This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.

Toast-specific HTTP headers

The following table describes the Toast-specific HTTP headers included with webhook events.

Header Description


As a security measure, all webhook messages contain a signature in the Toast-Signature HTTP header. A webhook endpoint uses the Toast-Signature header to confirm that a webhook update message is coming from a known, secure source. See Message signing for more details.


The type of event that has occurred, for example, a partner_added event for the partners webhook or a low_quantity event for the stock webhook.


If the triggering event has occurred at a restaurant, the GUID of that restaurant is included in the Toast-Restaurant-External-ID HTTP header, for example, if the webhook update is for a low_quantity event, this header identifies the restaurant where the inventory quantity is low. This header is omitted if the triggering event has not occurred at a restaurant, for example, the header is omitted for the Partners webhook event types because those events are triggered by changes to a partner's status, not changes to a restaurant's status.


The event category, for example, partners or stock.