| Time | Status | User Agent | |
|---|---|---|---|
Retrieving recent requestsā¦ | |||
API Credentials
Deliverect uses OAuth 2.0 for API authentication. When a partner is registered, a client_id and client_secret are issued for use in the staging environment. These credentials are used to obtain an access_token, which must be included as a Bearer token in the Authorization header of all API requests.
ā Production credentials are issued only after an integration has been certified by Deliverect. Once certified, a separate set of credentials are provided, granting API access to each of your connected customer accounts in our production environment.
ā ļø Do not share your credentials. They allow access to all customer accounts connected to your partner integration.
š Token Expiry & Caching
Access tokens expire at the time specified in expires_at. Always cache and reuse tokens until expiry. Do not request a new token for every API call.
Use the access_token as a Bearer token in the Authorization header when making API requests:
Authorization: Bearer your-access-tokenYou can inspect the token structure using jwt.io
Scopes
Scopes define the permissions associated with your access token (e.g., POS, Channel, Store Dispatch).
For a complete list of available scopes, see link here
Webhooks & HMAC Authentication
Deliverect signs all outbound webhook requests using HMAC authentication.
Refer to the HMAC Authentication Guide for implementation details:
https://developers.deliverect.com/reference/hmac-authentication