Webhooks are endpoints that Deliverect will call. It's up to the integration partner to ensure that these are hosted on their domain. This URL can be configured per location in Deliverect.
We will also send an HMAC header that can be used to verify that orders are indeed coming from Deliverect. The HMAC secret is configured for every integration partner and will be communicated to you in a secure way. Before an HMAC secret is assigned to you, the request is signed using the channelLinkId as HMAC secret. Before certifying the integration, a secure HMAC secret should be set.
More than one reporting endpoint can be configured. This way, the data can be sent to multiple systems (for example the POS, an accounting system, etc.). At the moment, we only support one secret key per customer, not per reporting endpoint.