hash function to calculate the hash which will allow you to validate that we are the ones calling your endpoints.

HMAC secrets can only be provided on request for certified partners added to the Deliverect platform. Prior to being certified, requests are signed with the HMAC secret being substituted by either;

• channelLinkId (present in most calls to partner endpoints)
• locationId (applicable to Dispatch API integrations only)

For more information about HMAC and how it works please visit wikipedia

🚧

When calculating the HASH on your end, make sure you do this based on the payload as its received and don't process, parse or otherwise touch it before doing so.