Brand integration onboarding

Overview

Brand authentication allows a brand on Wolt to access marketplace APIs for any venue belonging to the brand using a single access token.

This page is intended for brand partners who wish to integrate with Wolt and use brand-level authentication. It covers what partners need to build and how they can test the implementation.

How do I know if I can use Brand Authentication?

You can verify eligibility in the Wolt Merchant Admin by checking if you have access to a Brand-level business entity. Your Wolt account manager will also guide you on the appropriate integration type.

Partner onboarding checklist

To implement the brand integration onboarding flow, you need to implement specific components listed below.

Required information from integration partners

Wolt will need the following details in order to set up everything for you:

Order webhook URL: The URL where Wolt sends order notifications.
Order webhook client secret: A secret key for verifying that order notifications are sent from Wolt.
Order events which trigger notifications: A list of events for which you want to receive notifications. Supported events include CREATED, PRODUCTION, READY, DELIVERED, and CANCELED.
Emails and phone numbers: Contact information for test accounts provided by Wolt, which you can use to test the integration.

All URLs must be encrypted with TLS (https) and have a valid certificate.

What Wolt provides to you

OAuth2 client credentials:
- Includes an initial access_token that you can use to access marketplace APIs.
- Includes everything you need to refresh the tokens: client_id, client_secret, and the initial refresh_token.
Wolt accounts and test venue access: Access to Wolt accounts and test venues for building and testing the integration onboarding flow.
Postman collection: A Postman collection that provides an overview of available endpoints to assist with development and testing.

Authentication

Venues integrated through the brand integration onboarding authenticate with Wolt APIs using OAuth 2.0. As an integration partner, your system will use the authorization code flow to obtain access and refresh tokens. These tokens provide secure access for managing all the venues that belongs to your brand.

For more details on how authentication works, see integration onboarding authentication.

Testing the implementation

During the build stage, Wolt provides several venues for testing your integration. In the development environment, you can perform integration onboarding on test venues as many times as needed.

Verify the access token: Confirm that the access token works by performing the following actions for the venue and its menu.
- Create a menu
- Set the venue's opening hours
- Update the venue’s online status
- Test the order flow:
  - Submit an order from the Wolt test website (accessible via Merchant Admin → Venue → Menu editor → View on Wolt.com, or contact your account manager).
  - Use Adyen test cards (consumer card type) for payment methods.
  - Use the endpoints provided in the Order API to ensure the token works for your specific use case.
Obtain a new access token with the refresh token: Use the refresh token to obtain a new access token.
- Ensure your system does not perform parallel requests to refresh the token.
- Simulate scenarios where your system fails to persist the refresh token, verify fallback mechanisms to prevent token loss.
- Confirm that your system refreshes the tokens within a 30-day window to avoid expiration due to inactivity.
Re-verify the Access Token: Repeat step 1 to confirm that the token continues to function properly.