Obtain a Bearer token by making a POST request to https://authentication.revelup.com/oauth/token with your client credentials; tokens expire every 24 hours and must be refreshed
Query open orders by sending a GET request to https://[yoursubdomain].revelup.com/resources/Order/ with appropriate query parameters to filter by location and order state
To receive real-time updates, configure a webhook URL in the Revel management console; Revel will POST event payloads to your URL when configured events occur
Verify incoming webhook authenticity by computing an HMAC-SHA1 hash of the payload using your shared secret key and comparing it to the hexadecimal value in the X-Revel-Signature header of the inbound request
Parse the webhook payload to extract the resource type and changed fields, then fetch the full updated record via the corresponding REST endpoint if the full object is needed
Implement token refresh logic before the 24-hour expiry to avoid interrupting webhook processing or polling cycles
Known gotchas
The Bearer token is shared across all merchants in a single Revel integration and expires every 24 hours; missing the refresh window will break all API calls until a new token is obtained
Webhook signature uses HMAC-SHA1, not HMAC-SHA256; use the correct algorithm when computing the expected signature for comparison
The legacy API base URL uses [yoursubdomain].revelup.com while the modern API platform uses api.revelsystems.com; confirm which base URL applies to your resource type
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp