> ## Documentation Index
> Fetch the complete documentation index at: https://docs.connectstrata.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Punchh

> Provider ID: `Punchh`

## Getting Started

### Webhook Setup

Punchh uses outbound webhooks to send event data to Strata in real-time.

<Steps>
  <Step title="Enable Webhooks for your Business">
    Webhooks management must be enabled for your business in the Punchh platform. Contact your Punchh representative to update this configuration.

    <Note>
      If you cannot see **Inbound Webhooks** or **Outbound Webhooks** in the left navigation menu, webhooks have not been enabled for your business.
    </Note>
  </Step>

  <Step title="Configure Webhooks in Punchh">
    Follow the [Configure Webhooks](https://support.punchh.com/s/article/Webhooks#Configure) guide on the Punchh Support Portal to set up webhooks for your business.

    When configuring your webhook, use the Strata webhook URL provided in your integration settings and select **HMAC-SHA256** as the authentication method.

    <Info>
      To view Punchh product documentation on the Support Portal, you must be logged in to a Punchh production environment. See [these instructions](https://support.punchh.com/s/article/How-do-I-access-the-Punchh-Support-Portal-Single-Sign-On) for access.
    </Info>
  </Step>
</Steps>

### Webhook Security

Punchh supports the following authentication methods:

| Auth            | Description                                                                    |
| --------------- | ------------------------------------------------------------------------------ |
| **Basic**       | `Authorization: basic base64(USERNAME:PASSWORD)`                               |
| **Bearer**      | `Authorization: bearer TOKEN`                                                  |
| **HMAC-SHA1**   | `Authorization: hmac sha1(URI+BODY, SECRET)` with `x-pch-key: CLIENT` header   |
| **HMAC-SHA256** | `Authorization: hmac sha256(URI+BODY, SECRET)` with `x-pch-key: CLIENT` header |

<Warning>
  Using no authentication is not recommended. Always select one of the methods above.
</Warning>
