Skip to main content

Additional Security Layer

Hello Screens has an optional layer of security that would, if enabled, only allow authorized users to register new orders. Additionally, only requests with a valid userToken can update existing orders. This feature works in tandem with the existing security requirement of a valid x-bluedot-api-key to be provided with any requests to create/ modify an order.

If you want to enable this feature for your account please contact our team at

When this security feature is enabled, you will need:

1. A valid accessToken to register an order in Wave API.
2. To include the userToken (returned when registering the order) with any subsequent requests to update the order either through Point SDK or Wave API.

Authorising a Register Order request

Requests to register a new order using Wave API /hello/register endpoint will require a valid accessToken in the Authorization headers of the request (In addition to x-bluedot-api-key).

To get an accessToken you need to authenticate via Config API /sessions endpoint. To learn more check Config API Authentication documentation.

Include the accessToken in the headers of the /hello/register request:

Example header

Authorization: Bearer

You will receive your userToken in the response. This must be included in any subsequent requests made to update this order.

Example response

    "userToken": "abc123"

Make sure to use the Wave API’s endpoint of the region of your account. If you’re not sure which region your account is in, contact our Support Team at

Authorising orders updates

In order to update an order you’ll need to include the userToken in the Custom Event Meta Data of Point SDK or in the body of a Wave API request.

Point SDK

Before starting Tempo, it is necessary to include the userToken in the Custom Event Meta Data along with the other required fields, such as the orderId.

Wave API

When updating the status of a registered order, you’ll need to include the userToken at the root level of the body’s request.

Example Wave API body

    "destinationId": "store-destination-id",
    "userToken": "valid-user-token",
    "customEventMetaData": {
        "hs_orderId": "qwe123",
        "eventType": "onTheWay"